Getting better grades in cybersecurity must be a top priority for K-12 schools this year. Schools need to prioritize thwarting industrious hackers who are intent on getting to the treasure trove of information and personally identifiable information (PII) schools manage.

Just ask the staff of the Olympia School District in Washington, whose addresses, social security numbers, and salaries were exposed by a large-scale data breach.

Related content: Why cybersecurity training programs are critical

Yet despite the immense target schools present, it’s been difficult for educational institutions to make the cybersecurity grade. A 2018 SecurityScorecard report found that, out of 17 major industries, the education sector ranked last in terms of cybersecurity performance. It performed poorly in several areas, including patching cadence, application security, and endpoint security.

The latter has proven particularly difficult to manage, in large part due to the sheer number of devices being used cyberon school networks. A survey by educational software company Kajeet found an overwhelming majority of students and teachers use an array of devices—including Chromebooks and iPads—every day in the classroom. Some of these schools operate under a BYOD mandate, and some of the devices may not have top-notch security controls in place (or any security).

About the Author:

Brandon Shopp is vice president of product strategy at SolarWinds.