As seen on eSchool News
IT staff are crucial to safeguarding a school's assets, but all employees can and should be accountable for cybersecurity.

How to make secure K-12 digital transformation a reality

IT staff are crucial to safeguarding a school's assets, but all employees can and should be accountable for cybersecurity

By Bob Turner, CISO for Education, Fortinet May 23rd, 2023

Key points:

  • More students and educators are connecting personal devices to school networks
  • This makes network security–an already underfunded area–even more critical

The pandemic was a massive shift for school districts across the country, and even as we move out of it, we’re still feeling the impact. On the technical side, it prompted quick transformation to enable virtual schooling–and these changes were made as districts were already challenged by legacy technology, reduced budgets and understaffing. Existing problems were exacerbated.

In parallel, we’ve seen a rise in ransomware and other cyberattacks in the education sector. What’s needed is a digital transformation strategy that also prioritizes security.

A challenging landscape

There’s nothing mysterious or shocking about the rise in cyberattacks against the education sector. Today’s 21-century education requires up-to-date technology, but that’s a bigger risk for school IT teams. For instance, educational institutions are witnessing growth in the number of students, professors, and administrators who link personal devices to the network. A school district’s attack surface is expanded by this increased connection, making it more vulnerable to new threats.

And most schools are not equipped to deal with these threats; the Nationwide Cybersecurity Review (NCSR) risk-based assessment rates the cyber maturity score of K-12 schools at 3.55 out of 7. In fact, according to 29 percent of those responding to the K-12 Report, a cyber incident occurred in their district last year. Malware and ransomware were two of the most prevalent occurrences. According to the report, ransomware attacks pose the greatest cybersecurity risk to K-12 schools and districts in terms of overall cost and downtime.

As for malware, attackers have been opportunistically targeting K-12 districts over the past few years using certain strains, such as Shlayer and Coinminer. Consequently, K–12 schools must make sure their network connectivity is safe so they can protect sensitive student data and their critical digital assets.

What makes that harder is the fact that cybersecurity in K-12 districts is often under-funded.

School IT teams–many of them lacking proper staff levels–continually juggle a variety of tasks, from maintaining a wide range of devices to making sure the campus is outfitted with physical surveillance systems to keep children safe. Many IT workers find it challenging to set aside time to improve cybersecurity measures due to their expanding list of duties. To make matters worse, the typical school district spends 8 percent or less of its annual IT budget on security; 18 percent of districts spend less than 1 percent, according to the K-12 report.

One district’s digital transformation win

Let’s look at the example of one east coast district that recently declared it a top priority to equip all of its students with devices and implement a next-generation education platform throughout all of its campuses. But because of the rapid network edge expansion brought on by this transformation, the district’s aging systems and management infrastructure acquired serious security holes. Aging infrastructure was resulting in problems such as wireless access point failures, and service support agreements were about to expire.

With just one engineer serving as the district’s sole IT support for all its schools, a large portion of their time was taken by resolving problems with network infrastructure point products. The engineer saw the need for an integrated network platform for simple management, mitigation, automation and control. That led the district to start seeking a unified infrastructure that included switches, access points and security systems to enable its digital transformation.

Their approach combines SD-WAN and next-generation firewall capabilities with sophisticated routing and zero-trust network access (ZTNA) enforcement; it is quick, scalable, and adaptable. An endpoint detection and response solution is integrated into the network to provide cutting-edge endpoint security with real-time visibility, information sharing, analysis, defense and remediation. A network operations center (NOC) is responsible for centrally managing the district’s network and solutions. As a result, integration has improved and there is more control.

This is in line with what CoSN’s 2023 report has found: “Connecting systems or digital environments can form powerful digital ecosystems for enabling student learning and/or supporting education administration.”

The importance of ongoing training

Introducing regular security awareness training for teachers and staff is one of the simplest ways to improve cybersecurity. Though IT staff are crucial to safeguarding a school’s assets, everyone is accountable for cybersecurity. However, this is only achievable if they are aware of and are able to recognize the typical techniques employed by cybercriminals. All employees can and should be a solid line of defense.

Plotting a more secure course

By enabling novel experiences and enhancing communication and collaboration among students, parents, and instructors, digital technology has the potential to transform learning in American schools. The digital transformation process for K–12 education is essential in light of attackers’ increasing focus on this sector. Education IT leaders should consider security and networking as equally important with awareness training as the connection to safe operations and the path to the future.

3 ways MDM helps fight school cyberattacks
Ransomware attacks on schools are only getting worse

About the Author:

Bob Turner has years of experience as a higher education executive, board member, and thought leader with a focus on cybersecurity strategy and leadership, information assurance and business continuity planning, and information technology management. At Fortinet, he is the CISO for K-12 and higher education acting as a senior level strategic business and technical advisor for the cybersecurity community and business executives. Previously, Turner was a cybersecurity executive and Director of the Office of Cybersecurity reporting to the Chief Information Officer/Vice Provost for Information Technology at the University of Wisconsin at Madison. There, he built a cybersecurity team of 60+ cybersecurity experts delivering all cybersecurity services as well as improved university IT policy development by working with distributed IT and faculty governance groups to ensure cohesive approach to IT policy, governance, audit, and cybersecurity operations.

eSchool Media uses cookies to improve your experience. Visit our Privacy Policy for more information.

Looking for some help?

Would you like to have an eSchool Media team member contact you?

Leave your details for more information