Key points:

• Explosive app growth has outpaced security oversights
• K-12 cyberattacks threaten data–and students
• How schools can fight growing ransomware attacks
• For more on cybersecurity, visit eSN’s IT Leadership hub

In May 2024, Microsoft identified a critical vulnerability pattern targeting Android applications, ominously called “Dirty Stream.” This vulnerability allows malicious apps to overwrite files, potentially leading to arbitrary code execution, token theft, and data manipulation. Among the apps affected were WPS Office and File Manager, both commonly used for document handling in educational settings.

Although no major exploitations have been publicly linked to the Dirty Stream vulnerability within educational institutions, the incident underscores that hackers do not discriminate when choosing victims. Instead, they prioritize industries that are data-rich and resource-poor.

With over 3.3 million apps on the Google Play Store, Android dominates the digital classroom revolution, holding a substantial 68.7 percent share of the mobile edtech market. Notably, the K-12 segment is the largest consumer of Android-based mobile learning apps.

But with such proliferation, the industry is now confronting a more sobering reality: its explosive app growth has outpaced security oversights. Excessive app sprawl, inconsistent vetting, and shared libraries with inherited vulnerabilities–the ground is ripe for exploitation.

Chaos in classrooms: Edtech’s Android problems

Tagged by the U.S. as one of the 16 critical infrastructure sectors, the edtech sector has become a hotbed for hacktivists. These hallowed halls of knowledge host sellable information, from Social Security numbers and medical histories to mental health records and bus routes on outdated systems, making them tempting targets for attackers. To make matters worse, the growing connected device networks and remote learning opportunities further exacerbate these vulnerabilities.

At the heart of this growing vulnerability, the very features that fuel Android’s supremacy have also been leading to its downfall. For instance, while the platform’s accessibility and flexibility have made Android the platform of choice for educational apps, its open-source structure allows developers to build upon shared libraries and frameworks, many of which have inherent vulnerabilities. When a vulnerability is discovered in a commonly used component, hackers can compromise numerous apps simultaneously, turning the educational network into a fragile house of cards. Moreover, with Android’s massive user base dwarfing iOS, cybercriminals are incentivized to create malware targeting Android apps, amplifying the risk.

Amidst this growing chaos, admins cannot afford to take a break. While summer breaks may offer a pause for students and staff, they often mark a hacker activity surge. As IT teams tend to enter a brief hibernation period, cybercriminals ramp up their work, meticulously “homeworking” their way into educational systems.

Today, threat actors employ stealthy, persistent strategies, planting themselves deep within the network and remaining undetected for extended periods, sometimes months, before launching attacks. This dwell time allows them to harvest intelligence, determine high-value assets, and meticulously plan their next move, making their attacks far more destructive. The longer they stay hidden, the harder it becomes to detect, contain, and neutralize the threat.

Decluttering the digital campus with smarter app management

First things first, educational institutions need a game plan–a robust and well-defined incident response plan (IRP). This cybersecurity playbook should clearly outline each phase, from detection and analysis to containment, eradication, and recovery. By implementing a comprehensive IRP, schools can not only minimize the impact of cyberattacks but also enhance their long-term cybersecurity posture.

Now, to tackle the app jungle, you will need dig into your app catalog and ask: What’s essential? Where are they installed? What data do they collect, and how is it handled? A little investigation goes a long way in helping you make informed decisions.  

Once you’ve segregated between the must-haves and the unnecessary, it’s time to lock things down. For institutions with a constricted budget, mobile application management (MAM) tools can be a good start. However, if you are looking for a more scalable and centralized approach, unified endpoint management (UEM) solutions are the way to go. These platforms give IT admins a bird’s-eye view of all apps deployed across devices, making it easier to enforce blocklist policies, manage installations, and create custom app catalogues based on user roles.

When students own the device in question, the situation gets a little trickier. With personal devices, finding the right balance between protecting a student’s privacy and securing data is crucial. Via containerization, admins can create a virtual boundary between school and personal apps, protecting sensitive data without overstepping on privacy.

Of course, digital learning also depends heavily on internet access. However, open access can lead to unsafe browsing. Therefore, institutions must also consider tools like web filtering to block such sites.

Finally, comprehensive device management is a must. This involves enforcing strong security policies like mandatory encryption, password protection, and remote wipe options to ensure that educational data remains safe, even if a device is stolen or compromised.

