Watch the RecordingListen to the Podcast

This edLeader Panel is presented by CoSN and AASA
Sponsored by ClassLink

1,000 attempted cyber attacks on their school district per hour—that’s the number one district leader gave during the edLeader Panel “Cybersecurity Priorities, Policies, and Practices for K-12 Leaders.” But they also noted that with their district’s cybersecurity policies and procedures, those attacks don’t get very far. During the panel, three leading superintendents, along with CoSN’s Cybersecurity Project Director, discussed essential cybersecurity strategies and why it should be a priority for every district.

Make your insurance company your ally.

Whether you are part of a consortium or have your own coverage, cybersecurity insurance is a must. Criminals are evolving too quickly to assume that any safeguards are 100% effective, and insurance can help pay ransoms, recover data, and protect administrators. Insurance representatives can play an even greater role, though. Many insurance companies will work with districts to educate their staff, and they are a fantastic resource for learning about new threats and responses.

Moreover, in order to get the insurance, districts often have to improve their protocols, like adding multi-factor authentication, and the insurance companies will continue to audit the schools to make sure they are up to date.

Name cybersecurity as part of everyone’s job responsibilities.

Of course, staff members will have different levels of impact on protecting school systems, but there should be no question that they have to stay educated and institute best practices. While everyone needs to learn about phishing, for example, school and district leaders should have additional learning that includes understanding and making sure they are complying with regulations.

Understand the potential impact of every piece of technology in your school, as well as the contracts surrounding them.

Although schools have become stricter with cybersecurity requirements in every piece of educational technology, continuous review, especially as technology changes, is essential. For instance, the team for one panelist found that, upon further review, their LMS had a backdoor into their system, which could result in a serious breach.

However, apps and formal computer systems aren’t the only areas that could pose issues. As the panelists noted, if a machine plugs into the school and has any internet or Wi-Fi functionality, it could provide an opening for someone to exploit the school’s systems.

Prioritize communication.

Tell your community about your policies, how you train students and staff, and what preparations you have made. Instill confidence in your community before something happens, and if it does, communicate with them about the event immediately. Be the lead source of information, no matter how difficult it is to share. In addition, make sure you are sharing wins and celebrating your staff and their work.

Provide ongoing training.

Don’t assume that because a teacher had a phishing lesson once, they know how to identify a scam. According to a 2025 report from The Center for Internet Security, in partnership with CoSN, “human-targeted threats exceed other techniques by 45%.” Your staff and students are your first line of protection, and students should start these lessons in kindergarten. In addition, the panelists advocated for cybersecurity incident practice. Just like schools have fire drills, staff should rehearse what they will do in case of a breach.

Network.

Talk to other school and district leaders, share best practices, and join organizations—like CoSN and AASA—that offer resources and training programs specific to education. Supporting and learning from the education community will bolster your own school’s and district’s knowledge base and keep you informed about new developments.

Invest.

Invest in your people, your systems, and your training. Make cybersecurity a named budget item, and don’t compromise. Most importantly, make sure the budget reflects the real cost of protecting your students and staff.

Finally, the panelists said to bring the IT department to the forefront. Too often, IT staff are relegated to their own spaces and are seldom invited to be a regular part of the discussion. However, these are the people who can save you, and they deserve to be recognized.

Learn more about this edWeb broadcast, Cybersecurity Priorities, Policies, and Practices for K-12 Leaders, presented by CoSN and AASA, and sponsored by ClassLink.

Watch the RecordingListen to the Podcast

Join the Community

Super-Connected is a free professional learning community for school superintendents, district leadership, and aspiring district leaders.

AASA is the premier association for school system leaders and serves as the national voice for public education and district leadership on Capitol Hill.

CoSN (the Consortium for School Networking) is the premier professional association for school system technology leaders. CoSN provides thought leadership resources, community, best practices and advocacy tools to help leaders succeed in the digital transformation. CoSN represents over 13 million students in school districts nationwide and continues to grow as a powerful and influential voice in K-12 education.

ClassLink is a global education provider of identity and analytics products that create more time for learning and help schools better understand digital engagement. As leading advocates for open data standards, we offer instant access to apps and files with single sign-on, streamline class rostering, automate account provisioning, and provide actionable analytics. ClassLink empowers 19 million students and staff in over 2,500 school systems. Visit classlink.com to learn more.

Article by Stacey Pusey, based on this edLeader Panel