What Biden’s cybersecurity law means for K12 schools

On October 8th, US President Joe Biden signed the K-12 Cybersecurity Act into law. Since 2018, 3,880 schools, including colleges and universities, have been victims of ransomware attacks, costing them extensive labor in mitigating the threat of billions of dollars in paying the ransom. This legislation enables the CISA to study cybersecurity risks within secondary institutions and provide them with the tools and guidance they require to secure their digital infrastructures and SIS. 

A year from now, schools will benefit from the results of the CISA’s study but, until then, this measure heavily impacts their next technical steps. What does this law really mean for the current security practices within the education industry? We can expect to see the following:

Continued expansion of access to technology

The COVID-19 pandemic exacerbated issues in tech-equity and access as schools scrambled to keep teaching and learning going under remote and hybrid models. In the last two years, more teachers and students have been equipped with devices than ever before. Subsequently, in 2020 alone, there were 1,740 academic institutions that experienced ransomware attacks as cybercriminals took advantage of this influx of users and sought to hold sensitive information hostage. 

Now that we are seeking a form of normalcy by returning to classrooms, some schools are diverting back to non-digital processes in an effort to avoid the security challenges they can’t seem to handle. However, others are expecting higher quality teaching and learning from their previous investment in 1:1 computing. The K-12 Cybersecurity Law demonstrates that the government has similar predictions that technology in the classroom will become the new normal. Over the next year, schools will be working to integrate technology in a safer and purposeful manner rather than out of desperation. Cybersecurity threats will likely intensify as a result and schools will face a barrage or ransomware attacks.

Maintenance and ramp-up of current cybersecurity strategies

Students are steadily becoming more vulnerable to cybersecurity risks, particularly identity theft. It is a higher “ROI” for cybercriminals to obtain social security numbers and date of births while victims are young so they can participate in fraudulent activities without immediately raising red flags or to use it as leverage for an attack years down the road. 

While the CISA conducts their study on the threats that seek to breach school firewalls, the education industry can expect cybersecurity risks to increase from the 29% spike noted this past July. It is going to be about a year, maybe more, before schools have something tangible from the CISA to improve their cybersecurity strategies. In the meantime, technical teams are going to be forced to maintain and bolster their security game plans with measures like antivirus software, content filters, data loss prevention backups, whitelisting, and security awareness training.

Increase in the need for qualified technical staff

Unfortunately, another reason for the rise of cybersecurity threats within the education industry is the limited resources schools often have. Long before we were hit with the COVID-19 pandemic, there was a progressing labor shortage in teachers. The country will have seen the exit of over 270,000 teachers by 2026. Now that more academic institutions have expanded their repository of technology, they are also heavily feeling the weight of not having enough technical staff to manage it. Even after we see the CISA collateral, schools will need knowledgeable employees to implement those recommendations and there likely won’t be many.

In addition, cybersecurity defenses can be expensive and school budgets aren’t very flexible, nor can they afford to pay the possible federal penalties for failing to apply those coming security precautions. As the battle for more education funding continues, with no clear end in sight, schools that cannot invest in a quality IT department will be seeking technology that extends the capacity and ability of their lean team. Education consultancies generally provide affordable, high-level protections that save technical staff time and can guide schools in the execution of the CISA’s cybersecurity plans. 

As the education industry cements the era of the digital classroom, cybersecurity risks, like ransomware, will continue to be one of the most pressing challenges schools face. The K-12 Cybersecurity Law is a groundbreaking first step, but the reality is that it does not offer immediate relief to these threats and it highlights other factors that encompass the issue: access to technology, present security measures, education funding, and the labor shortage. On a positive note, until the CISA releases their findings there are a series of steps secondary institutions can take to strengthen their infrastructure’s cybersecurity. 

For questions about your school’s cybersecurity strategy, contact our experts at Amplified IT to learn more about our security detection, prevention, and mitigation offerings.

  • Jada Dawson
    Marketing Copywriter

  • About the Author:

    Jada joined Amplified IT in 2021 after 4 years of working as a high school English teacher in a Maryland public school system, and 7 years as a freelance copywriter, content writer, and editor. As the Marketing Copywriter, she is passionate about strategically using words to reach our clients and connect them to the benefit of our services for their classrooms and communities. When she is not writing or managing content, Jada can be found painting her next masterpiece, brushing up on her French language skills, traveling with her family, and teaching Sunday school at her church. She is an avid bubble tea drinker, and loves french fries.