Cybersecurity—what is your district’s story?

DA’s technology-editor-at-large Lenny Schad discusses how districts can better prepare for cyberattacks
By: | December 5, 2019
Education leaders need to take a proactive role in driving cybersecurity efforts within their institutions to mitigate attacks from both inside and outside sources.Education leaders need to take a proactive role in driving cybersecurity efforts within their institutions to mitigate attacks from both inside and outside sources.

Every week there is a new story about a K-12 school system being hit with some type of cyberattack. 

For the second year in a row, CoSN’s annual leadership survey ranks cybersecurity as the top priority for school IT leaders. CoSN also identifies the top five cybersecurity activities affecting K12 school system as:

  • phishing
  • distributed denial of service (DDOS)
  • data breach
  • ransomware
  • Internet of Things (IoT)

At a recent gathering of nearly 80 CIOs from various-sized districts across the country, the following question was asked: How many of you in the room have been affected by some type of cyber incident? 

Virtually every hand in the room went up in the air without hesitation. Many school systems had multiple incidents that needed to be dealt with in the last year.  

While the number of cyber incidents is on the rise, there is still a portion of school leadership who believe they are somehow less of a target and therefore don’t have to spend as much time and resources on cybersecurity as the “big” districts.  

In 2018, more than 25 percent of all cybersecurity incidents affected districts and charter schools enrolling fewer than 2,500 students, according to the K-12 Cybersecurity Resource Center, which specifically tracks digital attacks on school districts. One third of incidents affected districts that enrolled between 2,500 and 9,999 students. 

No school district—rural, suburban or urban—should have a mentality they are less of a target. As it relates to cybersecurity incidents, every school system needs to accept the new reality is “When,” not “If.”

Defining roles and responsibilities

Many superintendents and school boards view cybersecurity as a “technology” issue. In reality, cybersecurity needs to have shared ownership between the school board, superintendent and IT leaders.

Cybersecurity is defined as, “technologies, processes, and practices designed to protect networks, devices, programs and data from attack, damage, or unauthorized access.” 

This definition really breaks down to three key elements: technology, process, and practice. While the technology element is the responsibility of the IT team, it is the other two elements—processes and practices—that should have shared responsibility and ownership with the school board, superintendent and IT leader.

The goal for any school system regarding cybersecurity should be to have a clear understanding of: incident response protocol; the roles and responsibilities of the school board, superintendent and IT department; awareness campaigns; aligned accountability; and accepted accountability.

Expertise for district leaders

In part II of this series, I will outline a set of questions that should be discussed between the superintendent and technology leader. These questions will begin to formalize and define answers to the aforementioned roles and responsibilities. 

This discussion should help a superintendent understand the real threat of cybersecurity and, more importantly, their role in addressing and managing threats. The process of how to engage the school board into the cybersecurity discussion will also be covered.

To provide more strategies about leading a technology team, I am excited to announce the 2020 schedule for District Administration’s CIO Summits and Academies.

Our 2020 CIO Summit series will focus on leading trends and issues facing K-12 technology leaders. We have engaged a powerhouse lineup of speakers who will provide practical leadership and strategic practices you can take back to your district. 

Beyond our speakers, there will be hands-on learning activities that will allow you to dig deeper into the content presented. Lastly, you will spend two and a half days working closely with your peers, and establishing new and long-lasting professional relationships. We will have two CIO Summits: October 14-16 in Chicago; and November 18-20 in Long Beach, California.

The 2020 CIO Academy cohorts are intended for current CIOs, aspiring CIOs, technology leaders and leadership team members. The Academy will provide hands-on learning opportunities in areas such as leadership, governance, organizational change management, project management and cybersecurity.  

These events will be a great opportunity for individuals or teams to receive deep professional leadership development specifically tailored for K-12 technology departments.  

We have two different cohort opportunities:

  • Cohort 1: April 2-4 and May 7-9 in Long Beach
  • Cohort 2: October 8-10 and November 5-7 in Dallas

To register, or to learn more about our Summits and Academies, visit the DA Leadership Institute.


Interested in edtech? Keep up with DA's Future of Education Technology Conference®.