Protecting student and staff digital data—cybersecurity—has long been top of mind for school leaders, particularly CTOs and CIOs. And recent events illustrate why. Earlier this summer, tens of thousands of public-school students and employees in New York City had their personal data breached in the widespread hack of the file-transfer software MOVEit.1 Cyberattacks have led to anywhere from three days to three weeks of learning loss, a 2022 U.S. Government Accountability Office report found, with recovery taking up to nine months.2
To help educators ensure data security as they head back to school, the U.S. Department of Education (USDOE) recently held the Back to School Safely: Cybersecurity Summit for K-12 schools at the White House. At the summit, the establishment of a Government Coordinating Council (GCC) for cybersecurity was announced, as well as the release three K-12 Digital Infrastructure briefs, including “K-12 Digital Infrastructure Brief: Defensible and Resilient.”3
U.S. Secretary of Education Miguel Cardona said, “Schools have access to more devices and connectivity than ever before, and this technology in education has incredible potential to help students better connect with their learning and achieve, and teachers better engage with their students. But to make the most of these benefits, we must effectively manage the risks. Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms.”
As a result of the USDOE’s increased emphasis on cybersecurity, other government agencies and tech companies pledged their support. The Federal Communications Commission proposed a pilot program that would provide up to $200 million over three years for reinforcing cyber defenses in K-12 schools and libraries. The Cybersecurity and Infrastructure Security Agency (CISA) plans to help train and assess cybersecurity practices at 300 new “K-12 entities” in the upcoming school year. And the Federal Bureau of Investigation and National Guard Bureau will release new resources explaining how to report cybersecurity incidents.
As a result of the USDOE’s increased emphasis on cybersecurity, other government agencies and tech companies pledged their support. The Federal Communications Commission proposed a pilot program that would provide up to $200 million over three years for reinforcing cyber defenses in K-12 schools and libraries. The Cybersecurity and Infrastructure Security Agency (CISA) plans to help train and assess cybersecurity practices at 300 new “K-12 entities” in the upcoming school year. And the Federal Bureau of Investigation and National Guard Bureau will release new resources explaining how to report cybersecurity incidents.
From the tech world, Amazon Web Services committed $20 million to fund a cyber grant program for school districts and state departments of education. Cloudflare committed to offering cybersecurity solutions for free to public school districts with fewer than 2,500 students. PowerSchool said it would provide free and subsidized “security as a service” courses to schools and districts and Google created a new “K-12 Cybersecurity Guidebook.”
Here are five ways your company can join the movement to help schools ensure the highest level of cybersecurity:
- Reinforce information about the security protocols your digital programs support. While you likely share this information with your customers when they purchase and deploy your programs, this might be a good time to remind them of the high level of cybersecurity you support. It will give them peace of mind as they head back to school.
- Be sure your customers stay up–to-date with all security patches and updates for your programs. Email outreach to the appropriate school team members—whether it is the CTO, CIO, or building tech coordinator—when you are planning to deploy an update is critical. And you may need to reach out multiple times to ensure that they plan for these updates among all the other items on their to-do lists.
- Think about ways beyond what you are already doing to help schools keep their data safe. Do your programs feature two-factor or multi-factor authentication? If not, can you include that or other security enhancements in an upcoming update? What other new security features can you add to your product roadmap?
- Help schools keep their teachers, staff, students, and parents up–to-date on how to ensure their personal information is safe. Maybe host a webinar on tips for personal cybersecurity or develop a tip sheet that schools can use as a template to send home to students’ families to ensure they are safe at home.
- If there is a data breach, be transparent with your customers. Communicate quickly and clearly, letting them know what happened, what information was compromised, and what steps you are taking to correct the matter. Of course, we all hope it never happens, but if it does, the way a data breach is managed by your company can help ensure that you maintain a positive relationship with your education customers.
There’s no doubt that cybersecurity is serious business for all of us. MDR is here to help you integrate cybersecurity messaging into your campaigns throughout the school year as well as help you ensure the privacy of your customers’ data for those campaigns. Reach out to us!
Sources:
1NYC schools hit by MOVEit breach
2As Cyberattacks Increase on K-12 Schools, Here Is What’s Being Done
3U.S. Department of Education Announces Key K-12 Cybersecurity Resilience Efforts
