Know Your Data: A Proactive Approach to Cybersecurity

Adopting a Proactive Versus Reactive Approach to Cybersecurity in K-12 Districts edLeader Panel recording screenshot

Watch the Recording Listen to the Podcast

From local to federal governments, insurance companies to funding organizations, schools and districts are subject to any number of cybersecurity regulations. But for all these, the most important aspect is being prepared. During the edLeader Panel, “Adopting a Proactive Versus Reactive Approach to Cybersecurity in K-12 Districts,” the presenters offered their insights on how to create a proactive climate by knowing everything you can about your data.

Understand what kind of data you collect

Do an inventory and make sure you know every piece of information you’re gathering and why. This includes not just students and staff but if you’re getting data from families, the community, etc. You can’t protect the data if you don’t know what you have.

Know where the data is stored

Similarly, administrators should know the lifecycle of the data. When is it collected, through what system, where is it used, where is it saved, and how long do you need to keep it? District leaders need to know how all of the systems connect through the data.

Reevaluate what data is collected and stored

Now that you know what data you have and where it’s used, ask why you have it and if it’s really necessary. The less personally identifiable information you keep about students and staff, the better.

Make everyone responsible for the data

While your IT team is in charge of the technical aspects, the entire school community needs ongoing education about cybersecurity. This includes helping parents and students understand how to be proactive at home as well as at school.

Integrate data protection into every procurement discussion

Whether the district is looking into a new school lunch payment system or an app for the music classes, IT should always be present at the meetings. Security assessments should be made before any program is considered—even before you test it.

Develop and continually update the cybersecurity plan

The plan shouldn’t live on a shelf somewhere—it needs to be constantly assessed in light of new laws, new insurance requirements, and new threats. The key, though, is not to share the details of the plan with any person or group unless they absolutely need to know.

Finally, the presenters said that districts need trusted IT partners who can help them when a problem arises—and not just someone on the help desk but a key contact who’s at your disposal. These are the people who know your systems, where the data is, and how it all connects. Moreover, they should understand how a breach could impact the different parts of your organization and help you work with law enforcement as needed.

Learn more about this edWeb broadcast, “Adopting a Proactive Versus Reactive Approach to Cybersecurity in K-12 Districts,” sponsored by ENA by Zayo

Watch the Recording Listen to the Podcast

Join the Community

CTO Tech Talks is a professional learning community where technology leaders can gather together to share and explore best practices, challenges, and successes in advancing learning with technology.

ENA by Zayo

ENA by Zayo delivers transformative connectivity, communication, cloud, cybersecurity, and technology services. Our 99% customer satisfaction rating and world class net promoter score (NPS) demonstrate our commitment to delivering exceptional customer care to education and other community institutions. For more information, please visit


Blog post by Stacey Pusey, based on this edLeader Panel