In an increasingly digital world where schools rely on information technology for a variety of operations, school administrators face more cyber threats than ever. Despite growing challenges, schools often lack the staff, technical resources, funding, and training needed to increase cybersecurity measures to prevent and protect their infrastructure from cyberattacks. These attacks not only impact education and cause loss of learning, but have significant financial repercussions, costing schools and districts thousands and even millions of dollars.
CISA and other federal government agencies are committed to providing training, resources, and tools to help school leadership protect, mitigate, and respond to cyber threats in their schools. Check out the information below to build and enhance the cybersecurity programming within your school and district.
Start Here: Assess Your School’s Security.
CISA created a K-12 School Security Assessment Tool to allows administrators to identify what security measures and supports are currently in place at their schools with regards to physical security, equipment and technology, site and building design, personnel, policies and procedures, and training exercises and drills.
Take the free online assessment and receive recommendations on what improvements you need to make to improve safety and security within your school community here: School Security Assessment Tool (SSAT) | CISA
Strengthen School Security and Build Resilience.
Once you learn more about what cybersecurity improvements are needed in your school community, you can access a wealth of resources from several different organizations that provide information, guidance, and toolkits for K-12 schools.
The list below includes some of those resources available to you, with additional support provided in each link to increase the school security measures needed to protect from cyberattacks.
CISA Resources
- Steps for Strengthening Security and Building Cyber Resilience in Schools – Tips for schools on how to build cyber resilience through CISA resources.
- Report and Toolkit: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats – Information about K-12 school cybersecurity risks and recommendations for how to mitigate them.
- K-12 Resources to Stop Ransomware – Ransomware reference materials for K-12 school administration and IT staff.
- K-12 Anonymized Threat Response Guidance - Toolkit to help schools, law enforcement, and community partners respond to anonymous threats of violence, including those received on social media.
Department of Education Resources
- Cyber Safety Resources for K-12 Schools and School Districts – Information about identifying and responding to threats facing schools.
- Office of Educational Technology Report on Defensible & Resilient K-12 Digital Infrastructure – Cybersecurity recommendations and best practices for protecting technology infrastructure in schools.
Find Free and Low-Cost Cybersecurity Resources and Training.
After you learn more about the steps your school needs to take to increase cybersecurity measures, you may need further assistance on free and low-cost resources to supplement the activities that are within your budget. The following links provide resource hubs that include free and low-cost tools, guides, and training to enhance your cybersecurity planning.
- Free Cybersecurity Services & Tools – CISA compiled this list of free services and tools provided by private and public sector organizations across the cyber community.
- CISA Resources and DHS Grants – Available grants that provide expertise, guidance, and resources to strengthen safety and security of schools.
- Project UpSkill: Cybersecurity Training – How-to guides and modules to increase digital protection of high-risk communities, including schools.
- Training: Readiness and Emergency Management for Schools – Free Department of Education training to help K-12 schools and districts understand cybersecurity and its impact on school safety.
Learn How to Report Incidents at your School and within your District.
When cyber incidents occur, it is vital that schools report them – not only to seek help and gain resources for addressing the attack, but to prevent future attacks and protect teachers, students, and members of the community. The following resources provide strategies and guidance to increase safety reporting programs, encourage bystander reporting, and build response approaches for cybersecurity incidents.
- K-12 Bystander Reporting Toolkit – CISA and the U.S. Secret Service National Threat Assessment Center partnered to provide this toolkit to help schools report and respond to cybersecurity attacks.
- Cybersecurity and Incident Response Webinar | Protecting Student Privacy (ed.gov) – Free Department of Education training to help schools respond to cybersecurity incidents.