School Leadership Strategies for Preventing and Responding to Cyberattacks

Cyber Security: A Critical School District Priority edWebinar recording link


Blog post by Eileen Belastock based on this edWebinar

The growing concerns about security among families, school systems, and legislature increased teacher and student reliance on internet accessibility. As a result, school cybersecurity is subject to more scrutiny than ever. Yet, alarmingly, many school systems are not sufficiently aggressive in getting ahead of cybersecurity.  In a recent edWebinar, sponsored by ClassLink and co-hosted by CoSN and AASA, three district superintendents discussed the impact a district cyberattack has on school communities and strategies to mitigate future attacks. 


Liability is a concern for district leaders that continues to have broader-reaching consequences. Districts and technology leaders may be held liable for network-security incidents, and the costs of these incidents can be extremely high. As individuals, district tech leaders may be sued by families whose data was compromised by a security breach.

According to Matthew J. Miller, Superintendent of Lakota Local Schools (OH), and Dr. Michelle Reid, Superintendent of Northshore School District (WA), cyberattacks are ever changing and ever evolving. Since liability continues to have broader-reaching consequences, it makes taking care of cybersecurity much more critically important. Therefore, it is critical to have a dynamic, dedicated, passionate IT team that stays ahead of some liability issues on a 24/7/365 basis.

Dr. Hank Thiele, Superintendent of Community High School District 99 (IL) added, “As leaders, where this affects us the greatest is how do we make sure that our employees are all informed and ready to respond to these issues, because that’s the easiest way to protect ourselves…when liability shows up”

Legal Requirements

There are many federal, state, and local requirements concerning cybersecurity. As superintendents, Dr. Reid said it is their responsibility to ensure the school board and community understand the rationale for these crucial regulations and translate these technical safety requirements into practical language for staff, students, families, and communities.

Dr. Thiele noted that it is vital for district leaders to be willing learners when their educated tech staff says, “Hey, these things are important.” “Take the time to listen and understand what they’re bringing to you,” he said.

Miller added that one of the benefits of CoSN and some other edtech organizations on a more local level is they are all talking to one another, and having that network helps when some of the new legal requirements come out at a state or federal level. 

Professional Reputation

When a district experiences a cyberattack, its professional reputation is affected. As a public entity, Dr. Thiele stated public trust is critical. For example, if a district’s finance system is attacked, it can affect their bond rating and negatively impact the district’s ability to be good stewards of the community money. All agreed that while no school district is immune to a cyberattack, the community must understand how a cyberattack can happen and what steps are in place to deal with the attack.

Teaching and Learning

Cybersecurity and cyber safety impacts teaching and learning, especially in this era of digital learning. While, as Dr. Reid pointed out, school districts are experiencing the most significant opportunity to innovate, it is incumbent for superintendents to ensure that technology is safe and secure in virtual and in-person learning environments.

Both Miller and Dr. Thiele agreed that any time a cybersecurity issue happens, it gets in the way of teaching and learning. Therefore, school districts must do everything in their power to make sure that technology just blends into the background and helps, not hurts, teaching and learning. 

Student Digital Records

Dr. Reid said all of us must remember the health and safety of our students in so many ways is a top priority for all of us, and any kind of attack on student records could last far into the future. Districts go to great lengths, both due to state and federal laws, to protect student records.

The presenters highly recommended limiting staff access to student records and creating a culture where the school community identifies student digital records as the school district’s currency. In addition, districts need to set up checks and balances within their systems and ensure effective oversight of student records. 

“So just as a bank would guard money inside of their system by setting up checks and balances and making sure that people have limited access and there’s oversight to…that resource, we need to do the same thing and take student digital records as seriously as we would…anything else that’s of the utmost value of an organization,” explained Dr. Thiele.

The Threats

The top cybersecurity threats to schools outlined in the CoSN Cybersecurity Report are Phishing, Distributed Denial-of-Service (DDoS), Data Breach, Ransomware, and IoT (Internet of Things) Attacks. As increased school district functions and services are online and in the cloud, school districts are increasingly susceptible to cyberattacks. All three superintendents have experienced one or more of these attacks in their districts and have established protocols and procedures to mitigate and reduce the number of attacks.

Miller leans heavily on his IT team to stay ahead of attacks by monitoring systems 24/7 and proactively educating staff on potential risks. In addition, Dr. Reid’s IT department provides a constant regimen of professional development and teaches technology literacy in grades K-12. Dr. Thiele said that protecting students and staff from these cybersecurity threats requires collaboration with colleagues and leveraging technology communities and organizations such as CoSN to help IT teams stay ahead of cybersecurity.


Miller emphasized what makes all the difference in preventing and responding to cyberattacks is having a powerful team and strong CTO involved and engaged as a school leader with the district leadership team. Dr. Reid stated that it is critical before and after an attack to communicate honestly and transparently with the internal system, leadership team, board, teachers, students, families, and the broader community.

