The key to promoting a culture that values data privacy is communicating the issue in a way that everyone understands it, says one tech leader. Only then will you see results.
Telling folks that multi-factor authentication, for example, will be added to every student and teacher login procedure, while necessary, will always receive some backlash.
“On a seesaw, you’ve got cybersecurity on one side and convenience on the other,” says Mike Shuman, director of technology at Beavercreek City Schools in Ohio. “As soon as cybersecurity gets heavy, convenience goes way down. It’s very inconvenient to be secure.”
The upside, he argues, is that tech leaders like himself are teaching students and staff valuable life skills that extend beyond the classroom. In the real world, he says you aren’t going to use the same password you use for your bank account for your Google login—at least you shouldn’t.
“Everybody should understand what multi-factor authentication is and what strong passwords are,” he says. “Our approach has been a team approach. We all need to take part in it and it’s good for all of us.”
Shuman’s approach to data privacy
During his 29 years in education technology, Shuman has always pushed for strong cybersecurity practices and strategies. This month, the district was recognized by the Consortium for School Networking with the Trusted Learning Environment Seal, a national distinction awarded to school districts implementing rigorous privacy policies to protect student information.
He says it’s a result of a strong buy-in from everyone in the district.
“The district understands the importance of all data,” he says. “We say student data all the time, but truly, all the data we have.”
Earning this award doesn’t mean the battle is over, either, he explains. Cybercriminals are constantly looking for new ways to infiltrate school networks. “We’re in battle and we’re committed to doing better,” Shuman says.
One of the ways he’s keeping data safe is with a software called LearnPlatform that allows him and his team to streamline the vetting of third-party vendors.
For instance, if a teacher comes across a vendor they like at a conference, they can search for that specific product in LearnPlatform and see if the IT team has already reviewed and approved it.
“There’s also the curriculum side,” he says. “Does it fit with the curriculum? We don’t want to bring in software that we don’t need. This is best practice, and there’s a whole district-wide committee that meets to go through those processes.”
Priorities for 2025-26
Preparing for the upcoming school year, Shuman and his team are, like many edtech leaders, focused on disruptive technology like artificial intelligence.
“AI is going to change the way we educate students,” he says. “It’s already changing the world.”
More from DA: Why schools take a long time to report ransomware
He also plans to expand on district priorities, like its CTE cybersecurity program.
“We have several different programs at our high school now,” he says. “We have an IT CTE course, we have cybersecurity, business and medical. Students can graduate with associate’s degrees in their programs.”
He says he also has two students from the cyber program interning for the summer, fixing Chromebooks, updating technology, replacing access points and more.
Advice for leaders
Shuman would tell you that he’s lucky to be in a position where everyone, from the district’s custodians to its administrators, values the work he and his team are doing to keep data safe and secure. “I’m part of an amazing district,” he says.
However, much of that collaboration stems from Shuman’s ability to communicate the importance of the IT team’s work to secure networks. He says he spends a lot of time talking to people in the district about how the IT team can improve operations.
“Scheduling time with your staff is so important,” he says.
Additionally, he recommends that leaders talk about cybersecurity in a way that’s not threatening to let their teams learn a set of life skills that everyone needs in a digitally advanced world.
For example, every October during Cybersecurity Awareness Month, Shuman presents the issue to the school board to keep members up to speed on the threats.
“Our board members are involved in the training, they get phishing attempts, they get the videos, they go through all of it, and it’s keeping them up to date,” Shuman says.
Above all, he says, IT leaders must learn to present logic and data with compassion.
“Don’t die on a hill about using best security practices,” he says. “Evaluate the risk in each situation and when something needs to be done, provide as much help as necessary so that people aren’t inconvenienced.”
