Special Report
IT Infrastructure & Management

4 Big Cybersecurity Priorities for Schools: Training, Purchasing, Monitoring, and Budgeting

By Mark Lieberman — March 17, 2020 4 min read
BRIC ARCHIVE
  • Save to favorites
  • Print

Cyberattacks are on the rise in computer networks across the country, leaving many schools scrambling to contain threats and educate communities on device etiquette. To get a better sense of what’s working to address this challenge, Education Week partnered with the Consortium for School Networking, or CoSN, to survey 513 K-12 technology leaders on how they are dealing with the latest cybersecurity challenges. Education Week followed up with interviews of chief technology officers to better understand what approaches are working to curb and clean up cyberattacks. Here are four key areas ed-tech leaders should address:

Training

The survey of K-12 technology leaders featured a list of techniques for dealing with cybersecurity challenges, asking them to mark “yes” for the ones that apply and “no” for the ones that don’t. Techniques involving training ranked highest: 77 percent of respondents said they’re training IT staff, 69 percent said they’re encouraging staff members to upgrade passwords, and 63 percent said they’re working on training end users, such as teachers and students.

A little more than a year ago, Keith Bockwoldt was promoted to chief information officer for Hinsdale Township High School District 86 in Illinois. Only a few months after he started in the role, a teacher clicked on an email that purported to be from a former student. It ended up creating a malware infection that required Bockwoldt to tap into cybersecurity insurance for the first time in his 21 years working in the district.

That experience underscored for him the importance of arming teachers with knowledge of real-world situations in which they can play a major role. Bockwoldt started offering lessons to teachers during their prep periods, showing them videos that opened a window into a day in the life of a hacker.

“They were like, ‘Wow, that really happens,’ ” Bockwoldt said. “It really gave them an awareness.”

Bockwoldt naturally has had more success getting through to teachers when he speaks “in layman’s terms” rather than overloading them with tech jargon. He also recommends getting the board of education involved in the discussions.

Melissa Tebbenkamp, the director of instructional technology for the Raytown Quality schools in Missouri, said her team tries to engage teachers with humor, tossing memes into short weekly emails to keep the issues top of mind throughout the year.

Training has made a difference, Bockwoldt said. He’s started getting more suspicious emails forwarded to him from teachers who haven’t opened them.

Purchasing

Tackling cybersecurity often means acknowledging areas where the school needs outside help. Sixty-three percent of respondents to the CoSN/Education Week survey said they’re purchasing specific cybersecurity products and services.

Diane Doersch, who retired last year as chief technology and information officer for the Green Bay public schools in Wisconsin, likes the tool ClassLink, which provides single sign-on infrastructure for online applications, keeping the data secure. In general, she found that the most valuable way to get the most out of products was to meet regularly with the companies that provide them.

“I had quarterly meetings with the company that provided our firewall,” Doersch said. “They had the very specifics on how many times your district was pinged by a foreign nation.”

Tebbenkamp is less bullish on the potential for outside companies to help schools. “There’s a lot of products and services out on the market that aren’t a good fit for us,” she said. “Every district should take the time to evaluate whether it’s a good fit.”

She’s found that many existing products have cheaper open-source alternatives. Sometimes, an investment is worthwhile, such as an intrusion-detection system that scans her district’s online traffic, identifies threats, and paints a picture of the district’s normal traffic patterns. Tebbenkamp said the investment was small but the district got a lot out of it.

Monitoring

More than half of survey respondents said they’re engaged in real-time monitoring to detect security threats. School networks present an overwhelming amount of information, Tebbenkamp said. It’s important to prioritize—she deputizes two people each morning to look at dashboards, scan daily reports, and flag items that appear out of the ordinary. Part of her team combs through news threads and weekly briefings; if one person doesn’t catch something, another might.

“I think the biggest piece is what data do you really need to be looking at. You need to establish: What logs should you be collecting and reviewing? What network activities do you need to be monitoring?” Tebbenkamp said. She’s also resigned herself to accepting that “something slips through the cracks” no matter how much monitoring takes place.

Budgeting

Resources are always at a premium in K-12 schools, which means finding adequate funds for cybersecurity initiatives can be challenging. Only 12 percent of survey respondents said their district has a budget line item for cybersecurity, and just 20 percent have created a cybersecurity team.

Tebbenkamp said in a perfect world, she would add a chief privacy officer, rather than having her network system administrator lead her security team, and hire a data-security specialist. More cybersecurity experts couldn’t hurt, she said. But she’s found success with designating a “core group of individuals” on her broader team who have cybersecurity among their duties.

“They’re not going to have all that knowledge, so you need all of your key knowledge stakeholders to be part of a team so you’re not making decisions in isolation,” she said.

Added Hinsdale High’s Bockwoldt, “I’ve seen that happen at so many places: You didn’t have the processes in place to take care of it. All of a sudden, something bad happens, you’re throwing all kinds of money at it,” he said. “Having that conversation at a cabinet level is extremely important.”

Events

School Climate & Safety K-12 Essentials Forum Strengthen Students’ Connections to School
Join this free event to learn how schools are creating the space for students to form strong bonds with each other and trusted adults.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Reading & Literacy Webinar
Creating Confident Readers: Why Differentiated Instruction is Equitable Instruction
Join us as we break down how differentiated instruction can advance your school’s literacy and equity goals.
Content provided by Lexia Learning
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
IT Infrastructure & Management Webinar
Future-Proofing Your School's Tech Ecosystem: Strategies for Asset Tracking, Sustainability, and Budget Optimization
Gain actionable insights into effective asset management, budget optimization, and sustainable IT practices.
Content provided by Follett Learning

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

IT Infrastructure & Management It's Not Just About AI. Schools Are Facing 5 Other Tech Challenges, Too
In addition to the use of AI in education, schools must pay attention to several big tech challenges.
4 min read
A cybersecurity icon over a computer classroom seen through a screen of binary code.
Vanessa Solis/Education Week via Canva
IT Infrastructure & Management Ed-Tech Companies Are Vulnerable to Cyberattacks. A New Federal Effort Wants to Help
The Education Department is teaming up with a top research university to stem a wave of cyberattacks on schools.
4 min read
Image of lock on binary code background.
DigitalVision Vectors/Getty
IT Infrastructure & Management Leader To Learn From Through Wars, Tornadoes, and Cyberattacks, He's a Guardian of Student Privacy
Jun Kim, the technology director in Moore, Okla., works to make the most of innovations—without endangering student data.
11 min read
Jun Kim, Director of Technology for Moore Public Schools, center, leads a data privacy review meeting on Dec. 13, 2023 in Moore, Okla.
Jun Kim, director of technology for the Moore public schools in Moore, Okla., leads a data privacy review for staff.
Brett Deering for Education Week
IT Infrastructure & Management One Solution to Maintaining 1-to-1 Devices? Pay Students to Repair Them
Hiring students to help with the repair process is one way school districts are ensuring the sustainability of their 1-to-1 programs.
4 min read
Sawyer Wendt, a student intern for the Altoona school district’s IT department, repairs a Chromebook.
Sawyer Wendt, who's been a student intern for the Altoona district's tech department since junior year, is now studying IT software development in college.
Courtesy of Jevin Stangel, IT technician for the Altoona school district