Cybersecure classrooms with patching and beyond

According to the State of Ransomware 2024 report, nearly one-third of cyberattacks begin with an unpatched vulnerability–a striking reminder of how critical timely updates are. While both Microsoft and Google offered tips to developers on how to avoid being victim to threats like Dirty Stream, end users are often left with one simple but vital action: keeping their apps up to date and sticking to trusted sources when installing them.

Google’s actions in March 2025 alone underscored the urgency of proactive patching. It addressed 43 vulnerabilities affecting Android devices, including two already being exploited in the wild. As the window between identifying and exploiting a vulnerability narrows, educational institutions need to come terms with good patch management habits. This means establishing alerts and working towards regular device audits, patch testing, and rollback strategies.

For schools running on lean IT teams, device management solutions offer much-needed relief. These tools enable the automation of patch deployment, giving IT teams more control through patch scheduling. Because updates don’t always go off without a hitch, UEM solutions also offer admins the ability to delay rollout and validate its stability. This is especially useful when managing many devices across multiple locations, where manual updates would be nearly impossible.

Of course, deploying endpoint management solutions or embracing zero-trust principles can be a costly affair. However, these investments can become financially rewarding with the right support from policymakers and school districts. Encouragingly, there is already a head start. In 2024, the Government Coordinating Council (GCC) for the Education Facilities Subsector was established–an initiative uniting federal, state, and local governments to provide schools with necessary counsel and resources for strengthening their cyber resilience.

Ultimately, safeguarding student data and securing the digital future of education is not a solo effort–it’s a joint venture. Our ultimate assignment is to create cyber-secure classrooms for future learners.

This story was originally published by Chalkbeat. Sign up for their newsletters at ckbe.at/newsletters.

When Adrienne Staten’s fellow teachers first started talking about using artificial intelligence tools in their classrooms, Staten was not on board.

“AI was scary to me,” said Staten, who’s been a Philadelphia educator for 27 years. “It was like some ‘I, Robot,’ they’re going to take over the world kind of stuff.”

Staten teaches English at Northeast High School, the city’s largest high school, where many of her students have learning disabilities, are dealing with trauma and mental health challenges, or are learning English. She said she didn’t think incorporating a new technology into her lesson plans would help much.

Then, about three years ago, a colleague wrote Staten a poem using an AI chatbot. That completely blew her mind, she said. From there, Staten decided she had to learn more about generative AI, how it works, how she could use it as a teaching tool, and how to inform students about the pitfalls, biases, and privacy dangers of the emerging technology.

AI companies have made grand promises to teachers and school leaders in recent years: Their product will personalize student learning, automate tedious tasks, and in extreme cases, transform the role of teachers altogether. But experts have also raised ethical concerns about how student data is used (and misused) by AI companies, how students can use AI for cheating and plagiarism, the erosion of critical thinking skills, and the spread of misinformation.

Philly school officials say they’re grappling with these questions, while also asserting that the district is leading the way on AI through a professional development program that begins this year. The district has established detailed guidelines and procedures for using AI that attempts to protect student data privacy. But those policies haven’t stopped the district from rethinking certain tasks, like the way teachers design assessments and judge skills such as writing.

As the technology becomes more advanced and embedded within peoples’ lives, teachers like Staten want more support and guidance about it. That means the district must respond and evolve quickly. They also want to guard against how previous technological innovations affected schools and students.

“Everyone seems to have forgotten all of the lessons learned from the social media era,” said Andrew Paul Speese, deputy chief information security officer for the district. “If this tool is free, you are the product.”

How Philadelphia schools are experimenting with AI

When ChatGPT became popular a few years ago, Staten said, “I think we all as teachers were uncomfortable.” Their first thought was that students would use it to cheat, she said.

But what she found is that some of her students were “petrified of it.”

“They don’t understand how it works. They don’t get the idea that just because it spits something out, it doesn’t mean you have to use it,” she said.

Staten can relate. Her early days of teaching involved a lot of printed paper, textbooks, and handwriting. When the district gave teachers “brand-new, shiny computers,” they sat unused in her classroom. She said she was not a particularly tech-savvy person — until COVID.

