• What Is Cybersecurity?

    Cybersecurity is how individuals and organizations reduce the risk of cyberattacks. Cybersecurity's core function is to protect the devices we all use, and the online services we access, at work and at home, from theft or damage.

    Congress enacted the K-12 Cybersecurity Act of 2021, which required the Cybersecurity and Infrastructure Security Agency (CISA) to report on cybersecurity risks facing elementary and secondary schools and develop recommendations that include cybersecurity guidelines designed to help schools face these risks.

    CISA has seen an increase in malicious activity with ransomware attacks against K-12 educational institutions. Malicious cyber actors are targeting school computer systems, slowing access, and rendering the systems inaccessible to basic functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.

    Cybersecurity Threats Facing K-12 Schools

    Data Breach: A data breach is a leak or spill of sensitive, protected, or confidential data from a secure to an insecure environment that are then copied, transmitted, viewed, stolen, or used in an unauthorized manner. Data breaches often occur with confidential information, such as students' records, that may be inappropriately viewed or used by an individual who should not have access to the information.

    Phishing: Phishing is the act of sending an email falsely claiming to be a legitimate organization in an attempt to deceive the recipient into divulging sensitive information (passwords, credit card numbers, or bank account information) after directing the user to visit a fake website.

    Malware: Malware is illicit software that damages or disables computers or computer systems.

    Ransomware: Ransomware is a form of malware in which perpetrators encrypt users' files, then demand the payment of a ransom for the users to regain access to their data. Ransomware is frequently delivered through phishing scams.

    K-12 Incidents

    Cybersecurity Best Practices for Schools and Districts

    Four Action Stpes




Reporting a Cybersecurity Incident

  • If you suspect a potential cybersecurity incident, dial extension 1118 or 1116. Leave a message if no one picks up, and immediately send an email to helpdesk.

    Note: Email addresses are followed by

    Comments (-1)

Best Practices