In a 2022 survey, 72 percent of the participating school administrators responded that cybersecurity was either a priority or high priority for their district leadership and local school boards. However, only 14 percent of the respondents said their district was very prepared for a cyberattack event.
This alarming disparity between prioritization and preparedness is indicative of the challenges school districts are facing pertaining to cybersecurity. As the Director of Technology at Maconaquah School Corporation located in north-central Indiana, I know firsthand that implementing a proactive cybersecurity posture is a difficult and time-consuming–yet necessary–process. School districts are prime targets for hackers; therefore, we must be prepared.
In our own school corporation, we have adopted four key practices that enable us to continuously strengthen and advance our cybersecurity mitigation and prevention strategies.
1. Get Creative With Your Budget
Like many school districts, our IT budget has not increased to address the growing number and variety of cyber threats; in fact, it has stayed the same for the past five years. That can make it challenging to add new defenses, but we have found ways to strengthen our posture through strategic and creative financial planning.
One shift we have made is leveraging hosted and/or managed services to fill staffing gaps and eliminate expensive and unpredictable capital expenses. For example, we previously had an on-prem firewall solution that was managed by a former staff member. When they left, I made the decision to switch to ENA by Zayo’s hosted firewall so that I did not have to spend the time and money hiring and training a new employee who would likely leave after six months for a higher paying job in the private sector.
To attain leadership buy-in for this new direction, I broke down the monthly costs of buying a new on-prem firewall solution and included estimated hiring, training, and repair fees over the lifecycle of the equipment. This enabled district leaders to see a side-by-side cost comparison of using a hosted, cloud-based firewall service versus an on-prem solution. Once they saw those numbers and realized the hosting service also included access to ENA’s team of security experts, they supported the decision to transition to cloud-hosted firewall.
Additionally, evaluating tech and app user usage is another way we are freeing up funds to support cybersecurity. With so much money being invested in educational software, it is critical to monitor if teachers and students are using our paid learning tools. We regularly survey teachers and review usage data to assess and adjust our licensing. This enables us to free up budget dollars and reinvest these funds in proactive cybersecurity tools like DDoS mitigation. We adopt the same approach with infrastructure and network solutions, seeking out bundling and other cost-savings opportunities to free up funds we can use to support our cybersecurity strategies.