IT leadership is an essential component of school and district operations, and in today’s post-pandemic landscape, K-12 IT security is critical in combatting increasing cybersecurity attacks that can cripple even the largest districts in a matter of moments.

It’s important to establish the right K-12 IT practices and policies that support teaching and learning–and it’s even better to share those best practices in the event that other K-12 IT leaders are seeking to establish the same kind of policies.

Here is K-12 IT advice from a handful of IT leaders:

1. The alarming disparity between prioritization and preparedness is indicative of the cybersecurity challenges school districts are facing. As the Director of Technology at Maconaquah School Corporation located in north-central Indiana, I know firsthand that implementing a proactive cybersecurity posture is a difficult and time-consuming–yet necessary–process. School districts are prime targets for hackers; therefore, we must be prepared.

In our own school corporation, we have adopted four key practices that enable us to continuously strengthen and advance our cybersecurity mitigation and prevention strategies. One of those strategies includes continuously identifying and addressing vulnerabilities. As with training, school districts should never remain idle when it comes to evaluating and addressing their vulnerabilities. We have spent the last few years identifying and fixing gaps in our cybersecurity posture and defenses. Conducting regular audits and evaluations has put our district in a stronger position, but the work is never complete. To be diligent, we must proactively assess our cybersecurity weaknesses and defenses regularly. [Read more]
–Chris Percival, Director of Technology, Maconaquah School Corporation

2. There is no doubt that cybersecurity is essential for all organizations in our modern world. However, security cannot be valued more than usability. The sad fact is that the only entirely secure computer system is one that have been unplugged and shut off. Cyberattacks will continue, and it will be important to ensure that every organization has strong backup and recovery plans in place. However, end user usability is just as important as security.

IT leaders need to ensure that usability is still the primary consideration in building IT systems. IT systems are of little value if they are not able to be used effectively by end users. Considerations of what level of additional steps end users are willing to take is essential. This is particularly important as many organizations still have a high number of remote workers. Make sure the warnings provided to end users are significant as well. Too many warnings can numb end users into assuming the IT department is crying wolf and they may stop paying attention to warnings. [Read more]
–Steven M. Baule, Ed.D., Ph.D., Faculty Member, Winona State University

Laura Ascione
Latest posts by Laura Ascione (see all)