The K-12 education system plays a critical role in preparing our future workforce and academic preparation for college. As advancements in technology continue to develop, school districts have been leveraging opportunities and improving the learning experience for students. However, technology does come with risks that can be exploited by cybercriminals.

Targeting of K-12 education systems across the country has increased and districts in Michigan have been impacted. An attack from a malicious actor puts students and staff at risk of losing data, resources and the ability to receive and provide critical education services. To help address the issue, the K-12 Cybersecurity Act of 2021 was passed by Congress requiring the Cybersecurity and Infrastructure Security Agency (CISA) to report on cybersecurity risks facing elementary and secondary schools. The goal is to provide recommendations, resources and insight into the current threat landscape. 

In January, CISA released a report titled “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats,” to help the K-12 sector understand the current cybersecurity risks and provide details to assist them with protecting against cybersecurity threats.

Jen Easterly, Director of CISA, discussed the report:         

“We must ensure that our K-12 schools are better prepared to confront a complex threat environment. As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children.

“Today’s report serves as an initial step towards a stronger and more secure cyber future for our nation’s schools, with a focus on simple, prioritized actions schools can take to measurably reduce cyber risk.”

Along with a toolkit, the report offers the following recommendations to help schools address the issue with cybersecurity posture:

1. Invest in the most impactful security measures and build toward a mature cybersecurity plan.
2. Recognize and actively address resource constraints.
3. Focus on collaboration and information sharing.  

Some of the most impactful security measures schools should focus on include implementing multi-factor authentication (MFA), mitigating known vulnerabilities, regularly testing backups and implementing a strong cybersecurity training program. Follow-on efforts should include fully adopting CISA’s Cybersecurity Performance Goals and ultimately develop an enterprise cybersecurity plan based on the NIST Cybersecurity Framework.

The report also highlighted the need for administrators, superintendents and other leaders to elevate cybersecurity risk management as a top priority. This includes taking creative approaches to securing necessary resources, migrating to secure cloud environments, reviewing available grant options, and working with technology and trusted, managed services providers who can offer benefits from low-cost services and products that are designed to address security.

Addressing cybersecurity needs can be challenging. At CatchMark Technologies, we specialize in helping to establish cybersecurity programs focused on reducing risk. Contact us today for more information and to find out how we can assist.