Cybersecurity

Subtopics

Data Breaches

Phishing

Ransomware

Minimize exposure to cyberattacks and build secure and resilient K-12 cyber systems.

Cyberattacks and online threats are an increasingly significant and widespread problem for K-12 schools and school districts. Educational institutions can be a lucrative and vulnerable target for malicious cyber actors because they maintain sensitive student and staff data and personal information, utilize multiple forms of technologies to facilitate learning, and often lack resources to put in place comprehensive cybersecurity programs. Students are also spending more time online than ever before, using technology to complete homework, communicate with peers, and engage with teachers and school staff.

K-12 cyber threats can include unauthorized disclosures or data breaches, ransomware attacks, phishing attempts, and denial-of-service attacks. These incidents can have significant impacts on schools, making critical systems inaccessible, exposing sensitive personal information, putting confidential school plans and data at risk, and disrupting school operations. Cyberattacks can also result in high financial costs for school districts and the loss of learning for students.

Strategies to Consider

There are several strategies schools and districts can implement to strengthen their cybersecurity posture and protect against current and future digital threats. Some of these measures include:

Practice and provide training on good cyber hygiene. This includes recognizing and reporting phishing attempts, using strong passwords, turning on multifactor authentication, and keeping software updated.
Establish and exercise a cyber incident response plan outlining what should be done before, during, and after a cyber incident.
Implement well-informed processes when new technologies are adopted within the school environment.
Stay informed on the cyber risk environment and connect with K-12 cyber partners who can help provide strategic and cost-efficient cybersecurity actions.
Invest in the most impactful security measures and build towards a more mature cybersecurity program for the future.

Featured Resources

These resources are a starting point for learning more about cybersecurity. Use these resources to help prevent, protect against, and respond to cyber threats and attacks.

Additionally, SchoolSafety.gov regularly publishes issue briefs that provide a high-level overview of a specific school safety topic as well as a sampling of aligned strategies, resources, programs, and tools. Download and explore cybersecurity-related issue briefs below.

Report

Partnering to Safeguard K-12 Organizations from Cybersecurity Threats

Cybersecurity and Infrastructure Security Agency, January 2023

This report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.

Report

#StopRansomware Guide

Cybersecurity and Infrastructure Security Agency, and Department of Justice, 2023

This guide serves as a one-stop resource to help organizations, including schools, reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.

Report

K-12 Digital Infrastructure Brief: Defensible & Resilient

Cybersecurity and Infrastructure Security Agency, and Department of Education, 2023

This brief highlights cybersecurity recommendations and promising practices from states and districts across the country. It is designed to help schools build solutions for their own contexts, and offers examples from the field of those who faced challenges to connectivity, accessibility, cybersecurity, data privacy, and other infrastructure issues and designed solutions for their challenges.

Program

Secure Our World

Cybersecurity and Infrastructure Security Agency

This program educates individuals and organizations on actionable steps to stay more safe and secure online. It includes information and resources such as videos, toolkits, tip sheets, and posters.

Filter Resources

All Cybersecurity Resources

Access additional resources below to learn more about K-12 cybersecurity and related best practices. Use the filters to sort resources based on subtopic and/or preparedness action.

Guidance

Phishing Guidance: Stopping the Attack Cycle at Phase One

Cybersecurity and Infrastructure Security Agency, Department of Justice, Other Federal Agency, and Third Party, 2023

This guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers. It is designed to help reduce the impact of phishing attacks in obtaining credentials and deploying malware.

Webpage

CoSN’s NIST Cybersecurity Framework Resources Alignment for K-12

Third Party

This webpage aligns a variety of free and Consortium for School Networking (CoSN) member resources with the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which provides a structured approach for organizations to protect their digital assets. Schools and districts can use the page to find resources to build and expand their cybersecurity programs, fortify their cyber defenses, and better safeguard against evolving digital threats.

Report

K-12 Digital Infrastructure Brief: Privacy Enhancing, Interoperable, and Useful

Department of Education, 2023

This brief discusses prioritizing privacy and ensuring data protection measures so that schools can build trust with stakeholders and maintain the confidentiality and integrity of sensitive student data. It includes information on the implementation of data interoperability standards to allow the seamless exchange of data between different edtech applications and systems. This publication is part of a series of briefs on the key considerations facing educational leaders as they work to build and sustain core digital infrastructure for learning.