As the new school year gets underway, the nonprofit K12 Security Information Exchange (K12 SIX) released a set of guidance and best practice resources intended to help K-12 school districts and individual schools establish baseline cybersecurity standards.
The resources – named K12 SIX Essential Cybersecurity Protections: 2021-2022 School Year – were developed by K-12 IT practitioners, for K-12 IT practitioners, and are aligned to cybersecurity risk management best practices.
In a press release, K12 SIX said the recommendations are designed to defend against the most common cyber threats facing school districts, including those recently identified by the FBI and the Cybersecurity and Infrastructure Security Agency.
“School districts face an enormous challenge right now. They have undergone a digital transformation on shoestring budgets,” said K12 SIX National Director Doug Levin. “In response to the increased cybersecurity risks this has introduced, K12 SIX has developed guidance to help K12 leadership and IT teams determine where they need to spend their limited time, technology, and financial resources.”
The K12 SIX Essential Cybersecurity Protections consist of a dozen cybersecurity controls – grouped into four categories – that every school district should strive to implement. The four categories are:
- Sanitize network traffic to/from the internet;
- Safeguard student, teacher, and staff devices;
- Protect the identities of students, teachers, and staff; and
- Perform regular maintenance.
K12 SIX said that collectively, the identified protection measures “provide a holistic foundation” spanning network and device security, protection of student, teacher, and staff data, and critical maintenance tasks. The organization also noted that it worked to identify protective measures that can be “reasonably and cost-effectively implemented in most typical K-12 settings.”