Now, every student has a Google Chromebook laptop, and the access to technology has transformed how Staten thinks about lesson planning. Being able to do their own research gives all of her students ownership of the lesson, and it’s changed how they respond to activities, Staten said.

Her students who are English learners have found using AI helps them feel more comfortable with their writing and grammar while also giving Staten an opportunity to talk about tone and voice in their writing.

The AI will “spit something out,” and then it’s a conversation starter with that student to determine “is that really you? Does that sound like you? Do you know what this word means?”

Ultimately, Staten said she wants her students to learn how to use machines as a tool to help them locate their humanity within their own writing.

In general, that’s the sort of attitude the Philly school district wants to cultivate. But the district has also prioritized being very clear about what the policies are for acceptable use of AI that guide that enthusiasm, said Fran Newberg, deputy chief in the district’s office of educational technology.

Since November, the district has been training teachers to work with two approved generative AI tools: Google’s Gemini chatbot (which is available for high school students and staff) and Adobe’s Express Firefly image generator (available for all K-12 students).

Both of those programs are examples of generative AI, which includes any tools that draw on a dataset to create new work, such as large language model chatbots like ChatGPT, or programs that produce images, music, or video.

The district’s guidelines for generative AI provide broad resources for some of the most frequently asked questions about academic integrity, verifying information produced by an AI tool, and some examples of how AI could be used in the classroom.

Above all, the district’s guidelines say educators must require students to disclose their use of AI and use citations where applicable.

Balancing passion with appropriate limits can yield encouraging results. At one district school, Newberg said elementary students wrote detailed descriptions of their own imaginary mythological bird creatures. Then, they drew pictures of what they thought their bird would look like. At the end of the project they plugged their descriptions into Firefly.

She said those students looked on in wonder as their drawings and paragraphs were brought to life.

School leaders worry about student data privacy, safety

The district’s approach to AI policy has provided a foundation for what some experts hope will guide national efforts to use AI in education.

Starting this month and next, the district is rolling out a new professional development program called Pioneering AI in School Systems, or PASS. Developed in conjunction with the University of Pennsylvania, PASS provides three tiers of professional development involving AI — one for administrators, one for school leaders, and one for educators.

Michael Golden, vice dean of innovative programs and partnerships at Catalyst @ Penn Graduate School of Education, said by the fall of this year he and his colleagues hope to make PASS available to any school district in the country and across the globe.

“We’re building on the prowess and expertise in Philadelphia to create something that’s scalable and usable in many different contexts,” Golden said.

The district’s enthusiasm for and caution about AI are part of what made Philly an attractive option for the professional development program. But in some ways, the district was pushed to embrace the technology.

Speese, the district’s deputy chief information security officer, said two things happened that forced the district to take AI seriously.

First, in August 2023, an influx of Philadelphia teachers asked for support and information about generative AI just as New York’s school chief made a decision to block ChatGPT citing “negative impacts on student learning, and concerns regarding the safety and accuracy of content.”

Then, Microsoft made its AI assistant, called Copilot, a mandatory part of their software.

Philadelphia has been a Google-centric district. But Speese said he knew if Microsoft was mandating AI in its software, he suspected Google would soon follow. If district officials banned AI tools altogether, it could completely cripple student computers, email servers, and other systems. A blanket ban could also push some students and teachers towards untested models, putting themselves and their schools at risk.

“Obviously, even if we tried to block it, people are going to be using it on their mobile phones so how do we enable you to use these tools in a way that makes sense within our environment?” Speese said.

So district officials set about changing contracts to include language about safe data collection, privacy, and data storage.

The contract language stipulates the data a student feeds into the tools and the output those tools generate must be “housed exclusively in the United States,” can’t be sold or shared without permission, and that vendors won’t use the data to train their AI models.

“Parents have a right to feel that we are doing everything we can to protect their children’s digital footprint,” said Newberg, the deputy chief for education technology.

AI companies have run afoul of other state’s laws and other school district’s rules. One whistleblower told Los Angeles school officials that the AI tool their district adopted was misusing student records and left sensitive student information open to potential hackers.

Newberg drew a connection between AI and the reaction to the rise of social media. She said district leaders initially brushed off social media as a tangential development. But then social media started impacting students’ mental health, increased cyberbullying, and broadcast photos and sensitive student data to the world.

“We want our students to start having agency and start being skeptical,” Newberg said. “We were not as smart with social media.”

