Heighten K-12 cybersecurity awareness
In this unit, you explore key findings from the Protecting Our Future Report, released in January 2023, and self-assess your organization’s knowledge and readiness to implement cybersecurity measures. This report was created in collaboration between the Cybersecurity and Infrastructure Security Agency (CISA) and education industry stakeholders and provides context for the cyber risks that schools face as well as recommendations that schools should follow.
The K-12 Cybersecurity Act
On October 8, 2021, the US Congress passed the K-12 Cybersecurity Act. This legislation outlined several steps forward in the fight against cyber threats. Specifically, it required CISA to:
- Conduct a comprehensive study of the specific risks impacting K-12 institutions.
- Develop recommendations for cybersecurity guidelines for K-12 schools, based on the results of the study.
- Create a training toolkit for school officials.
CISA recommendations
Among the data and results from the study, CISA published several key findings and recommendations to safeguard K-12 organizations from cybersecurity threats.
K-12 institutions can take a few steps to greatly reduce cybersecurity risk. Leaders should invest in security measures with the greatest impact and build toward a mature cybersecurity plan.
Key goals:
- Implement multifactor authentication (MFA)
- Prioritize patch management
- Perform and test back-ups
- Minimize exposure to common attacks
- Develop and exercise an incident response plan
- Create a training and awareness campaign at all levels
Many districts struggle with insufficient resources and cybersecurity capacity. Leaders should identify resource constraints and take creative approaches to secure the necessary funding and services.
Key goals:
- Partner with state organizations
- Seek and apply for cybersecurity grants
- Use free or low-cost tools and services
- Demand higher security controls from technology providers
- Migrate IT services to the cloud
No K-12 entity can single-handedly address cybersecurity on their own. Information sharing and collaboration with partners is essential to build awareness and sustain resilience.
Key goals:
- Participate in state, regional, or national cybersecurity discussions
- Join communities and forums to share experiences
- Share information with CISA and the FBI
These key findings, along with the recommended action steps, form the foundation of your personal journey through this module.
Next steps
- Complete the K-12 Cybersecurity Self-Assessment from K12 Security Information eXchange to help determine your organization’s readiness to implement cybersecurity measures.
- When you're finished, save or print a copy of your personalized report. You can use the results to help plan your school’s pathway through the module.
- Take some time with your cybersecurity team to review the results of the self-assessment. In the next few units, you identify steps that your team should prioritize based on the gaps that you identified.