Special Report
IT Infrastructure & Management

4 Big Cybersecurity Priorities for Schools: Training, Purchasing, Monitoring, and Budgeting

By Mark Lieberman — March 17, 2020 4 min read
BRIC ARCHIVE
  • Save to favorites
  • Print

Cyberattacks are on the rise in computer networks across the country, leaving many schools scrambling to contain threats and educate communities on device etiquette. To get a better sense of what’s working to address this challenge, Education Week partnered with the Consortium for School Networking, or CoSN, to survey 513 K-12 technology leaders on how they are dealing with the latest cybersecurity challenges. Education Week followed up with interviews of chief technology officers to better understand what approaches are working to curb and clean up cyberattacks. Here are four key areas ed-tech leaders should address:

Training

The survey of K-12 technology leaders featured a list of techniques for dealing with cybersecurity challenges, asking them to mark “yes” for the ones that apply and “no” for the ones that don’t. Techniques involving training ranked highest: 77 percent of respondents said they’re training IT staff, 69 percent said they’re encouraging staff members to upgrade passwords, and 63 percent said they’re working on training end users, such as teachers and students.

A little more than a year ago, Keith Bockwoldt was promoted to chief information officer for Hinsdale Township High School District 86 in Illinois. Only a few months after he started in the role, a teacher clicked on an email that purported to be from a former student. It ended up creating a malware infection that required Bockwoldt to tap into cybersecurity insurance for the first time in his 21 years working in the district.

That experience underscored for him the importance of arming teachers with knowledge of real-world situations in which they can play a major role. Bockwoldt started offering lessons to teachers during their prep periods, showing them videos that opened a window into a day in the life of a hacker.

“They were like, ‘Wow, that really happens,’ ” Bockwoldt said. “It really gave them an awareness.”

Bockwoldt naturally has had more success getting through to teachers when he speaks “in layman’s terms” rather than overloading them with tech jargon. He also recommends getting the board of education involved in the discussions.

Melissa Tebbenkamp, the director of instructional technology for the Raytown Quality schools in Missouri, said her team tries to engage teachers with humor, tossing memes into short weekly emails to keep the issues top of mind throughout the year.

Training has made a difference, Bockwoldt said. He’s started getting more suspicious emails forwarded to him from teachers who haven’t opened them.

Purchasing

Tackling cybersecurity often means acknowledging areas where the school needs outside help. Sixty-three percent of respondents to the CoSN/Education Week survey said they’re purchasing specific cybersecurity products and services.

Diane Doersch, who retired last year as chief technology and information officer for the Green Bay public schools in Wisconsin, likes the tool ClassLink, which provides single sign-on infrastructure for online applications, keeping the data secure. In general, she found that the most valuable way to get the most out of products was to meet regularly with the companies that provide them.

“I had quarterly meetings with the company that provided our firewall,” Doersch said. “They had the very specifics on how many times your district was pinged by a foreign nation.”

Tebbenkamp is less bullish on the potential for outside companies to help schools. “There’s a lot of products and services out on the market that aren’t a good fit for us,” she said. “Every district should take the time to evaluate whether it’s a good fit.”

She’s found that many existing products have cheaper open-source alternatives. Sometimes, an investment is worthwhile, such as an intrusion-detection system that scans her district’s online traffic, identifies threats, and paints a picture of the district’s normal traffic patterns. Tebbenkamp said the investment was small but the district got a lot out of it.

Monitoring

More than half of survey respondents said they’re engaged in real-time monitoring to detect security threats. School networks present an overwhelming amount of information, Tebbenkamp said. It’s important to prioritize—she deputizes two people each morning to look at dashboards, scan daily reports, and flag items that appear out of the ordinary. Part of her team combs through news threads and weekly briefings; if one person doesn’t catch something, another might.

“I think the biggest piece is what data do you really need to be looking at. You need to establish: What logs should you be collecting and reviewing? What network activities do you need to be monitoring?” Tebbenkamp said. She’s also resigned herself to accepting that “something slips through the cracks” no matter how much monitoring takes place.

Budgeting

Resources are always at a premium in K-12 schools, which means finding adequate funds for cybersecurity initiatives can be challenging. Only 12 percent of survey respondents said their district has a budget line item for cybersecurity, and just 20 percent have created a cybersecurity team.

Tebbenkamp said in a perfect world, she would add a chief privacy officer, rather than having her network system administrator lead her security team, and hire a data-security specialist. More cybersecurity experts couldn’t hurt, she said. But she’s found success with designating a “core group of individuals” on her broader team who have cybersecurity among their duties.

“They’re not going to have all that knowledge, so you need all of your key knowledge stakeholders to be part of a team so you’re not making decisions in isolation,” she said.

Added Hinsdale High’s Bockwoldt, “I’ve seen that happen at so many places: You didn’t have the processes in place to take care of it. All of a sudden, something bad happens, you’re throwing all kinds of money at it,” he said. “Having that conversation at a cabinet level is extremely important.”

Events

Ed-Tech Policy Webinar Artificial Intelligence in Practice: Building a Roadmap for AI Use in Schools
AI in education: game-changer or classroom chaos? Join our webinar & learn how to navigate this evolving tech responsibly.
Education Webinar Developing and Executing Impactful Research Campaigns to Fuel Your Ed Marketing Strategy 
Develop impactful research campaigns to fuel your marketing. Join the EdWeek Research Center for a webinar with actionable take-aways for companies who sell to K-12 districts.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Webinar
Navigating Cybersecurity: Securing District Documents and Data
Learn how K-12 districts are addressing the challenges of maintaining a secure tech environment, managing documents and data, automating critical processes, and doing it all with limited resources.
Content provided by Softdocs

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure & Management Leader To Learn From Through Wars, Tornadoes, and Cyberattacks, He's a Guardian of Student Privacy
Jun Kim, the technology director in Moore, Okla., works to make the most of innovations—without endangering student data.
11 min read
Jun Kim, Director of Technology for Moore Public Schools, center, leads a data privacy review meeting on Dec. 13, 2023 in Moore, Okla.
Jun Kim, director of technology for the Moore public schools in Moore, Okla., leads a data privacy review for staff.
Brett Deering for Education Week
IT Infrastructure & Management One Solution to Maintaining 1-to-1 Devices? Pay Students to Repair Them
Hiring students to help with the repair process is one way school districts are ensuring the sustainability of their 1-to-1 programs.
4 min read
Sawyer Wendt, a student intern for the Altoona school district’s IT department, repairs a Chromebook.
Sawyer Wendt, who's been a student intern for the Altoona district's tech department since junior year, is now studying IT software development in college.
Courtesy of Jevin Stangel, IT technician for the Altoona school district
IT Infrastructure & Management Schools Get Relief on Chromebook Replacements. Google Extends Device Support to 10 Years
Schools have typically had to replace Chromebooks every three to five years.
4 min read
Photo of teacher working with student on laptop computer.
iStock / Getty Images Plus
IT Infrastructure & Management What We Know About District Tech Leaders, in Charts
Male chief technology officers in K-12 tend to come from technological backgrounds while most female tech leaders are former teachers.
1 min read
Illustration concept of leadership, using wooden cut-out figures and arrows.
Liz Yap/Education Week via Canva