New resource calls on state support for small and rural LEA cybersecurity

The State Educational Technology Directors Association’s (SETDA) Cybersecurity & Privacy Collaborative — a network that includes Microsoft and the K12 Security Information eXchange (K12 SIX) — published guidance on Oct. 17 detailing how state agencies and other support organizations are empowering their smallest school districts to secure their data and networks.

Small Districts, Big Hurdles: Cybersecurity Support for Small, Rural, and Under-resourced Districts” is designed to identify essential resources, assess state-level K-12 cybersecurity advocacy initiatives, and craft policy recommendations to enhance cybersecurity readiness within small, rural and under-resourced districts.

“As technology continues to reshape education, ensuring the safety and security of students’ data and school networks has never been more crucial,” SETDA Executive Director Julia Fallon said in a statement. “This publication is a testament to SETDA’s dedication to supporting state education agencies’ technology initiatives and equips state edtech leaders with the resources and tools needed to guide districts, especially those facing the greatest challenges. The Cybersecurity & Privacy Collaborative hopes that this document will help prevent breaches of student and educator data while offering strategies to support and improve cybersecurity readiness for small and rural schools.”

In addition to disrupting school operations, cyberattacks impact students, families, teachers and administrators. Even in some of the country’s largest school districts with well-staffed IT departments, sensitive personal information — including grades, medical records, documented home issues, behavioral information and financial information — of students and employees have been stolen and publicly disclosed, as has sensitive information about school security systems.

For small and rural districts, the challenge of enhancing cybersecurity can be overwhelming, exacerbated by limited resources and already stretched thin personnel. “Their size and location make them more likely to struggle with constrained budgets, lack of on-site technical expertise, outdated infrastructure, as well as greater difficulty devoting attention to the issue,” the brief states. “This lack of personnel and attention tends to make them less able to be proactive, and more likely to be reactive to emergencies as they happen. With less monitoring and awareness, they are also less likely to realize when they have been compromised.”

State edtech leaders play a pivotal role in helping all districts, regardless of their size, enhance their cybersecurity readiness and resilience. To increase cyber-risk management parity across districts, SETDA recommends state leaders:

  • Educate district leaders about the most pressing cybersecurity issues and raise awareness about the importance of cybersecurity in K-12 education, and partner to advocate for state funding to pilot or initiate cybersecurity efforts.
  • Identify a useful framework or assessment to determine specific needs and implement practices to address them.
  • Develop state partnerships and collaborations that share information, best practices and distribute some of the workload for small districts.
  • Create incentives for districts to invest in their technology staff and educate their teaching staff.

“State leaders who assist in establishing these conditions are instrumental in enabling small districts to overcome obstacles, clear the hurdles, and significantly boost their capacity to safeguard their school communities against digital threats to their networks and data,” according to the brief.