All presenters agreed with Dr. Thiele that quick, knee-jerk reactions are not advisable. Instead, district leaders need to take the time to follow the district’s crisis-response plan protocols. After the cyberattack, the crisis response is invaluable to assess why the attack happened and develop new protocols if necessary. “It’s always painful to go back and poke those wounds again, but it’s essential that we do that so that we protect ourselves in the future,” he said.

This edWeb broadcast was sponsored by ClassLink and co-hosted by CoSN and AASA.

Watch the Recording Listen to the Podcast

About the Presenters

Matthew Miller is Superintendent of Lakota Local Schools. He has spent the last 27 years serving Ohio communities as an educator in the roles of Superintendent (16), Director of Student Services and Instruction (1), Principal (5), and Teacher (5). Matt is actively involved in Digital Promise’s League of Innovative Schools. He was selected as one of 100 superintendents nationwide to attend and present at the #FutureReady National ConnectED Superintendents Summit at the White House. Matt is transforming Lakota through the use of open educational resources and balanced learning, along with emphasizing student and teacher voice through innovation. He completed his undergraduate coursework and master’s degree at the University of Cincinnati and was selected for Harvard Graduate School of Education’s Leadership Institute for Superintendents. Matt is grateful for his supportive family—son Mason, an aerospace engineer in Florida, and daughter Jessica, an elementary teacher in northern Cincinnati.

Dr. Michelle Reid is now serving in her 42nd year in K-12 education. She was named Superintendent of the Northshore School District in June 2016 and is former Superintendent of the South Kitsap School District. She has also served as a leadership facilitator at the University of Washington Center for Educational Leadership and the Harvard Institute for School Leadership. Dr. Reid received her doctorate in educational leadership from the University of Washington. In November 2020, Dr. Reid was named 2021 State Superintendent of the Year by the Washington Association of School Administrators. In February, she was named AASA’s 2021 National Superintendent of the Year. Dr. Reid was recognized for demonstrating the highest professional standards when it comes to leading a school district and working to build a lasting future for students and for exemplifying the important work of all superintendents to create positive pathways for students in these extraordinary times.

Dr. Hank Thiele is the superintendent for Community High School District 99 in Downers Grove, Illinois where he serves 5,000 high school students and 700 staff members in a district that has been recognized as one of the first to close the homework gap by providing computing resources and internet access to all students. In 2007, he was the first educational leader to bring Google for Education into a K-12 school setting. He leads by sharing resources and strategies related to effectively utilizing collaborative leadership through the use of cloud technology, transparent communication, and professional networking and has modeled these strategies while serving as a leader for many professional organizations at the local, state, and national levels. His doctoral research was some of the first that investigated the internet’s impact on communication, learning, and efficacy in the classroom. His favorite work comes from being a dad of two amazing kids.

About the Host

Ann McMullan is Project Director for CoSN’s EmpowerED Superintendents Initiative. Ann served as Executive Director for Educational Technology in Klein ISD near Houston, Texas until September 2013, when she and her family moved to Los Angeles, California. For 16 years Ann led the district team that provided professional development on technology and 21st century instructional strategies to 4,000 educators serving 50,000 students. She was co-chair of the Texas Education Technology Advisory Committee which developed the Texas Long Range Plan for Technology.

Today, Ann works as a public speaker, writer, and consultant focused on leadership to meet the needs of today’s students. Ann serves on the Advisory Board, ClassLink’s Senior Advisors Group, and is a founding member of ERDI’s Ed Leadership Council. She also volunteers as a leadership consultant with Executive Service Corps of Southern California, serving non-profit associations. Ann is co-author of Life Lessons in Leadership, available on

Join the Community

Super-Connected is a free professional learning community on for school superintendents, district leadership, and aspiring district leaders.

AASAAASA is the premier association for school system leaders and serves as the national voice for public education and district leadership on Capitol Hill.


CoSN CoSN (the Consortium for School Networking) is the premier professional association for school system technology leaders. CoSN provides thought leadership resources, community, best practices and advocacy tools to help leaders succeed in the digital transformation. CoSN represents over 13 million students in school districts nationwide and continues to grow as a powerful and influential voice in K-12 education.


ClassLinkClassLink empowers your students and teachers with instant access to their learning resources. ClassLink® OneClick® includes a library of over 5,000 single sign-on apps and instant links to file folders at school and on Google, Office 365, and Dropbox cloud drives. ClassLink Roster Server easily and securely delivers class rosters to any publisher using open technology standards. ClassLink Analytics gives decision makers the usage data they need. Accessible from any computer, tablet or smartphone, ClassLink is ideal for 1to1 and Bring Your Own Device (BYOD) initiatives.