District tech leaders have different concerns about cybersecurity, and different strategies for addressing those concerns, which vary by the size of their school systems. Compared to their rural counterparts, administrators from big-city districts are more likely to say their worries about protecting their K-12 systems are on the rise鈥攁nd they鈥檙e more likely to have begun implementing formal password-management policies and measures.
That鈥檚 according to a survey conducted by the Consortium for School Networking and the 澳门跑狗论坛 Research Center of more than 300 ed-tech leaders.
Overall, 68 percent of leaders say that student-data privacy and security is a somewhat or much more important priority this year compared with last year.
That share rises to 82 percent for administrators from urban school districts. By comparison, it鈥檚 68 percent for suburban leaders and 64 percent for their rural peers.
This is not to say that student data privacy and security are unimportant to leaders from rural districts. They may have more basic concerns鈥攍ike accessing the internet in the first place. Even as the percentage of U.S. schools with WiFi skyrocketed from 30 percent to 98 percent between 2013 and 2018鈥攁ccording to data from the nonprofit EducationSuperHighway鈥攎any rural schools continue to face challenges merely getting connected.
But within the biggest K-12 systems, cybersecurity is seen as an urgent problem.
One hundred percent of leaders from large districts with more than 50,000 students report that student data privacy and security is a somewhat or much more important priority this year compared with last year. That percentage falls to 63 percent for those from small districts with fewer than 1,000 students.
Across the country, worries about cybersecurity among tech leaders from districts of all sizes have soared over the past few years, notes Keith Krueger, the chief executive officer of the Consortium for School Networking. But the challenges that rural school systems face in protecting themselves from cyber threats are especially acute, he said.
If the largest school K-12 districts are scrambling to keep up, 鈥渙ne can only imagine the challenge for small school systems with no technical staff,鈥 Krueger explained. 鈥淭he best you can do is [find out] what best practice is, implement that, and make sure your school board and your superintendent understand that these are the steps worth taking鈥攁nd that even with those best steps, bad things can happen.鈥
Shunning Password Protections
All districts face hurdles in responding to threats and in creating safeguards that are both effective and reasonably easy to manage, said Keith Bockwoldt, the chief information officer for the 4,500-student Hinsdale High School District in Illinois.
This 澳门跑狗论坛 examination of K-12 cybersecurity is the second of three special reports focused on the needs of K-12 district technology leaders, including chief technology officers. Each report in the series features exclusive results of a new, nationally representative survey of CTOs, conducted by the Consortium for School Networking, an organization representing K-12 district technology officials.
Larger systems, for instance, face more complex challenges in protecting data and training staff because of their size and getting everyone on board with their policies, said Bockwoldt, who serves on CoSN鈥檚 cybersecurity advisory committee.
鈥淭he threats are there, whatever classification you鈥檙e in,鈥 Bockwoldt said. In that sense, 鈥渆veryone is in the same boat.鈥
Concerns about student data privacy and security are not the only aspects of cybersecurity in which large and urban district leaders differ from their small and rural peers.
Large and urban leaders also approach password management differently than do their peers from smaller, rural and suburban districts.
For example, just over half (56 percent) of all K-12 leaders say their districts have formal password policies that are widely followed. Seventy-two percent of urban leaders say they have widely-followed formal password policies. That鈥檚 compared with 62 percent of suburban administrators and less than half (41 percent) of their rural counterparts. In fact, nearly 1 in 3 (29 percent) of rural leaders report that their districts do not have formal password policies although staff members are regularly encouraged to use best practices for password management.
鈥楾his Is Crazy鈥
Timothy Smith, the supervisor of instructional practice and technology integration for the Red Lion Area School District in Pennsylvania, said tech leaders in rural K-12 systems may have a harder time than their urban peers imagining that malicious actors will target their schools.
District officials in smaller districts may think, 鈥淲hy would they focus on me? Why would there be a hacker or someone who wants to dig into the data that we have?鈥 said Smith, whose district has 6,100 students.
Smaller districts are much less likely to have full time chief technology officers than larger districts, according to federal data. Because rural tech leaders are juggling so many duties, making progress on even relatively simple cybersecurity steps can be difficult, said Smith.
On-Demand Webinar: Attacking the K-12 Cybersecurity Challenge
K-12 districts face an array of threats from cyberattacks and security breaches. In this 澳门跑狗论坛 webinar, staff writer Benjamin Herold talks with guests about how district leaders can secure data and networks and insulate schools from bad actors.
Register now.
Despite those odds, his district has taken steps to tighten the security reins.
Three years ago, his school system put in place stronger protocols for password security. Smith had assumed everyone would be on board with the measure, but he still gets resistance.
鈥淚 was really surprised by that,鈥 he said. 鈥淓very 120 days, without fail, I will get one or two or three staff members who will reach out to me and say this is crazy [to change passwords].鈥
鈥楶rotect Data at All Costs鈥
The COSN/EdWeek survey found that 100 percent of large district leaders have formal, widely-followed password policies. That share falls to 43 percent for administrators from small districts.
In addition to examining formal password policies, the survey also asked leaders if their districts had implemented 13 different types of security measures related to passwords, including requiring passwords to be of minimal complexity and/or length (84 percent); prohibiting password sharing (73 percent) and locking accounts after a specified number of unsuccessful log-in attempts (62 percent). Urban leaders are more likely than their rural or suburban peers to have implemented 11 of the 13 measures. For example, 96 percent of urban leaders say they require minimum lengths and levels of complexity for passwords, compared with 86 percent of suburban respondents and 76 percent from rural areas.
Similarly, 87 percent of urban respondents said their districts prohibit password sharing, compared with 78 percent of suburban leaders and 66 percent of their rural counterparts.
Leaders from larger districts are also more likely than those from the smallest districts to report that they had implemented the 13 security measures.
For many districts, no matter what their size, effective cybersecurity means thinking differently about the obligations they have to protect students, said Smith.
Just as schools establish physical barriers to make sure access to their campuses are controlled, he argued, 鈥渨e need to be the beacon that will protect data at all costs.鈥
