Increasing cybersecurity threats in K-12 education & the Zero Trust solution

While K-12 leaders are invested in advancing digital transformation, most have not prepared for the increasing security threats these technologies have introduced.
Greg Ottinger
Greg Ottinger

The pandemic rapidly accelerated a shift to remote and hybrid operations in K-12 schools across the country and around the world. While significant investments have been made over the last two years to support the digital transformation enabling this shift, learning institutions will need to make continual budget contributions to safely support and sustain remote and hybrid operations for the long term. After two years of rapid technological change, K-12 leaders must look to sustain or increase COVID-era IT spending levels to advance digital transformation initiatives and maturity.  There are five core technologies driving K-12 digital transformation: Collaborative Applications; HR Software, Artificial Intelligence, Virtual Reality, and Analytics. These technologies enable K-12 institutions to be more innovative, collaborative, data-driven, engaging, and people-centric. However, while K-12 leaders are invested in advancing digital transformation and maturity to support a remote and/or hybrid future, most have not prepared for the increasing cybersecurity threats these technologies have introduced.According to a January 2022 Forbes article, external threat actors can penetrate networks of 93 percent of companies – the majority of which likely have larger operating IT budgets than schools. This puts K-12 networks, which have traditionally focused on outdated security aimed at protecting information physically located within schools, at tremendous risk. School districts must look beyond their net

Richard Quinones

work perimeters in order to implement comprehensive and modern cloud-based strategies to reduce cyber risk and protect themselves from breaches. Ideally, K-12 institutions will consider implementing Zero Trust Architecture (ZTA), which completely isolates applications and data ensuring sensitive information is only visible and accessible to trusted users.According to a report by K12 SIX, there were at least 166 reported cyber incidents in schools in 2021, with more than half of those attributed to vulnerabilities introduced by third party agencies working with the district. As leaders this should serve as a staunch reminder that we must not only protect our own networks and data, but also vigorously vet vendors, partners, and those entering our systems to ensure they can be trusted with some of our most sensitive information.Now more than ever, it is the responsibility of schools to protect the digital privacy and information of their students and staff. However, despite being entrusted by families with this serious task, a recent report by Project Tomorrow also found that only 12% of school technology leaders believe their districts’ board members are fully aware of the digital threats their schools face. The same research reported that only 22% of those surveyed believed that school administrators would rank cybersecurity as a “high concern.” This is despite the fact that recent attacks on both large and small districts have caused school closures, had severe financial impacts and resulted in repeated and prolonged disruptions of student learning as well as stolen student data.  Now is the time for school leaders to adopt cybersecurity standards that are adhered to by leading enterprises. This starts with committing to implementing a Zero Trust approach as defined by the National Institute of Standards and Technology, which the White House recently mandated for all federal agencies.Here are three key reasons to position your school district for a move to Zero Trust:

  1. Zero Trust adds more layers of cybersecurity: As the K12SIX report confirms, cyber-attacks on the K-12 sector are increasing and criminals are capable of finding their way past school district perimeter defenses. Zero Trust cybersecurity incorporates a multilayered strategy, allowing school district IT to protect resources instead of your perimeter and monitor for abnormal behavior within school network information systems to prevent unauthorized access.’
  2. Zero Trust secures data accessed from anywhere: More than ever, teachers and students rely on public insecure internet connections to teach, grade assignments, do homework and attend class. Perimeter security, including firewalls and content filters on their own will not protect your district’s data from bad actors.
  3. Zero Trust prepares your district for emergencies: When emergencies arise, Zero Trust cybersecurity is the only method that will make sure your district is prepared. As was the case during outbreaks of COVID-19, districts using a Zero Trust strategy were confident in their ability to provide their students and staff with secure connections to the internet and to the apps they need to learn no matter where users logged in from, or what device they were using.

These are challenging times for K-12 institutions. However, we at iboss have been pleased to see experts across the nation coming together to educate, advocate and support for the securing of school networks. At iboss, we believe real digital transformation begins with implementing Zero Trust enterprise cybersecurity solutions driven by a comprehensive cross organizational strategy and practice.

Greg Ottinger, Ed.D., is former chief business/financial Officer for San Diego Unified School District, and iboss Senior Education Advisor. Richard Quinones is SVP iboss Public Sector.

More from DA

Most Popular