IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Experts Say Schools Need 'Fire Drills' for Cyber Attacks

A June 26 panel at the ISTELive 23 conference in Philadelphia said schools should have, and practice, a plan for what to do immediately after a cyber attack, who to contact and what the next remediation steps are.

cybersecurity plan with sticky notes
(TNS) — Schools' use of digital tools has taken off in recent years, making them more likely to be the target of increasingly sophisticated cyber attacks.

The problem is, many K-12 technology leaders don't feel adequately prepared to defend their networks.

That is the case even though cyber attacks can cause major disruptions to teaching and learning, and to administrative functions in a school district. The attacks can also put sensitive data about students and employees at risk.

In a June 26 panel discussion that I moderated at the International Society for Technology in Education conference, three experts discussed what district leaders can do to ensure they are prepared for cyber attacks and that students and staff are using digital tools safely.

The panelists were Mohit Gupta, the manager of products for the digital learning platform Clever; Elizabeth Hoover, the chief technology officer for the Alexandria City Public Schools in Virginia; and Merve Lapus, the vice president of education outreach for Common Sense, a nonprofit that promotes the development of digital and media literacy skills.


Because more and more districts are the targets of cyber attacks, it's important for district leaders to be prepared for that possibility.

Even districts that have all the guardrails in place could still get targeted, Gupta said, so what's important is "making sure that we are planning for what happens when things don't go right."

Some questions that district technology leaders should think about include:

  • What do you do immediately?

  • Whom do you contact?

  • What are the possible remediation steps?

And then, cybersecurity plans need to be practiced "like fire drills," Gupta said. "If you're never acting on a plan, and it's only this document sitting in one place, the moment you need it, nobody is going to be able to find it or know what to do with it."

For example, the Alexandria, Va., school district has a cyber incident response team. The team members come from different positions within the district and are not cybersecurity experts, but they're the people who know what to do in the event of a cyber attack, Hoover said. They're the ones who know whom to call for help — cybersecurity insurance and lawyers, for example — when an attack happens.


Cyber criminals are already using artificial-intelligence-powered tools more than ever before, Gupta said. So how should schools use these tools?

"I hope we have a culture that when new technology comes in, we explore it and examine it, and understand it and how it can be used," Hoover said.

Her district is already discussing how to approach these emerging technologies, how to secure the data those tools are collecting, and how to engage the community in the process.

Lapus agreed that schools need to be "thoughtful, but not necessarily be fearful" about these emerging technologies.

What's important for educators to understand is where the AI tools are getting their information from and what the possible biases are behind that information.

"For schools, the depth and breadth of technology when it's no longer a choice and everybody gets to use it is a huge reason why cybersecurity has suddenly become so important," Gupta said. "We have to like catch up really fast and train everybody in a world where the value of the data is extremely high, which means that the attackers are much more motivated and have much more resources to get that data out."

©2023 Education Week (Bethesda, Md.). Distributed by Tribune Content Agency, LLC.