Cybersecurity in K-12: Tips for keeping schools, students secure

Cybersecurity is
infiltrating education, whether by necessity in cases of data breaches or by
practice in teaching kids how to be upstanding digital citizens. FedScoop
recently interviewed about a dozen experts, professors, school administrators
and federal officials for a series on why digital safety is becoming increasingly important in K-12 schools.

Educators “should be asking questions about security,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “Even if you don’t know what the right answer is, just asking the question is going to get you an education.”

To help administrators and IT directors better understand how to establish best cybersecurity practices in their own schools, we have compiled tips and takeaways that came out of our reporting:

• Invest in a robust firewall.
• Have students and teachers create complex, long passwords.

“The key is to have robust passwords that are long and contain letters, characters, punctuation, even emoticons,” said Terry Van Zoeren, superintendent for the Swedesboro-Woolwich school district in New Jersey.

• Talk with third-party vendors that contract with the school beforehand to make sure they have strong security measures in place.

“If you have a third-party vendor that has access to your system, you want to talk to them about what they use on their end to ensure there are good credential practices to get into the system,” Kaiser said.

• Sign off and shut off computers at the end of the school day.
• Students (and teachers) shouldn’t share passwords with each other or write them on a piece of paper that can be easily found.

“It’s pretty simple to say you shouldn’t do that, but many of us do,” Van Zoeren said.

• Think about contracting with a third-party vendor to monitor the security of your school’s network.
• Identify critical student data (Social Security numbers vs. school lunch menus), and back up the information in an off-site location.

“The more complicated an environment becomes, with multiple devices accessing multiple applications, the more complicated the support model becomes as well,” said Maggie Hallbach, vice president of government and education for Verizon.

• Institute two- or multifactor authentication for students, teachers and administrators when they log on. Usually a login requires a username and password, but experts suggest also uploading a photo or getting a code texted to your phone to verify the user is valid.

“In a school setting, [administrators] may not have full appreciation for two-factor authentication, but that is one defense mechanism that pays dividends,” an Education Department official said.

• Introduce courses or lessons for students to learn about protecting their data as well as digital citizenship and ethics (maintaining a positive social media presence and reputation).
• Bring in IT and cybersecurity professionals on career days to raise awareness about the field and growing job market.

Explore FedScoop’s series on cybersecurity in K-12 education below:

Part 1: Schools face increased risk of cyber attacks | In recent years, school districts have been the target of sophisticated cyber attacks. But experts say school leaders are unprepared for the threats often faced by government and companies.

Part 2: Federal initiative aims to spark kids’ interest in cybersecurity | The National Initiative for Cybersecurity Education, started in 2010, aims to attract kids in elementary school as well as post-collegiate workers who may be looking to switch careers.

Part 3: Reading, writing — and cybersecurity? Digital safety programs sprout up in schools | Educators are seizing intense interest around cybersecurity and incorporating the topic into after-school programs and classroom lessons.

Reach the reporter at corinne.lestch@fedscoop.com or follow her on Twitter @clestch.