Cybersecurity does not have to contribute to this season's spookiness. From 2016 to 2022, K-12 schools experienced at least 1,619 cybersecurity-related incidents. Because school districts remain a heightened risk environment for cyberattacks, now is the time to assess infrastructure vulnerabilities and cyber practices. 

The FCC and Department of Education have released new guidance to assist schools with cybersecurity efforts. The following three risks have been identified as the most common forms of attacks and should be the top priorities for districts to address: 

1. Compromising of valid accounts, most often those accounts with weak or stolen credentials. 

2. Performing a phishing attack with a malicious link or attachment in a communication. 

3. Exploiting an unpatched but known vulnerability in a public-facing application.  

In light of these risks, the guidance recommends that districts begin with taking the following four steps that have reportedly significantly reduced the risk of a cybersecurity threat: 

1. Use multi-factor authentication

2. Require the use of strong and unique passwords for accounts

3. Be able to recognize and report phishing

4. Stay up to date on software updates

Additionally, the FCC is launching a Schools and Libraries Cybersecurity Pilot Program that will provide up to $200 million in funding to selected participants to reimburse them for cybersecurity services and equipment. Districts can apply for the program until November 1, 2024.

If you do experience a cyber attack or security breach, keep in mind that there are both state and federal law obligations that may kick in.  For KSB Policy Service subscribers, general requirements are laid out in policy 3047.  Other obligations, like informing the affected individuals of a breach or unauthorized disclosure, vary a lot based on the facts.  If in doubt, give your school lawyer a call.

In light of Cybersecurity Awareness Month, we encourage you to discuss cybersecurity with tech coordinators, staff, and vendors. KSB offers digital citizenship assemblies for students and staff in-services that focus on AI, speech, and social media as one means to begin the conversation around cyberspace issues. If you have any questions or wish to learn more about presentation options, call us at (402) 804-8000 or email ksb@ksbschoollaw.com.