Special Report
Privacy & Security

Survey: What School District Tech Leaders Are Saying About Cybersecurity

By Holly Kurtz — March 19, 2019 5 min read
  • Save to favorites
  • Print

District tech leaders have different concerns about cybersecurity, and different strategies for addressing those concerns, which vary by the size of their school systems. Compared to their rural counterparts, administrators from big-city districts are more likely to say their worries about protecting their K-12 systems are on the rise—and they’re more likely to have begun implementing formal password-management policies and measures.

That’s according to a survey conducted by the Consortium for School Networking and the Education Week Research Center of more than 300 ed-tech leaders.

Overall, 68 percent of leaders say that student-data privacy and security is a somewhat or much more important priority this year compared with last year.

That share rises to 82 percent for administrators from urban school districts. By comparison, it’s 68 percent for suburban leaders and 64 percent for their rural peers.

This is not to say that student data privacy and security are unimportant to leaders from rural districts. They may have more basic concerns—like accessing the internet in the first place. Even as the percentage of U.S. schools with WiFi skyrocketed from 30 percent to 98 percent between 2013 and 2018—according to data from the nonprofit EducationSuperHighway—many rural schools continue to face challenges merely getting connected.

But within the biggest K-12 systems, cybersecurity is seen as an urgent problem.

One hundred percent of leaders from large districts with more than 50,000 students report that student data privacy and security is a somewhat or much more important priority this year compared with last year. That percentage falls to 63 percent for those from small districts with fewer than 1,000 students.

Across the country, worries about cybersecurity among tech leaders from districts of all sizes have soared over the past few years, notes Keith Krueger, the chief executive officer of the Consortium for School Networking. But the challenges that rural school systems face in protecting themselves from cyber threats are especially acute, he said.

If the largest school K-12 districts are scrambling to keep up, “one can only imagine the challenge for small school systems with no technical staff,” Krueger explained. “The best you can do is [find out] what best practice is, implement that, and make sure your school board and your superintendent understand that these are the steps worth taking—and that even with those best steps, bad things can happen.”

Shunning Password Protections

All districts face hurdles in responding to threats and in creating safeguards that are both effective and reasonably easy to manage, said Keith Bockwoldt, the chief information officer for the 4,500-student Hinsdale High School District in Illinois.

About This Report

This Education Week examination of K-12 cybersecurity is the second of three special reports focused on the needs of K-12 district technology leaders, including chief technology officers. Each report in the series features exclusive results of a new, nationally representative survey of CTOs, conducted by the Consortium for School Networking, an organization representing K-12 district technology officials.

Larger systems, for instance, face more complex challenges in protecting data and training staff because of their size and getting everyone on board with their policies, said Bockwoldt, who serves on CoSN’s cybersecurity advisory committee.

“The threats are there, whatever classification you’re in,” Bockwoldt said. In that sense, “everyone is in the same boat.”

Concerns about student data privacy and security are not the only aspects of cybersecurity in which large and urban district leaders differ from their small and rural peers.

Large and urban leaders also approach password management differently than do their peers from smaller, rural and suburban districts.

For example, just over half (56 percent) of all K-12 leaders say their districts have formal password policies that are widely followed. Seventy-two percent of urban leaders say they have widely-followed formal password policies. That’s compared with 62 percent of suburban administrators and less than half (41 percent) of their rural counterparts. In fact, nearly 1 in 3 (29 percent) of rural leaders report that their districts do not have formal password policies although staff members are regularly encouraged to use best practices for password management.

‘This Is Crazy’

Timothy Smith, the supervisor of instructional practice and technology integration for the Red Lion Area School District in Pennsylvania, said tech leaders in rural K-12 systems may have a harder time than their urban peers imagining that malicious actors will target their schools.

District officials in smaller districts may think, “Why would they focus on me? Why would there be a hacker or someone who wants to dig into the data that we have?” said Smith, whose district has 6,100 students.

