K-12 Education: Security Challenges and Solutions for the Modern World

Over the last few months, there have been several recent cybersecurity initiatives at the federal level, aimed at bridging gaps in K-12 cybersecurity policy and strategy.

For example, on August 2023, the White House released its 2023 key K-12 cybersecurity resilience program, which includes the establishment of a Government Coordinating Council (GCC); the release of the Department’s three K-12 Digital Infrastructure briefs, including “K-12 Digital Infrastructure Brief: Defensible and Resilient”; a Back to School Safely: Cybersecurity Summit for K-12 Schools; and the proposal of a $200 million K-12 cyber resilience pilot program.

The $200 million pilot program would exist separately from E-rate funding and would be housed under the Universal Service Fund. The program would provide close to $200 million over three years to strengthen cybersecurity posture in K-12 schools and libraries in conjunction with other federal agencies that have developed cybersecurity expertise.

Currently, neither E-Rate nor the Emergency Connectivity Fund (ECF) funding programs offer enough flexibility to offset today’s K-12 cybersecurity risks. This program would afford more flexibility through funding that would address the full range of cybersecurity protections that schools need. Details of the proposed pilot have not yet been disclosed and would be subject to further comment in a Notice of Proposed Rulemaking.

The focus of this comprehensive cybersecurity program is to channel resources towards the creation of digital infrastructure that is safe, accessible, resilient and sustainable. Important discussion points include pre-event preparation, event crisis management and post-event decisions and resilience building.

Further, on September 5th, 2023, the Cybersecurity and Infrastructure Agency (CISA) made a “voluntary pledge” for K-12 education technology software developers and manufacturers to commit to designing technology products that bear cybersecurity in mind throughout creation. The pledge encourages technology manufacturers to adopt three principles: 1) the company will take ownership of customer security outcomes; 2) they will embrace radical transparency and accountability; 3) the company and its leadership will prioritize secure technology.

Although these initiatives are a positive step towards K-12 cyber preparedness efforts, there is still a long way to go before school districts feel secure in their overall cybersecurity posture. Therefore, it is imperative that cybersecurity is tackled from an “all hands on deck” approach and schools districts work with the right technology vendors to implement robust security strategies.

Over the last few years, K-12 school districts have increasingly fallen victim to cybersecurity attacks and breaches, such as incidents of ransomware. According to a 2023 study conducted by cybersecurity firm Sophos, nearly 80 percent of schools across 14 nations, including the U.S., experienced a ransomware attack in 2022. These attacks can be catastrophic, affecting both teachers and learners, taking schools months to recover, with the most severe recovery efforts costing upwards of a million dollars per attack. 

Student data privacy has become a trending topic, as now more than ever, schools are responsible for large amounts of data and personally identifiable information. The introduction of new devices, such as tablets, digital whiteboards and virtual reality devices, blended learning models including hybrid and remote learning, and continually evolving education technologies and landscapes have posed additional security challenges and risks. Security and data breaches threatena to compromise this data, putting both students, school administrators and the education community at risk. For example, after the ransomware attack on Los Angeles Unified School District last year, highly sensitive mental health records of current and former students were compromised and released onto a dark web leak site.

According to the Consortium for School Networking (CoSN)’s 2023 State of EdTech Leadership report, K-12 education leaders’ top priorities were cybersecurity, network infrastructure, and data privacy and security, with only 33% of EdTech leaders reporting adequate resources to deal with cybersecurity issues. 

K-12 school districts, particularly smaller school districts, are faced with a shortage of resources and lack of funding. Additionally, the movement to establish K-12 cybersecurity guidance, support and strategy nationwide, has led to improper cyber preparedness and mitigation efforts.

Throughout fiscal year 2024 and beyond, school districts will be looking to employ a combination of security tools that tackle prevention, detection and response. Embedding privacy and security into the front end of technology design will be key. With increased adoption of cloud solutions, accompanying risks must be addressed and data minimization needs be applied whenever possible. Las Cruces Public School District (LCPS) of New Mexico is a good example of a school that was able to mitigate the effects of a ransomware attack through proper planning efforts, such as doing a comprehensive system backup before the attack and having the appropriate crisis response team and strategy in place.

K-12 education buyers will be looking to invest in solutions specializing in sound security measures such as keeping operating systems up to date, requiring multifactor authentication, endpoint detection, encryption, cloud backup processes and adopting a zero trust framework. Additional tools such as tracking and locking software for mobile devices and digital literacy solutions will be beneficial. Some K-12 schools may choose to outsource work with third-party services or utilize a Security Operation Center as a Service to help with monitoring efforts.

Success selling IT across the K-12 education landscape will be dependent on being able to recognize the individuality of your customers’ needs, given the diverse K-12 education landscape and unique district needs. Today’s K-12 Education IT buyer will be looking for help navigating a technology-driven future. It will be up to you to recognize the individual needs of each school and district and tailor your product or solution to fit those needs.  Despite education buyers being slow (and usually last) to implement change, finding ways to align your technology to meet the core values of education in today’s modern environment will serve you well.

To get more TD SYNNEX Public Sector Market Insight content, please visit our Market Intelligence microsite.

About the Author:
Yvonne Maffia is the senior analyst on the TD SYNNEX Public Sector Market Insights team covering State and Local trends across the Public Sector.