Making the Cybersecurity Grade: How K-12 Schools Can Protect Data and IT Resources

As threats to K-12 schools rise, VP Brandon Shopp offers four solutions K – 12 schools can implement to combat the growing number of cybersecurity attacks.


Cyberattacks on our nation’s K–12 schools are on the rise. Since 2016, there have been 1,180 cyber-related incidents in K–12 public schools, and this number continues to grow. With the shift to online and hybrid learning, schools have found themselves more exposed than ever.

With limited resources to defend their IT infrastructures, most K–12 schools are unequipped for the risk posed by today’s ever-evolving threat landscape.

Let’s look at some strategies schools can employ to make the cybersecurity grade.

  1. Ensure Staff and Students Are “Cyber Aware”

A recent Government Accountability Office study of 287 school districts affected by data breaches found most incidents involving K­–12 institutions were caused by staff or students, whether “accidental or intentional.”

This is why educational institutions must work on building their security culture to ensure students, staff, and administrators are “cyber aware.” Knowing how to identify and report a phishing email, practicing password hygiene and not sharing passwords, and other basic security practices can make a significant difference in the posture of any school.

  1. Prioritize and Secure Endpoints

Endpoint protection has always been a fundamental security practice, but as the network perimeter expands to include home networks, it’s now crucial.

Administrators should consider prioritizing high-risk systems or assets, such as data stores or servers, and apply sophisticated endpoint detection to alert them of potential threats. If a violation of the school’s security policies is detected, automated actions can quickly contain threats before sensitive data is compromised.

  1. Segment Users on the School’s Network

Network segmentation is an important strategy for mitigating the risk of a bad actor breaching a student or faculty device and moving laterally across school networks to access sensitive data. Technologies such as software-defined networking (SDN) simplify this process.

An important side benefit of SDN is its ability to improve network performance, since connected devices are only competing with those on the network segment.

  1. Make Access and Identity Management a Priority

With the rise in remote and technology-focused learning, schools must set up strict network access control policies, limiting data access to the people who need it. With these policies in place and the ability to monitor behavior against them, administrators will be in a much stronger position to minimize the impact of threats and act on high-risk access.

Even before the pandemic, bad actors discovered K–12 schools are easy prey and a lucrative source of data. Even as students return to classrooms, it’s highly unlikely the cybersecurity threat will diminish. Establishing cybersecurity strategies like those above can help K–12 IT leaders enhance their cybersecurity maturity and protect students, teachers, staff, and networks.

Read the full EdTech article here.

Thwack - Symbolize TM, R, and C