Current landscape of K-12 cybersecurity

Completed

In this unit, you learn about the current K-12 cybersecurity landscape. You're also introduced to how you, as an education leader, can help mitigate cybersecurity risks.

In recent years, cyberattacks on K-12 schools surged due to an increasing reliance on digital technology for teaching and learning. Tools like online platforms and student information systems make schools prime targets for cybercriminals exploiting vulnerabilities. Limited resources and information technology (IT) expertise can also make schools easier targets when compared to other entities. These attacks disrupt operations, compromise data, and can endanger students and staff. The potential impact is massive, given the roughly 50 million K-12 students in the United States alone.

Attacks ranging from the Los Angeles Unified School District ransomware attack to the learning interruptions during virtual classes are becoming more common, more targeted, more disruptive, and more costly than before. Since 2016, the K12 Security Information eXchange cataloged over 1,619 incidents, a rate of more than one incident per school day.

Source: Cybersecurity & Infrastructure Security Agency

Risks and challenges to school cybersecurity

Effective leaders understand that change begins with first understanding the challenges they face. As schools increasingly rely on digital technologies, the risks and challenges of cybersecurity are becoming more complex and require a proactive and ongoing approach to mitigation.

Learn about some of the current cybersecurity challenges in today's schools:

• Microsoft Security Intelligence reported more than 7.1 million malware encounters on education devices in December 2022.
• Education represented over 80% of total reported malware encounters across all industries according to Microsoft Security Intelligence.
• Microsoft security tools block 710 million phishing emails each week according to the Microsoft 2022 Digital Defense Report.
• Data breaches cost educational institutions an average of $3.86 million in 2022 according to a report from IBM.

Prioritize alignment and communication

Securing K-12 data and systems is challenging due to evolving cyber threats. Effective leadership and a cybersecurity culture are crucial. A strong cybersecurity stance requires not only advanced technology and resources but also effective policies, procedures, and trained staff. As a leader, you can take a proactive approach to cybersecurity by prioritizing it through time, support, and resources.

• Staffing decisions: Few districts have roles dedicated to cybersecurity due to funding and workforce constraints. Creating and filling these positions is challenging. Even districts with cybersecurity staff require ongoing training to stay updated on trends, threats, and solutions.
• Funding decisions: Investing in cybersecurity shows commitment to modern, secure learning. Besides staffing, districts need funds for cybersecurity tools. Over two decades, US schools focused on keeping students physically safe. This care should extend to data and privacy protection.

A proactive approach to cybersecurity also includes understanding best practices for mitigating cyber threats. This video provides an overview of recommended practices to keep your institution secure. Consider how these best practices affect the current approach to cybersecurity in your own organization.

Establish a cybersecurity plan

As a school leader, you shape roles and responsibilities for cybersecurity. A comprehensive cybersecurity plan preempts incidents, requiring you to think proactively, reactively, and reflectively. Throughout this module, you learn strategies and actionable steps to include in your plan regarding mitigation, training, remediation, and communication.

Next steps

1. Take a moment to explore cybersecurity incidents in your local region.
2. Explore some of the ways you, as a K-12 leader, can work toward establishing a cybersecurity culture that is responsive and open to change.
   • Establish clear expectations: Think about your current communication channels. How can you best communicate straightforward and concise cybersecurity policies that outline the expectations for students, staff, and faculty regarding the use of technology and data security?
   • Communicate regularly and often: Where do you see opportunities to conduct regular cybersecurity trainings and communicate updates to raise awareness about the latest threats and best practices for protecting sensitive data?
   • Foster a culture of accountability: How do you currently encourage reporting of incidents and violations of the cybersecurity policy? Where do you see opportunities to highlight proactive compliance and positive outcomes?
   • Engage with parents and guardians: How do you currently engage families for school-related events and information? Where do you see opportunities to include information about cybersecurity?
   • Evaluate and improve: Where do you see opportunities to open the lines of communication about lessons learned and bring others into the decision-making process?