IT leaders in school districts should be familiar with these five online resources for securing staff and student data.
Cybersecurity is a high priority in K–12 schools, now more than ever. IT administrators can easily become overwhelmed as they search for feasible solutions to combat the rising number cyberattacks against K–12 education. There’s advice coming from every direction, corporate policies that don’t apply to education, insurance companies that won’t pay in the event of a breach and more, all raining down on schools.
As district technology leaders navigate cybersecurity practices for their staff and students, they need tried-and-true resources to count on. Security advice intended for global enterprises won’t help a school district in the mountains of Virginia or spanning the suburbs of Texas.
Here are five education-appropriate resources IT leaders can turn to when managing the cybersecurity challenges in their schools.
1. National Institute of Standards and Technology Framework
The NIST Cybersecurity Framework is a set of guidelines and other resources for organizations to use in their efforts to improve cybersecurity. The framework, which was created by National Institute of Standards and Technology with input from government, academic and industry stakeholders, includes resources to help users identify risks, protect data and systems, detect threats, respond to incidents and recover from attacks.
“Though the Cybersecurity Framework is not a one-size-fits-all approach to managing cybersecurity risk for organizations, it is ultimately aimed at reducing and better managing these risks. As such, this guide is intended for any and all organizations regardless of sector or size,” the NIST website states.
K–12 IT leaders can apply the guidance and practices to their own district’s cybersecurity model. The information in the NIST Cybersecurity Framework is voluntary guidance, and schools can choose which components or activities will work best in their institutions.
2. CoSN Aggregated Cybersecurity Resources
Most the cybersecurity offerings from the Consortium for School Networking — including games, videos and toolkits — are aggregated on a webpage for K–12 IT decision-makers to easily access and share. These resources can help build a better understanding of cybersecurity and give IT leaders a place to start when implementing new security practices in their districts.
Tools are further broken out to guide schools based on the district’s need. There are pages on cybersecurity orientation, planning, implementation and prevention, and response. Each represents a stage of the cybersecurity journey.
3. CoSN Trusted Learning Environment Seal
In addition to its cybersecurity resources for schools, CoSN also has a framework built specifically around data privacy practices in K–12 institutions. The Trusted Learning Environment Seal is awarded to schools that exemplify a commitment to strong student data protections.
To retain their TLE Seal, recipients must show how they are maintaining and improving their data protection policies every two years. According to CoSN’s website, “The TLE Seal Program requirements have been validated by more than 50 school systems.”
District IT leaders can use this framework, and the example set by the seal’s recipients, to improve their own data privacy protections in the areas of leadership, business, data security, classroom and professional development.
4. CISA Online Training Toolkit
Following the passage of the K–12 Cybersecurity Act, the Cybersecurity and Infrastructure Security Agency conducted a 120-day evaluation of the security threats facing districts. The federal agency then had until April 6, 2022 — 60 days after the completion of the risk evaluation — to provide voluntary security recommendations to K–12 schools.
Perhaps the largest requirement of the K–12 Cybersecurity Act is an online training toolkit that CISA must develop by Aug. 4, 2022. The toolkit must be “designed to educate school officials on CISA’s cybersecurity recommendations and provide strategies for its implementation,” according to a news brief from the Crowell & Moring law firm.
All of the resources developed in response to the K–12 Cybersecurity Act will be publicly available on the Department of Homeland Security’s website.
5. K12 Security Information Exchange Map and Report
Founded by security expert and K–12 IT influencer Doug Levin, “K12 SIX is the only national non-profit organization solely dedicated to protecting the U.S. K12 community—including school districts, charter schools, private schools, and regional and state education agencies—from emerging cybersecurity threats,” notes the organization. On the nonprofit’s website, school IT administrators will find the K12 Cyber Incident Map and the organization’s annual report.
The color-coded map shows the location and category of cyber incidents in K–12 education and is the most complete database of its kind. It tracks five types of incidents dating back to 2016: unauthorized disclosures, breaches or hacks resulting in the disclosure of personal data; ransomware attacks; phishing attacks resulting in the disclosure of personal data; denial-of-service attacks; and other cyber incidents resulting in school disruptions and unauthorized disclosures.
The annual “State of K–12 Cybersecurity” report details attacks against school districts and leaders’ preparedness to protect their data.
School leaders looking to enhance their security posture should start with these resources, which include vetted and reliable information on cybersecurity best practices. These frameworks, tips and databases will help IT administrators create a robust, well-rounded cybersecurity strategy for their district.