Cyberattacks on local school districts are becoming more prevalent each year. Recently, Butte School District was duped out $1.1 million in a clever social engineering scheme, which involved a cybercriminal posing as the district’s go-to contractor and taking advantage of now former direct deposit payment policies. Butte is not alone here, though, because according to a report published by the Cybersecurity and Infrastructure Security Agency (CISA), 55% of school data breaches between 2016 and 2021 involved school vendors.

Luckily, CISA has a few recommendations school district officials can use to fight back as well. As compiled by American City & County, school district officials are encouraged to invest in the most impactful cybersecurity measures they can afford, recognize and address resource restraints, and prioritize collaboration and information sharing.

Invest in Impactful Cybersecurity Measures

K-12 school districts are struggling when it comes to spare revenue, but these sorts of investments can go a long way in drastically minimizing security risks. Multi-factor authentication makes it harder for bad actors to leverage commandeered passwords and user information after a data breach. Or in the event of a malware attack, establishing and testing backup protocols can get everyone back up and running after getting locked out of their workstations. Additionally, it is paramount to set long- and short-term goals pertaining to creating incident response plans and implementing cybersecurity training for district employees.

Recognize and Address Resource Restraints

CISA recommends cash-strapped school districts work with state planning committees to receive additional funds through the State and Local Cybersecurity Grant Program (SLCGP). Moreover, school districts should be identifying free or low-cost services and asking more from technology providers when it comes to security features that should be standard, such as limiting security access to administrators and strong, scalable user security options out of the box.

Prioritize Collaboration and Information Sharing

While this may sound counterintuitive, CISA recommends school districts participate in internet sharing forums and working with other information-sharing organizations. Additionally, school districts are welcome to build rapport with their regional CISA office and local FBI field office. The goal is to establish open lines of communication between local district officials and federal cybersecurity experts to stay in-the-loop on evolving security risks, facilitate better access to government assistance, and improve response time when incidents do occur.

When it comes to K-12 schools, cybersecurity is no joke. But there are plenty of tools available to help school districts of all shapes and sizes. For more information, be sure to check out the official CISA website to see what is feasible for your school district.