Cybersecurity is arguably one of the biggest priorities in K-12 school districts across the country. IT leaders agree that a “when, not if” mentality is essential in formulating a K-12 cybersecurity strategy to keep school networks and sensitive information protected from hackers, phishing, ransomware, and other external (and internal) threats.
During an eSchool News Innovation Roundtable with a focus on cybersecurity, moderated by eSchool News Content Director Kevin Hogan, district IT leaders explored the challenging and ever-evolving topic of K-12 cybersecurity. Roundtable participants included:
- Phil Hintz, Chief Technology Officer, Niles Township District 219 (IL)
- Greg Limperis, Director of Technology, Lowell Public Schools (MA)
- Sandra Paul, Director of Information Technology, Township of Union Public Schools (NJ)
- Mohammed Saleh, Associate Chief Technology and Management Information Systems Officer, Paterson Public Schools (NJ)
- Paul Sanfrancesco, Director of Technology, Owen J. Roberts School District (PA)
Key takeaways and insights from the roundtable include:
Multi-factor authentication (MFA) is absolutely critical to your school district’s cybersecurity strategy.
“MFA is the easiest thing you can do,” Sanfrancesco said. “It will be your first line of defense and it’s the easiest, cheapest, and most effective right now.”
Often, discussions around MFA can hit roadblocks, but working with unions can help clear up resistance or misunderstandings when district staff members don’t want to give access to personal devices or ask for alternate MFA methods.
“I got in front of the union and told them how passionate I am about cybersecurity–and it’s not just for the staff members, it’s not just for the union members, it’s also for the students,” said Saleh. “Most likely, you have confidential student info in your email. It’s our job, collectively, to make sure that info is safe. It’s our responsibility. Luckily, we got some buy-in for this. We’ve been seeing more people enable MFA, and now it’s mandated.”
Managing the humans in your district can be as challenging—if not more challenging, at times—than the various programs, tests, and monitoring solutions you’ve put in place.
Often, IT leaders deal with a few staff members who are less than tech-savvy and who are resistant to change.
“We have to find ways to make their lives easier, because for some of them, their skillets are so limited, they’ve been teaching for 40 years, and they didn’t grow up with technology. We’re going to have to put a lot of effort into training,” said Limperis.
Networking is key.
“Increase your knowledge base,” Sanfrancesco said. “There are many free systems and entities out there. Become part of a network. Having the ability to network with someone else or others who are doing the same thing” is paramount.
“Networking is a big thing for me–I wouldn’t be where I am now if I hadn’t gained the knowledge from people I was around,” said Saleh.
When in doubt, pick a starting point.
“Just do one thing at a time,” said Hintz, noting that NIST, K-12 Six, and CoSN are great starting points to tackle a K-12 cybersecurity strategy. “You have to start with the end in mind. If you just jump in and start, you can begin to map out a roadmap. Map it out [with] your team, and make sure you advocate for it with your cabinet first, get everybody on top on board with it. Cast that vision and then begin that vision. Plan the work and then work the plan.”
Know your tools and resources.
Here’s a look at some of the solutions and professional organizations these IT leaders use to maintain network security and stay up-to-date:
- CoSN
- CISA
- Cisco Ironport
- Cisco Umbrella
- Cybersecurity Rubric
- GoGuardian
- Google Authenticator
- K12 Six
- KnowBe4
- Microsoft Authenticator
- NIST Framework
- Sophos
See more eSN Innovation Roundtables exploring critical education issues
Related:
Here’s how to protect schools from cyberattacks in 2024
Stay up to date on the latest K-12 tech innovation news
For more news on cybersecurity, visit eSN’s IT Leadership hub
- Online learning programs increase student access, engagement - October 14, 2024
- School-based active shooter drills must improve, minimize trauma - October 14, 2024
- Students need clarity on their postsecondary pathways - October 11, 2024