School Cybersecurity Resources

A curated list of recent information and resources to help U.S. public K-12 school leaders and policymakers navigate cybersecurity and related issues.

Know a great resource that’s missing from this list? Suggestions welcome.

K-12 Specific Cybersecurity Resources

• U.S. Department of Education. “Security Best Practices.” Privacy Technical Assistance Center (PTAC) and the Family Policy Compliance Office (FPCO).
• Consortium for School Networking (CoSN). “Cybersecurity for the Digital District, a CoSN Leadership Initiative” (Note: some resources require log-in to access; others require membership)
• Parent Coalition for Student Privacy and the Badass Teachers Association (October 2018). “Educator Toolkit for Teacher and Student Privacy: A Practical Guide for Protecting Personal Data.” [PDF]
• Utah State Board of Education (July 2, 2018). “Data Security Basics for the Classroom.” (video)
• Utah State Board of Education (July 2, 2018). “Malware Attacks on Schools.” (video)
• Utah State Board of Education (Dec 14, 2017). “Top 5 Data Security Tips for Schools.” (video)
• CERT NZ (2018). “Keeping your school network safe.” New Zealand Government.
• National School Boards Association. “2018 NSBA Cyber Risk Report: School Board Communication at Risk.” [PDF]
• Southern Regional Education Board (SREB) (2018). “10 Issues in Educational Technology: Technology Security.”
• Council of Great City Schools (Fall 2017). “Cyber-Security in Today’s K-12 Environment.” [PDF]
• Scott, James. (April 2017). “Sowing the Seeds of U.S. Cyber Talent.” Institute for Critical Infrastructure Technology (ICIT).
• Office of Education Technology (February 2017). “Security Best Practices Guideline for Districts – Version 1.1.” [PDF]. Kentucky Department of Education.
• Czuprynski, Christine N. (January 2017). “Data Security for Schools: A Legal and Policy Guide for School Boards.” [PDF]. National School Boards Association.
• Goran, Ion, “Cyber Security Risks in Public High Schools” (2017). CUNY Academic Works. (Master’s Thesis)
• National School Safety Alliance/Missouri Center for Education Safety. (March 2016). “Information Technology (IT)/Cyber Security Checklist (v1.4).” [PDF/Google Drive]
• Porterfield, Tony,  Siegl, Jim and Fitzgerald, Bill. (March 2016). “Information Security Primer for Evaluating Educational Software.” Common Sense Media.
• Kentucky Department of Education (September 2015). “Data Security and Breach Notification Best Practice Guide. Version 2.2.” [DOC]
• Kentucky Department of Education (undated). “Top Secret Information and Data Breach Awareness for Teachers 3.0.” {PDF]
• Readiness and Emergency Management for Schools (REMS) Technical Assistance (TA) Center. (undated). Cybersecurity Considerations for K-12 Schools and School Districts. [PDF]
• Readiness and Emergency Management for Schools (REMS) Technical Assistance (TA) Center. (November 2014). Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Schools.

Select K-12 Cybersecurity Audit Reports

• Office of the Inspector General (November 2018). “Office of the Chief Privacy Officer’s Processing of Family Educational Rights and Privacy Act (FERPA) Complaints.” [PDF] U.S. Department of Education.
• Division of Local Government and School Accountability (November 2018). “Finn Academy: An Elmira Charter School – Information Technology (2018M-141)” Office of the New York State Comptroller.
• Office of Missouri State Auditor (August 2018). Summary of Local Government and Court Audit Findings – Information Security Controls. [PDF]
• Office of the Inspector General (March 2018). “Protection of Personally Identifiable Information in Statewide Longitudinal Data Systems.” [PDF]. U.S. Department of Education.
• Division of Local Government and School Accountability. (February 2018). “Cairo-Durham Central School District: Information Technology. Report of Examination | 2017M-246” [PDF] Office of the New York State Comptroller.
• Division of Local Government and School Accountability (July 2017). “Security Over Critical Information Systems: State Education Department. Report 2016-S-69.” [PDF] and follow-up report, 2018-F-17 [PDF], on implementation status (November 2018). Office of the New York State Comptroller.
• Office of Inspector General. (July 2017). “Protection of Personally Identifiable Information in Indiana’s Statewide Longitudinal Data System.” [PDF]. U.S. Department of Education.
• Nicolaides, Michael. (December 2016). “NC Department of Public Instruction: Public Schools Cybersecurity Study.” NC Department of Public Instruction. [PDF]
• Galloway, Nicole. (October 2016). “Summary of Audit Findings Cyber Aware School Audits (Report No. 2016-112).” [PDF]. Office of Missouri State Auditor.
• Office of Inspector General. (September 2016). “Protection of Personally Identifiable Information in Oregon’s Statewide Longitudinal Data System.” [PDF]. U.S. Department of Education.
• Office of Inspector General. (July 2016). “Protection of Personally Identifiable Information in the Commonwealth of Virginia’s Longitudinal Data System.” [PDF]. U.S. Department of Education.
• Chavez, Justin (June 2015). “School Data Security.” [PDF]. Wyoming Department of Audit.

Other Education-Specific Cybersecurity Resources

• The Future of Privacy Forum’s FERPA|Sherpa maintains a growing list of cybersecurity resources. (Note: resources are not limited only to those targeted or applicable to U.S. K-12 schools.)

General Cybersecurity Resources

• Motherboard. (Nov 2018). How to Tell if Your Account Has Been Hacked
• Motherboard. (Nov 2018). The Motherboard Guide to Not Getting Hacked
• Purdy, Kevin. (April 2018). “The Best Internet Security: Layers of Protection, and Good Habits.” Wirecutter.
• Security Planner by the Citizen Lab
• Firefox Monitor/have i been pwned? (check to see if your accounts have been compromised in a data breach)
• Shelton, Martin. Current Digital Security Resources.
• Consumer Reports. (February 2017). 66 Ways to Protect Your Privacy Right Now.
• Surveillance Self-Defense, a project of the Electronic Frontier Foundation
• Digital Security Training Resources for Security Trainers, Winter 2017 Edition
• Quintin, Cooper and Okuda, Soraya. (January 2018). How to Assess a Vendor’s Data Security. Electronic Frontier Foundation.
• privacytools.io – encryption against global mass surveillance
• United States Computer Emergency Readiness Team (US-CERT) Cybersecurity Tips.
• European Digital Rights (EDRi). (October 2016). “Your Guide to Digital Defenders vs. Data Intruders – Privacy for kids!” (Note: designed for youth ages 10-14 years)