Smaller districts are much less likely to have full time chief technology officers than larger districts, according to federal data. Because rural tech leaders are juggling so many duties, making progress on even relatively simple cybersecurity steps can be difficult, said Smith.

See Also

On-Demand Webinar: Attacking the K-12 Cybersecurity Challenge

K-12 districts face an array of threats from cyberattacks and security breaches. In this Education Week webinar, staff writer Benjamin Herold talks with guests about how district leaders can secure data and networks and insulate schools from bad actors.

Register now.

Despite those odds, his district has taken steps to tighten the security reins.

Three years ago, his school system put in place stronger protocols for password security. Smith had assumed everyone would be on board with the measure, but he still gets resistance.

“I was really surprised by that,” he said. “Every 120 days, without fail, I will get one or two or three staff members who will reach out to me and say this is crazy [to change passwords].”

‘Protect Data at All Costs’

The COSN/EdWeek survey found that 100 percent of large district leaders have formal, widely-followed password policies. That share falls to 43 percent for administrators from small districts.

In addition to examining formal password policies, the survey also asked leaders if their districts had implemented 13 different types of security measures related to passwords, including requiring passwords to be of minimal complexity and/or length (84 percent); prohibiting password sharing (73 percent) and locking accounts after a specified number of unsuccessful log-in attempts (62 percent). Urban leaders are more likely than their rural or suburban peers to have implemented 11 of the 13 measures. For example, 96 percent of urban leaders say they require minimum lengths and levels of complexity for passwords, compared with 86 percent of suburban respondents and 76 percent from rural areas.

Similarly, 87 percent of urban respondents said their districts prohibit password sharing, compared with 78 percent of suburban leaders and 66 percent of their rural counterparts.

Leaders from larger districts are also more likely than those from the smallest districts to report that they had implemented the 13 security measures.

For many districts, no matter what their size, effective cybersecurity means thinking differently about the obligations they have to protect students, said Smith.

Just as schools establish physical barriers to make sure access to their campuses are controlled, he argued, “we need to be the beacon that will protect data at all costs.”


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Classroom Technology Webinar
Academic Integrity in the Age of Artificial Intelligence
As AI writing tools rapidly evolve, learn how to set standards and expectations for your students on their use.
Content provided by Turnitin
Recruitment & Retention Live Online Discussion A Seat at the Table: Chronic Teacher Shortage: Where Do We Go From Here?  
Join Peter DeWitt, Michael Fullan, and guests for expert insights into finding solutions for the teacher shortage.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Reading & Literacy Webinar
The Science of Reading: Tools to Build Reading Proficiency
The Science of Reading has taken education by storm. Learn how Dr. Miranda Blount transformed literacy instruction in her state.
Content provided by hand2mind

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security District Leaders Are More Worried Than Ever About Data Privacy. New Center Aims to Help
Parents are asking more questions about data privacy issues related to the technologies schools are using.
2 min read
Data security and privacy concept. Visualization of personal or business information safety.
iStock/Getty Images Plus
Privacy & Security Most Teachers Think Cyberattacks Won't Affect Schools. District Leaders Disagree
Teachers and district leaders perceive cybersecurity vulnerabilities differently, according to a survey.
3 min read
Illustration of cloud computing and lock.
iStock / Getty Images Plus
Privacy & Security How Can Schools Reduce the Risk of Cyberattacks?
Cyberattacks are costly to K-12 schools, not just in terms of money, but also in how much instructional time students lose.
2 min read
Silhouette of a hacker in a hoodie using laptop with binary code overlay.
iStock/Getty Images Plus
Privacy & Security VR Devices Collect 'Intimate' Data, Lack Privacy Protections. Should Schools Invest?
A nonprofit examined the most popular VR devices on the market and found privacy problems with all of them.
4 min read
Blue line man with red VR headset looks at the top left angle where there is the blue light.
iStock/Getty Images Plus