69ý

Privacy & Security

3 Superintendents Share Cybersecurity Best Practices

By Lauraine Langreo — January 10, 2024 3 min read
Image of a red glowing caution sign over a dark field of data.
  • Save to favorites
  • Print
Email Copy URL

Cybersecurity continues to be the No.1 technology concern for district technology leaders as schools have become much bigger targets for cyberattacks.

There have been 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks.

These incidents can cause major disruptions to teaching and learning and to administrative functions in a district. The attacks can also put sensitive data about students and employees at risk. In some cases, school districts have had to shut down schools for several days.

Given those consequences, it’s imperative for district leaders to understand why they need to make cybersecurity a priority.

In a Jan. 8 webinar hosted by the Consortium for School Networking and AASA, the School Superintendents Association, three superintendents shared their best practices for preventing and responding to cyberattacks. They are Peter Aiken of the Central York district in Pennsylvania, Gustavo Balderas of the Beaverton district in Oregon, and Mark Benigni of the Meriden district in Connecticut.

Here are their tips:

Develop a prevention and response plan

The three superintendents underscored the importance of having a plan that will help prevent or discourage cyberattacks, as well as a plan to respond to cyberattacks because they can happen to any district. (In fact, they all said their districts have been hit with some form of cyberattack).

When it comes to preventing attacks, the panelists said providing “continuous” cybersecurity training for students and staff is “critical.” Everyone who uses district technology should be trained on having good online habits so that they don’t click on the wrong links, fall for phishing attacks, or accidentally give out sensitive information that hackers can use to attack a district’s network.

See Also

Illustration of Internet network data computer laptop security shield and lock symbol.
DigitalVision Vectors/Getty
Privacy & Security 3 Ways 69ý Can Reduce Cybersecurity Risks
Lauraine Langreo, January 25, 2023
4 min read

For staff, these trainings could be part of the annual training requirements that most districts have, Benigni said. They could also be part of the onboarding process for new staff members. For students, digital citizenship and online safety training could also be required.

A response plan should include how leaders are to notify the school or district community, as well as law-enforcement agencies, Benigni said.

It should also include mitigation and recovery strategies. For instance, when the Meriden school district had a few devices that were hit by a ransomware virus, Benigni said his district was prepared because they back up their devices regularly. They restored the devices from the latest cloud backup instead of paying the ransom.

Districts should have backup plans to ensure learning isn’t disrupted when technology is disabled because of a cyberattack, as well. Teachers should be “prepared to go old school” and make sure students are still learning, Balderas said.

Communicate the ‘why’ behind the plans

The three superintendents identified communication as being just as important as having a prevention and response plan. Part of the cybersecurity training for staff and students should include communicating why it’s important that a district secures its networks.

See Also

underground cyber security hologram with digital shield 3D rendering
iStock/Getty Images
Privacy & Security It Takes an Entire District to Prevent a Cyberattack: 5 Tips
Lauraine Langreo, February 15, 2023
3 min read

“I think the more available we can make ourselves and communicate the rhyme and reason, the why behind [the district’s cybersecurity practices],” the more likely people will buy into them, Aiken said.

How a district leader reacts and communicates with the community—students, staff, parents, local media—after a cyberattack is also critical because it could affect the district’s credibility and reputation, Balderas said.

“Make sure you react quickly with all the information you can share and be very resolved in terms of what you’re going to do to deter [attacks] in the future,” he said.

District leaders across the country should make it a priority to share best practices with one another, too, the panelists said.

“I think it’s important we learn from one another because most school systems are not going to have their own cybersecurity division to take action on these issues,” Benigni said.

Events

School & District Management Webinar Crafting Outcomes-Based Contracts That Work for Everyone
Discover the power of outcomes-based contracts and how they can drive student achievement.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in 69ý
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
School & District Management Webinar EdMarketer Quick Hit: What’s Trending among K-12 Leaders?
What issues are keeping K-12 leaders up at night? Join us for EdMarketer Quick Hit: What’s Trending among K-12 Leaders?

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/Education Week via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For 69ý And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What 69ý Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+
Privacy & Security Civil Rights Groups Seek Federal Funding Ban on AI-Powered Surveillance Tools
In a letter to the U.S. Department of Education, the coalition argued these tools could violate students' civil rights.
4 min read
Illustration of human silhouette and facial recognition.
DigitalVision Vectors / Getty