Many schools implemented cybersecurity tools reactively – Often in response to breaches, insurance requirements, or grant opportunities.  However, tools alone do not create a secure environment, as evidenced by the continued rise in cyber incidents affecting K-12 Schools.

School leaders often perceive cybersecurity as a technology issue, relying on their IT Teams (or individual) as the primary experts.  While technology plays a critical role, it is only one component of an effective cybersecurity strategy.

What’s missing is a structured framework for continuous cyber risk monitoring and improvement.    Addressing cybersecurity effectively requires a collaborative approach:

• Leadership Engagement: Leadership must develop a fundamental understanding of cybersecurity risks within the school’s technology ecosystem.
• Risk Prioritization: Leadership should actively participate in identifying and addressing the most critical vulnerabilities.
• District-Wide Policies: Implementing security measures that align with the school’s overall risk tolerance is essential.
• Strategic Roadmap: It is critical for schools to develop long-term strategies for continual cybersecurity improvements.
• People: Your staff, students, partners, and vendors must all do their part.  Ongoing education and training for staff is critical.  Don’t assume your vendors and partners are secure, cybersecurity impacts everyone!  The very tools you implement for protection can quickly become vulnerabilities.

“Don’t stop short on your journey for cybersecurity and resilience.  Criminals and nation-state actors are becoming expert at finding unprotected seams:  weak identity and access controls, unpatched devices and security misconfiguration.”

Rob Joyce, Cyber, Risk & Regulatory Senior Fellow, PwC US, former Special Assistant to the President & Acting Homeland Security Advisor