Late in 2021, Project Tomorrow released a report, 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Research Study. Project Tomorrow is a nonprofit whose mission is to support the effective implementation of research-based learning experiences for K-12. This research points to how security and the cloud can shape student learning.
Researchers interviewed nearly 600 district administrators and technology leaders from a cross-section of school districts across the country. The results call for a national response for greater awareness and actions in K-12 cybersecurity. Most importantly, research showed that security is not the job of just the technology department. We need greater awareness. And, particularly, all district personnel, students, and families must act.
There has indeed been negative press on the effects of remote learning. Nevertheless, the pandemic looks like it cemented districts’ commitment to devices, digital resources, and internet connectivity. With this increased usage, the vulnerabilities of school districts have increased. We all hear the reports of ransomware, hacking, data breaches, and other cybersecurity incidents. They have hit school districts with increasing regularity.
The report findings do not reveal technical specifics for protection. Results offer areas of misalignment that need to change. Three key areas surfaced.
- An effective cybersecurity plan must have shared responsibility across the district.
- District leaders must reassess the approach to the management of technology.
- Funding must increase for cybersecurity for both readiness and mitigation efforts.
Share Responsibility for Cybersecurity
The readiness of District Leadership to implement effective methods for protection or response to a ransomware attack or hack to district systems depends first upon the Superintendent. And his or her cabinet must have an understanding of their district’s vulnerabilities and response planning. Unfortunately, the study shows that there is a mismatch in the commitment across leadership.
The pandemic showed that district staff needed to adjust their jobs to meet the needs of the moment. This change, or transformation, must continue. Tech staff may need to learn more about cybersecurity and the cloud and less about servers and copy machines. Teachers may need to address digital citizenship and online safety more actively.
Reassess Needs to Focus on the Cloud
Software as a Service (SaaS) and cloud are widespread even before the pandemic. That’s only increasing. But Leaders need to ensure training on new technologies. Staff now should spend less time running a data center rather than running cloud applications. Staff to focus on this new landscape. Time is needed for practices and procedures to evolve. Vet SaaS and cloud providers to hone skills. Spend less time spent on, say, testing shrink-wrapped software.
Increase Funding for Cybersecurity and Cloud
Finally, the Project Tomorrow research points to the need for more funding for cybersecurity. These investments should go to awareness training, locking down vulnerabilities, updating security and student safety software, cloud adoption, and having a robust business continuity and disaster recovery plan.