Since the pandemic, cybersecurity has become one of the most troubling issues for K12 technology leaders. The rapid expansion of education technology solutions coupled with remote learning opportunities created multiple avenues for cybercriminals to creep their way into educational institutions and students’ networks. Unfortunately, it’s a trend that’s persisted since.
Just the other week, Pulaski County Public Schools in Virginia was hit with a cyberattack that caused “irregularities” in their system, according to a Facebook statement from the district.
Around the same time in Colorado, Jeffco Public Schools was forced to temporarily shut down in response to a cyber threat that impacted both employees and students. The hacker allegedly gained unauthorized access to their online accounts, according to CBS News Colorado.
At a time when cyber threats are more common than ever, K12 IT leaders must ensure they have all the right safeguards in place to ensure the protection of their students and staff. And the best way to do that is by knowing what to expect and anticipating the threat before it arrives.
District Administration spoke with Tim Chadwick, chief information security officer at LINQ, a K12 cloud-based solutions company, to get his insight on what he advises for school leaders in 2024 regarding the cybersecurity landscape.
Undoubtedly, 2023 has proven itself difficult for school districts. Now that schools are already nearing the halfway mark of the school year, IT leaders should begin reflecting and assessing their cybersecurity strategies. According to Chadwick, it should become an even greater priority.
“2023 has been a tough year for K12 cybersecurity, and some states and local education entities are not taking it as seriously as they should,” he says. “District and school leadership must make cybersecurity a priority with careful planning and preparation and include all appropriate experts and advisors. This means creating a comprehensive plan with protocols before an incident happens that is tested and scrutinized, so that if a cyberattack occurs, it will have minimal impact on student learning.”
In recent months, we’ve come to learn that double extortion has become one of the most popular tactics used by cybercriminals in their attacks against schools. Unfortunately, paying off a ransom won’t guarantee that your student and staff data will be protected. Often times these criminals post this information on the dark web anyway. Chadwick says in order to combat this, leaders must enforce “zero trust approaches.”
“School districts that want to prevent data ransoms can implement the zero trust approaches, requiring validation at every stage, as well as prioritize staff and parent training, restrict access to databases, and apply different security measures to segments of data within their system—this is called micro-segmentation,” he explains. “These approaches can help minimize the risk of security breaches and protect more data even if an attack occurs.”
More from DA: Addressing school safety’s ‘wicked problem’: Guns at school
As for 2024, he says he hopes to see schools carefully organize their budgets so that cybersecurity doesn’t become an afterthought once pandemic federal funding dries up.
“Due to several factors, like restricted budgets, staffing shortages and the sunsetting of ESSER funds, schools have been slow to adopt modern cybersecurity solutions,” he says. “As more federal and state support becomes available, schools will modernize their systems. It is important, however, to remember that these investments are critical for effective operations and the overall health of a district regardless and should be a priority in budget planning.”
Although cyberattacks and ransomware continue to plague school districts across the country, Chadwick notes that this increased attention has resulted in an abundance of free cybersecurity resources from government agencies and various non-profits. He recommends that K12 leaders become familiar with these helpful tools from organizations like K12 SIX, CISA K-12, Schoolsafety.gov and NIST.
