This month Burbio.com shared data in their Burbio School Tracker 1/7: 38 out of 50 newsletter related to “cybersecurity” mentions in school board meetings, and the findings are very interesting.
Cybersecurity is an essential topic of discussion, with 21% of school districts mentioning it in their meetings over the past year. However, terms like “incident response,” “phishing,” and “student data privacy” barely registered on the radar.
This raises a big question: Are we being proactive or reactive when it comes to cybersecurity in schools? If only 20% of districts are having these conversations, it feels like we’re playing catch-up rather than addressing risks before they become crises.
From CoSN’s 2024 Leadership Survey, we know that while districts are making strides in implementing cybersecurity practices (two-factor authentication is now used by 72%, up from 40% in 2022), the overall perception of risk remains shockingly low. Cyber threats like phishing and ransomware are seen as low risk by many districts, even though K-12 education remains a top target.
While it does appear we’re on a path towards best practices, it is troubling that many cybersecurity measures being adopted now by both districts and vendors are already mandated by FERPA and COPPA regulations. The gap between requirements and implementation is particularly stark in some districts and companies, especially those with fewer resources or who don’t understand the value of investing in cybersecurity practices.
As someone who’s passionate about K-12 education, I see these trends as a call to action. Cybersecurity isn’t just an IT issue; it’s about protecting students, their data, and their futures. We need to shift the conversation from compliance to culture—embedding cybersecurity awareness at every level of our schools.
For those interested in diving deeper, I’ve linked to the Consortium for School Networking (CoSN) Leadership Report and shared the agenda from Cybersecurity and Infrastructure Security Agency 2024 National Summit on K-12 School Safety and Security.
If this resonated with you, I’d love to connect and discuss how we can move the needle on cybersecurity in K-12 education.
