How to make secure K-12 digital transformation a reality
IT staff are crucial to safeguarding a school's assets, but all employees can and should be accountable for cybersecurity
- More students and educators are connecting personal devices to school networks
- This makes network security–an already underfunded area–even more critical
The pandemic was a massive shift for school districts across the country, and even as we move out of it, we’re still feeling the impact. On the technical side, it prompted quick transformation to enable virtual schooling–and these changes were made as districts were already challenged by legacy technology, reduced budgets and understaffing. Existing problems were exacerbated.
In parallel, we’ve seen a rise in ransomware and other cyberattacks in the education sector. What’s needed is a digital transformation strategy that also prioritizes security.
A challenging landscape
There’s nothing mysterious or shocking about the rise in cyberattacks against the education sector. Today’s 21-century education requires up-to-date technology, but that’s a bigger risk for school IT teams. For instance, educational institutions are witnessing growth in the number of students, professors, and administrators who link personal devices to the network. A school district’s attack surface is expanded by this increased connection, making it more vulnerable to new threats.
And most schools are not equipped to deal with these threats; the Nationwide Cybersecurity Review (NCSR) risk-based assessment rates the cyber maturity score of K-12 schools at 3.55 out of 7. In fact, according to 29 percent of those responding to the K-12 Report, a cyber incident occurred in their district last year. Malware and ransomware were two of the most prevalent occurrences. According to the report, ransomware attacks pose the greatest cybersecurity risk to K-12 schools and districts in terms of overall cost and downtime.
As for malware, attackers have been opportunistically targeting K-12 districts over the past few years using certain strains, such as Shlayer and Coinminer. Consequently, K–12 schools must make sure their network connectivity is safe so they can protect sensitive student data and their critical digital assets.
What makes that harder is the fact that cybersecurity in K-12 districts is often under-funded.
School IT teams–many of them lacking proper staff levels–continually juggle a variety of tasks, from maintaining a wide range of devices to making sure the campus is outfitted with physical surveillance systems to keep children safe. Many IT workers find it challenging to set aside time to improve cybersecurity measures due to their expanding list of duties. To make matters worse, the typical school district spends 8 percent or less of its annual IT budget on security; 18 percent of districts spend less than 1 percent, according to the K-12 report.
One district’s digital transformation win
Let’s look at the example of one east coast district that recently declared it a top priority to equip all of its students with devices and implement a next-generation education platform throughout all of its campuses. But because of the rapid network edge expansion brought on by this transformation, the district’s aging systems and management infrastructure acquired serious security holes. Aging infrastructure was resulting in problems such as wireless access point failures, and service support agreements were about to expire.
With just one engineer serving as the district’s sole IT support for all its schools, a large portion of their time was taken by resolving problems with network infrastructure point products. The engineer saw the need for an integrated network platform for simple management, mitigation, automation and control. That led the district to start seeking a unified infrastructure that included switches, access points and security systems to enable its digital transformation.
Their approach combines SD-WAN and next-generation firewall capabilities with sophisticated routing and zero-trust network access (ZTNA) enforcement; it is quick, scalable, and adaptable. An endpoint detection and response solution is integrated into the network to provide cutting-edge endpoint security with real-time visibility, information sharing, analysis, defense and remediation. A network operations center (NOC) is responsible for centrally managing the district’s network and solutions. As a result, integration has improved and there is more control.
This is in line with what CoSN’s 2023 report has found: “Connecting systems or digital environments can form powerful digital ecosystems for enabling student learning and/or supporting education administration.”
The importance of ongoing training
Introducing regular security awareness training for teachers and staff is one of the simplest ways to improve cybersecurity. Though IT staff are crucial to safeguarding a school’s assets, everyone is accountable for cybersecurity. However, this is only achievable if they are aware of and are able to recognize the typical techniques employed by cybercriminals. All employees can and should be a solid line of defense.
Plotting a more secure course
By enabling novel experiences and enhancing communication and collaboration among students, parents, and instructors, digital technology has the potential to transform learning in American schools. The digital transformation process for K–12 education is essential in light of attackers’ increasing focus on this sector. Education IT leaders should consider security and networking as equally important with awareness training as the connection to safe operations and the path to the future.