January 2020

Cybersecurity: Understanding the Threats and Risks

From the Director

Welcome to the January issue of the NSBA Center for Safe School’s Quarterly Newsletter, a benefit of your subscription. Each issue will feature one of our focus areas: infrastructure, crisis and emergency management, whole child health, or cybersecurity. This issue’s focus is cybersecurity, and we are examining the subject of understanding current cybersecurity risks and threats. 

As we continue to become ever more reliant on technology, the risks associated with this dependence are growing at an even greater rate. The current reality is that every business and organization faces risks from cyberattacks, and our K-12 schools are no exception. The rapid pace of technological change brings new challenges in identifying threats, protecting personal information, and promoting the positive and responsible use of technology by staff and students. Unfortunately, schools tend to be attractive targets for cyberattacks as their databases often contain highly sensitive information. Regrettably, however, some districts are not aware of, nor prepared to handle, potential risks and threats.

Our goal is to help by providing critical information that districts can use to become informed and prepared to combat cybersecurity risks. 

NSBA has begun addressing these concerns with publications such as:

We hope the articles and resources in this issue help deepen your understanding of cybersecurity and, most importantly, provide tools for preparation to protect and respond should you ever experience a cyberattack.

Please do not hesitate to contact us with questions and comments using the online discussion group. Remember, this is your forum to engage other subscribers from around the country. You may email us at, and don’t forget to visit NSBA’s Center for Safe Schools for new and unique resources and discussions.

Future issues of this newsletter will be published in April, July, and October.

Thank you for your continued interest and commitment to help foster safe schools for all our students and district employees.

Adam Lustig
Director, NSBA Center for Safe Schools


February 2022
Returning Stronger: Student Reengagement Through and Beyond the Pandemic

May 2021
Supporting the Mental Health of Students and Staff Through the Pandemic and Beyond

January 2021
Rethinking The Role of The School Resource Officer

October 2020
The Value of Sports and Performance Programs: Understanding the Benefits and Prioritizing Programs Through a Pandemic

July 2020
Prevention and Intervention: An Understanding of Behavioral Threat Assessments

May 2020
The COVID-19 Pandemic: Lessons Learned

January 2020
Cybersecurity: Understanding the Threats and Risks

October 2019
Rethinking Bullying Prevention

Featured Articles


How School Districts Have Become Major Targets for Cyber Hackers

By Dottie Schindlinger

School districts have become major targets for cyber hackers throughout the U.S. Ransom demands include districts being scammed out of millions of dollars, school computer systems compromised, and/or student information stolen and then sold to identity thieves. These are a few of the threats districts are facing.

Read More


Reading, Writing, Arithmetic, and Now Risk

By Shaun Wiggins

The three ‘R’s -- reading, writing, and arithmetic -- are universally considered cornerstones to a sound education. Yet, it is difficult for schools to teach the three in today’s environment while hackers continuously seek to disrupt operations. Today, schools must now adopt a fourth “R” – risk.

Read More

National Statistics

Since 2016, there have been:

  • 743 publicly disclosed cybersecurity-related incidents involving U.S. public schools.
  • 63 U.S. public school districts that have experienced more than one cybersecurity incident .
  • 269 TV (video) news reports covering K-12 cybersecurity incidents curated by the K-12 Cybersecurity Resource Center.
  • 160 publicly disclosed security incidents in K-12 during the summer months of 2019, exceeding the total number of incidents reported in 2018 by 30%.
  • 49 school districts have been hit by ransomware attacks so far this year. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations.
  • 42% of K-12 organizations have staff and students regularly bypass security endpoint controls using web proxies and rogue VPN apps, inadvertently creating gateways for malicious outsiders to breach their schools’ networks.
  • K-12 IT leaders face the daunting challenge of having to secure on average 11 device types, 258 unique operating systems versions, and over 6,400 unique Chrome OS extensions.

Data Sources:

Additional Cybersecurity Resources

NSBA and BoardDocs K-12 Cybersecurity Webinar Series:

NSBA Legal Policy Guide for School Boards: Data Security for Schools
A guide for school boards to help prevent data breaches and mitigate their effects through strong data security practices. 

2018 NSBA Cyber Risk Report: School Board Communication at Risk
A summary of the 2017 NSBA nationwide survey assessing the current state of cybersecurity among America’s school districts.

U.S. Department of Education: Security Best Practices
Best practice resources related to data security issues designed to help education stakeholders, such as state and local educational agencies, the postsecondary community, and other parties responsible for safeguarding student records, improving the protection of student records in their care.

Stay Safe Online
National Cyber Security Alliance works to build strong public and private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online and encourage a culture of cybersecurity. 

The K-12 Cybersecurity Resource Center
A comprehensive resources center providing news and resources on K-12 cybersecurity.

The State of K-12 Cybersecurity Year in Review: 2018
A first-of-its-kind report on cyber incidents affecting U.S. public elementary and secondary (K-12) education institutions during 2018.

Cybersecurity and Education: The State of the Digital District in 2020
The researchers analyzed 1.2 billion data points. The study is highly recommended by Forbes as it provides “fascinating insights” and focuses on the state of security, staff, and student safety, and endpoint device health in K-12 organizations. It should be noted that the data are about K-12 organizations, including public schools and school district offices.

The U.S. Department of Education’s Federal Information Security Modernization Act of 2014 Report: For Fiscal Year 2019
A report outlining whether the U.S. Department of Education’s and Federal Student Aid’s overall information technology security programs and practices were effective as they relate to federal information security requirements.

The K-12 Cyber Incident Map

k12 Cyber Security Map

View the Map

Primary Incident Types of K-12 Cyber Incidents in 2018

Chart "Primary Incident Types of K-12 Cyber Incidents in 2018"