Special Report
Privacy & Security

Survey: What School District Tech Leaders Are Saying About Cybersecurity

By Holly Kurtz — March 19, 2019 5 min read
BRIC ARCHIVE

District tech leaders have different concerns about cybersecurity, and different strategies for addressing those concerns, which vary by the size of their school systems. Compared to their rural counterparts, administrators from big-city districts are more likely to say their worries about protecting their K-12 systems are on the rise—and they’re more likely to have begun implementing formal password-management policies and measures.

That’s according to a survey conducted by the Consortium for School Networking and the Education Week Research Center of more than 300 ed-tech leaders.

Overall, 68 percent of leaders say that student-data privacy and security is a somewhat or much more important priority this year compared with last year.

That share rises to 82 percent for administrators from urban school districts. By comparison, it’s 68 percent for suburban leaders and 64 percent for their rural peers.

This is not to say that student data privacy and security are unimportant to leaders from rural districts. They may have more basic concerns—like accessing the internet in the first place. Even as the percentage of U.S. schools with WiFi skyrocketed from 30 percent to 98 percent between 2013 and 2018—according to data from the nonprofit EducationSuperHighway—many rural schools continue to face challenges merely getting connected.

But within the biggest K-12 systems, cybersecurity is seen as an urgent problem.

One hundred percent of leaders from large districts with more than 50,000 students report that student data privacy and security is a somewhat or much more important priority this year compared with last year. That percentage falls to 63 percent for those from small districts with fewer than 1,000 students.

Across the country, worries about cybersecurity among tech leaders from districts of all sizes have soared over the past few years, notes Keith Krueger, the chief executive officer of the Consortium for School Networking. But the challenges that rural school systems face in protecting themselves from cyber threats are especially acute, he said.

If the largest school K-12 districts are scrambling to keep up, “one can only imagine the challenge for small school systems with no technical staff,” Krueger explained. “The best you can do is [find out] what best practice is, implement that, and make sure your school board and your superintendent understand that these are the steps worth taking—and that even with those best steps, bad things can happen.”

Shunning Password Protections

All districts face hurdles in responding to threats and in creating safeguards that are both effective and reasonably easy to manage, said Keith Bockwoldt, the chief information officer for the 4,500-student Hinsdale High School District in Illinois.

About This Report

This Education Week examination of K-12 cybersecurity is the second of three special reports focused on the needs of K-12 district technology leaders, including chief technology officers. Each report in the series features exclusive results of a new, nationally representative survey of CTOs, conducted by the Consortium for School Networking, an organization representing K-12 district technology officials.

Larger systems, for instance, face more complex challenges in protecting data and training staff because of their size and getting everyone on board with their policies, said Bockwoldt, who serves on CoSN’s cybersecurity advisory committee.

“The threats are there, whatever classification you’re in,” Bockwoldt said. In that sense, “everyone is in the same boat.”

Concerns about student data privacy and security are not the only aspects of cybersecurity in which large and urban district leaders differ from their small and rural peers.

Large and urban leaders also approach password management differently than do their peers from smaller, rural and suburban districts.

For example, just over half (56 percent) of all K-12 leaders say their districts have formal password policies that are widely followed. Seventy-two percent of urban leaders say they have widely-followed formal password policies. That’s compared with 62 percent of suburban administrators and less than half (41 percent) of their rural counterparts. In fact, nearly 1 in 3 (29 percent) of rural leaders report that their districts do not have formal password policies although staff members are regularly encouraged to use best practices for password management.

‘This Is Crazy’

Timothy Smith, the supervisor of instructional practice and technology integration for the Red Lion Area School District in Pennsylvania, said tech leaders in rural K-12 systems may have a harder time than their urban peers imagining that malicious actors will target their schools.

District officials in smaller districts may think, “Why would they focus on me? Why would there be a hacker or someone who wants to dig into the data that we have?” said Smith, whose district has 6,100 students.

Smaller districts are much less likely to have full time chief technology officers than larger districts, according to federal data. Because rural tech leaders are juggling so many duties, making progress on even relatively simple cybersecurity steps can be difficult, said Smith.

See Also

On-Demand Webinar: Attacking the K-12 Cybersecurity Challenge

K-12 districts face an array of threats from cyberattacks and security breaches. In this Education Week webinar, staff writer Benjamin Herold talks with guests about how district leaders can secure data and networks and insulate schools from bad actors.

Register now.

Despite those odds, his district has taken steps to tighten the security reins.

Three years ago, his school system put in place stronger protocols for password security. Smith had assumed everyone would be on board with the measure, but he still gets resistance.

“I was really surprised by that,” he said. “Every 120 days, without fail, I will get one or two or three staff members who will reach out to me and say this is crazy [to change passwords].”

‘Protect Data at All Costs’

The COSN/EdWeek survey found that 100 percent of large district leaders have formal, widely-followed password policies. That share falls to 43 percent for administrators from small districts.

In addition to examining formal password policies, the survey also asked leaders if their districts had implemented 13 different types of security measures related to passwords, including requiring passwords to be of minimal complexity and/or length (84 percent); prohibiting password sharing (73 percent) and locking accounts after a specified number of unsuccessful log-in attempts (62 percent). Urban leaders are more likely than their rural or suburban peers to have implemented 11 of the 13 measures. For example, 96 percent of urban leaders say they require minimum lengths and levels of complexity for passwords, compared with 86 percent of suburban respondents and 76 percent from rural areas.

Similarly, 87 percent of urban respondents said their districts prohibit password sharing, compared with 78 percent of suburban leaders and 66 percent of their rural counterparts.

Leaders from larger districts are also more likely than those from the smallest districts to report that they had implemented the 13 security measures.

For many districts, no matter what their size, effective cybersecurity means thinking differently about the obligations they have to protect students, said Smith.

Just as schools establish physical barriers to make sure access to their campuses are controlled, he argued, “we need to be the beacon that will protect data at all costs.”

Events

Classroom Technology Webinar Making Big Technology Decisions: Advice for District Leaders, Principals, and Teachers
Educators at all levels make decisions that can have a huge impact on students. That’s especially true when it comes to the use of technology, which was activated like never before to help students learn
Professional Development Webinar Expand Digital Learning by Expanding Teacher Training
This discussion will examine how things have changed and offer guidance on smart, cost-effective ways to expand digital learning efforts and train teachers to maximize the use of new technologies for learning.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Well-Being Webinar
The Social-Emotional Impact of the Covid-19 Pandemic on American Schoolchildren
Hear new findings from an analysis of our 300 million student survey responses along with district leaders on new trends in student SEL.
Content provided by Panorama

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Spotlight Spotlight on Lessons Learned: Digital Safety
In this Spotlight, review ways you should be approaching student and system data, discover how others teach digital safety, and more.
Privacy & Security Quiz Quiz: How Much Do You Know About Protecting Students During Remote Learning?
Quiz Yourself: What should you know about storing video content involving students?
Privacy & Security Spotlight Spotlight: Online Student Safety
In this Spotlight, assess possible digital vulnerabilities, learn how students may be partaking in digital self-harm, and more.
Privacy & Security Download Cyberattacks Are on the Rise. Here's How Schools Should Respond (Downloadable Guide)
When hackers disrupt a district's network, consequences can be wide-ranging, from unexpected costs to communication challenges.
1 min read
Conceptual image showing varying shades of blue and white numbers representing data and a lock with a computer's power button inside the lock's key hole.
Vitalii Gulenok/iStock/Getty Images Plus