Security for Schools

Security for Schools: Shielding K-12 Education from Cyber Threats

Cybersecurity in educational institutions is more important than ever. Schools and districts increasingly face cyber threats due to their reliance on technology for in-person and remote learning, cloud-based systems, and digital communications.

CPS has developed CPS Security Solutions- a collection of supplier contracts that help to keep your institution safe. Stay tuned - as we plan to bring you more innovative products and thought-leadership from trusted partners.

And, with this collection, you receive all of the benefits you know and love from Catholic Purchasing.

CONTRACT PRICING | NO MEMBERSHIP FEES | NET 30 TERMS

Prevalence and Nature of Cyber Attacks: Schools Are “Target-Rich and Cyber Poor”

Did you know that in the last 30 days, over 7.6 million malware attacks targeted K-12 classroom devices? Education is the most affected industry, far surpassing retail and consumer goods, which experienced around 900,000 attacks in the same period.

According to the Cybersecurity & Infrastructure Security Agency (CISA), schools and districts are considered “target-rich, cyber poor” due to limited protections and the wealth of sensitive information they store, including:

• Student and family data
• Teacher and staff personal information
• Financial and administrative records

K-12 schools face a range of cyberattacks, including:

• Ransomware
• Phishing
• Denial-of-Service (DDoS)
• Video conferencing disruptions

These attacks can disrupt education, compromise sensitive data, and incur substantial financial costs, emphasizing the urgent need for robust cybersecurity measures.

Consequences of Cybersecurity Breaches

Cyber incidents in schools go beyond immediate disruption. Potential impacts include:

• Exposure of personal information leading to identity theft and financial fraud
• Reputational damage to the school or district
• Financial costs of recovery and legal liabilities

High-profile attacks, like the ransomware incident at the Los Angeles Unified School District, highlight the serious consequences of cybersecurity breaches.

Current Measures and Recommendations for Security Solutions

While schools have made efforts to improve cybersecurity, gaps remain. CISA recommends that districts prioritize impactful security investments and develop long-term cybersecurity plans. Key strategies include:

1. Implement Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring multiple forms of identification for access to sensitive systems. Best practices include:

• Educating staff, students, and parents on MFA use
• Following NIST recommendations to change passwords annually instead of minor frequent changes
• Protecting student records, financial data, and administrative systems

2. Mitigate Known Exploited Vulnerabilities

Regularly updating and patching software, operating systems, and network devices reduces risks. Schools should:

• Conduct vulnerability assessments and penetration testing
• Identify weaknesses in IT infrastructure
• Minimize the risk of exploitation by malicious actors

3. Implement and Test Backups on Security Systems

Backups ensure continuity during cyber incidents:

• Store critical data (student records, financial information, administrative documents) offline and securely
• Regularly test backups to verify integrity and restoration capabilities
• Protect against ransomware and other threats

4. Regularly Exercise an Incident Response Plan

A strong incident response plan prepares schools for cyber incidents:

• Define roles, responsibilities, and procedures for breaches, malware infections, or phishing attacks
• Conduct tabletop exercises and simulations
• Update the plan based on lessons learned from real-world incidents

5. Implement a Strong Security Training Program

Cybersecurity awareness is essential for all stakeholders:

• Train teachers, staff, students, and parents on threats such as phishing, malware, and social engineering
• Promote good cyber hygiene: strong passwords, avoiding suspicious links, and reporting incidents promptly
• Provide specialized training for IT staff and administrators

Free resources for cybersecurity education include:

• National Cybersecurity Alliance
• National Initiative for Cybersecurity Careers and Studies
• Common Sense Education
• My Cyber Hygiene

6. Using Artificial Intelligence (AI) Safely

Schools must distinguish between public and private AI:

• Public AI (like ChatGPT, Bard, Claude) risks exposing sensitive data
• Private AI allows schools to control data, encrypt it, use MFA, and audit activity for safety

Leveraging State and Federal Resources to Improve Cybersecurity

Schools can strengthen cybersecurity by accessing guidance, training, frameworks, and funding:

• State and Local Cybersecurity Grant Program (SLCGP) – DHS-administered grants
• CISA Grants – Funding for educational cybersecurity initiatives
• Department of Education Grants – For technology and infrastructure improvements
• State-specific Grants – Check with state education departments for local funding

Collaboration with other schools and districts fosters a community-driven approach to cybersecurity resilience.

Moving Forward

Building a strong cybersecurity culture requires commitment from everyone:

• Educate students, teachers, staff, parents, and administrators
• Provide ongoing training and encourage prompt incident reporting
• Integrate cybersecurity principles into curriculum to empower students
• Continuously update practices to address evolving threats

With proactive measures, K-12 schools can protect sensitive data, ensure operational continuity, and promote safe learning environments.

Check out our NEW Security Solutions on CPS to strengthen your school’s cybersecurity today!