This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

K-12 Cybersecurity Act Aims to Improve Education's Security Posture

Without much fanfare, Congress passed and the President signed a bill in late 2021 designed to help harden K-12 schools against cyberattacks. Schools and school systems have been frequent ransomware and phishing targets for years. The new law requires the nation's cyber regulators to study the problem and issue security guidelines, training materials, and public awareness materials relating to the security issues schools face.

Why It Matters

Having the benefit of centralized guidance and training from top-level federal resources may be helpful as educational institutions upgrade their security and plan for the future. Increasingly, data breach notice laws and state privacy laws are likely to require schools -- along with private businesses -- to pay increased attention to security as a component of safeguarding private information. Because schools have proved to be a rich target for attack already, centralized review and recommendations may be critical to an overall effort to secure the operations of the schools themselves and also to ensure the confidentiality of data relating to their employees, students, and families.  

Another issue with K-12 cybersecurity is that schools tend to lack cyber awareness and training. This makes it difficult for teachers and administrators to follow best practices (let alone know about them). This is even more true in an age of remote learning. Therefore, K-12 schools can defend themselves against some of the threats discussed above by creating a security awareness training program. This program should use education modules to make people more familiar with the threats confronting them.


youth services law, insights, hill_mitzi, data security and privacy