Maintaining Cybersecurity in Schools: Phishing, Malware, and DDoS—Oh My!

Critical Cybersecurity Conversations K-12 Leaders Should Be Having edLeader Panel recording link


Blog post by Michele Israel based on this edLeader Panel

Cyberattacks in schools across the nation are growing, from Zoombombing to ransomware that takes down entire districts. As a result, K-12 learning environments need more robust policies and practices to stem intrusions and build cyber resilience.

So concurred cybersecurity experts and educational leaders participating in the ENA-sponsored edLeader Panel, “Critical Cybersecurity Conversations K-12 Leaders Should Be Having.” The panelists detailed cyber threats schools face and strategies they can use to identify, heighten their awareness about, and thwart cyber incidents.

Cyber Threats and Events: The Range

Cyber infiltration is clever; it presents in many ways and it frequently occurs with an average of two incidents per day per school around the nation.

In 2020, the most common types of cyber events in the K-12 sphere were:

Pie chart for K-12 Cyber Incident Types in 2020

A review of 2019-2020 data further highlights the cyber threats school systems face:

  • In 2019, 11% of all school districts reported a total of 408 incidents, with 12 districts reporting at least two events.
  • In 2020, there were three times as many incidents. From January–July 2020, K–12 represented 28% of cybersecurity events across the public and private sectors. That rate increased to 57% from August–September alone!

Measures to Enhance Security

Schools should not be wondering when a cyberattack will occur or who will get hit: They should assume it will happen to them and be prepared to respond when it does. Taking preventive measures early on is crucial to guard against threats and incidents. There are several strategies schools and districts might put in place:

Penetration (“pen”) testing – This is the process of assessing the security risk of a system or network by simulating an attack on it. The test tends to capture known challenges, reveal unexpected problems and risks, and enable the detection and interruption of a penetration in progress. It offers insight into how cybercriminals (or attackers) are thinking, allowing teams to come up with appropriate responses. A pen test should occur at least once a year with a reputable third-party company that can monitor systems internally and externally. Then, share test results with the executive team, the superintendent, and the school board to improve and safeguard systems moving forward.

Phishing tests – Security and IT teams create and send mock emails to employees to identify malicious links that, when clicked, can result in data leakage or damage to company systems. Phishing tests, if administered appropriately, can improve cybersecurity awareness and behavior. However, what shouldn’t happen is making teachers feel like they got “caught” doing something wrong. Instead, a more game-like approach (with rewards!) works better to get teachers involved and aware of the risks.

Multifactor authentication (MFA) – This requires digital users to provide at least two pieces of evidence to prove their identity. With big applications using MFA, schools could lower their password-change policy.

Incident monitoring – Tracking, logging, and centralizing cybersecurity incidents and data across systems are crucial to identifying and responding to issues.

Network mapping – This process allows schools to recognize the connections among various network systems and know what is on the network—who’s connected and what’s connected and vulnerabilities that emerge as a result. (Is there a firewall with unified threat management, for instance?)

Cross-department prevention – Planning collaboratively with departments that depend on technology (the internet, phones) can reduce the impact of potential cyber incidents on everything from school busses to the lights in food services.

Motivating, Encouraging, and Building Awareness

Beyond policy and practice, the best cyber attack prevention is awareness—establishing a security culture can reduce cyber events. Schools and districts should consider the following strategies toward this end:

  • Set understandable security policies – It’s not enough to put in policies. People need to understand the risks to systems and practices schools put in place.
  • Jonathan Ryglicki, Cyber Security Manager for Metro Nashville Public Schools (MNPS), emphasized the importance of explaining policies in ways that make sense to people. He’s described a thumb drive to colleagues as a “lollipop” that everyone licks. Every time a thumb drive goes into a computer, everyone who’s used the computer licks that “lollipop.” Whatever they’ve got (virus, etc.) is a potential tech disaster waiting to happen. That “lollipop” concept creates instant awareness of cybersecurity risks.
  • Link cybersecurity to curricula – Encourage students to become responsible digital citizens who learn how to behave and communicate safely online. Connecting cybersecurity to the curriculum boosts digital responsibility. For instance, incorporating cyber safety into computer science introduces learners to concepts around passwords and login security.
  • Communicate approved applications – It’s important to let teachers know what applications they can and cannot use. For example, if a teacher wants to use an app from a website, processes should be in place to vet the tool to identify and accept third-party risks.

Curbing cyber incidents is crucial, especially from a pedagogical standpoint, emphasized Tom Ryan, Ph.D., co-founder of K-12 Strategic Technology Advisory Group (K12STAG). “This is an instruction issue,” he urged, “because it knocks out kids’ opportunities to receive high-quality instruction. It’s a financial situation because it costs a great amount of money to recover some from the various cyber events we have. And, it’s a cabinet- and board-level issue as it relates to policies and enforcement.”

This edWeb broadcast was sponsored by ENA.

Watch the Recording Listen to the Podcast

About the Presenters

Jonathan Ryglicki has been the cyber security manager for the Metro Nashville Public Schools (MNPS) since 2019. He is a Certified Information Systems Security Professional with over 15 years in the information security and risk management industry with a focus on regulatory compliance, third-party risk management, and security awareness. Education has always been a passion of his, prior to information security, as he worked with a non-profit to promote effective technology in the classrooms.

Mark Racine is the chief information officer for the Boston Public Schools. Mark joined the Boston Public Schools in 2007 as a classroom teacher before joining the central administration in 2012 where he has served as the CIO for the last nine years. Mark serves on the governance board for the Ed-Fi Alliance, the National Advisory Council for Cybersecurity, and the peer review team for the Council of Great City Schools.

Rob Eidson is responsible for the security portfolio to include unified threat management, hosted firewall, managed VPN, DDoS mitigation, and SD-WAN. He holds the responsibility to strategize the full lifecycle of ENA security products—from conception through release—to better serve the ENA growing base of primarily education, healthcare, and government clients nationwide.

Rob is a versatile management professional with a history of quality performance in challenging environments. He enjoys working across functional areas and at all levels of an organization. He dedicated the first part of his career to military service, with a focus on security, operational efficiencies, risk management, and safety of life. More recently, he shifted his career to the technology industry where he is using the same skill set to help build technology for good.

About the Moderator

Tom Ryan, Ph.D. is co-founder of K-12 Strategic Technology Advisory Group (K12STAG), which is led by public school chief information officers who understand the challenges school leaders face. He is an education professional with 40+ years of K-12. He has a Ph.D. in Curriculum and Instruction and over 16 years as a Chief Information Officer in large districts. He is engaged in leadership activities in several state and national organizations including Chairmen of the Board for the Consortium of School Networking (CoSN). He is also active in the Council of the Great City Schools (CGCS) including large school district IT reviews of infrastructure, strategic planning, instructional technology, and digital transformation efforts. He also helps coordinate of the CGCS annual CIO conferences. Dr. Ryan is a Senior Fellow for the Center of Digital Education and presents at several International, national, and state conferences throughout the year.

Join the Community

Analytics in Action is a free professional learning community on for school technology leaders, superintendents, curriculum and instructional leaders.


ENA delivers transformative technology solutions supported by exceptional customer care. We work with our customers to engineer high-capacity and future-ready connectivity, communication, cloud, security, and data analytics solutions to education institutions and libraries across the nation.