But new, free, and experimental AI tools pop up every day. It’s hard for guidelines and rules to keep up.

For teachers like Staten, educating her students about the biases embedded in these systems, how to protect their privacy, how to see through misinformation, and recognize when a fact is actually an AI-generated hallucination, is paramount. And that’s what keeps her up at night.

“I just want to know that I gave them all the equipment and tools that they need to be okay out there,” Staten said. “It’s a process. I realize that it’s going to take some time.”

Chalkbeat is a nonprofit news site covering educational change in public schools.

For more news on AI in education, visit eSN’s Digital Learning hub.

Key points:

• Every privacy program needs leadership to champion the work
• Is your district safeguarding student data?
• Protecting our students: The urgency of securing education data
• For more news on data privacy, visit eSN’s IT Leadership hub

In the year 2025, no one should have to be convinced that protecting data privacy matters. For education institutions, it’s really that simple of a priority–and that complicated.

Despite the passage of over 130 state student data privacy laws, headlines about data breaches in school districts remain alarmingly common. The stakes have never been higher–and strong, top-down leadership is needed to ensure institutions understand the complex landscape and effectively protect student data.

Protecting student data privacy is top of mind for so many who are involved with and invested in the education sector–especially in an increasingly digital learning environment. Yet, for all the concern over how to best safeguard student data, there has been little examination of just what school districts are actually doing to protect student data privacy–or what types of support they need to be more successful.

Certainly, we know that data breaches in education are a pressing issue, and over time, we’ve started to better understand what districts need to help shore up their security efforts. But what about the many other factors involved in protecting student data, like the decisions districts make about what student data to collect, how to use it, how to handle it, who to share it with and how long to keep it?

For the first time, with the CoSN 2025 National Student Data Privacy Report, we have real insights into how school districts across the country are addressing their student data privacy requirements. You might be surprised by the results.

For many years, the education community–including school districts, parents, legislators, and the variety of organizations developing resources to support district privacy work–has had a concerted focus on privacy concerns related to school districts sharing student data with technology vendors. That’s absolutely important, and it should continue, but it’s also woefully inadequate.

As district edtech leaders from across the country have told us, their top concern when it comes to protecting student data privacy is effectively managing employee behavior. Challenges include being unable to 1. enforce employee-facing privacy policies; 2. mandate privacy training for staff; 3. control the influx of free and low-cost technologies into the classroom; and 4. simply not having sufficient privacy and security policies to serve as a basic foundation for student data privacy and security programs.

Thankfully, building momentum to improve student data privacy programs takes just one key ingredient: leadership.

The report’s findings reveal that student data privacy requires greater attention from leaders in state education agencies, school boards and superintendent roles. Notably, nearly 90 percent of edtech leaders say they are responsible for their school district’s student data privacy programs and rank data privacy as one of their top two priorities. Yet, 17 percent say they have never received any relevant data privacy training–and 73 percent say data privacy is not included in their job description. Moreover, 20 percent noted that lack of support from their superintendent was a barrier to improving their district’s student data privacy program.

Every privacy program in every organization needs leadership to champion the work, highlight its importance to the organization, and lead by example. In the education sector, superintendents can clear pathways for edtech leaders to improve their student data privacy program by breaking down organizational silos, clearing pathways for mandatory privacy training and technology vetting programs, enforcing policies, and partnering with their technology teams to develop new privacy and security policies.

When leadership is clear on what student data may be collected, how it will be used, shared, protected and retained, the institution operates more effectively around those core requirements. This clarity strengthens internal processes and builds fluency, making it easier to apply data privacy mandates externally as well. 

At its core, privacy is not about the machines; it’s about the people. For many school districts, successful implementation of a student data privacy program may require some form of organizational change, and change management starts at the top. The rest of the work is hard enough, but once leadership has set the right tone and cleared the pathway, the rest of the road forward becomes much easier to navigate.

Key points:

• The structure to develop, implement, and sustain a privacy program may not yet be in place across all districts
• The advantages of edtech compliance for schools and vendors
• Protecting our students: The urgency of securing education data
• For more on data privacy, visit eSN’s IT Leadership hub

Protecting student data is critical for school district IT leaders, but many cite leadership and training gaps, along with time and manpower, as obstacles in that pursuit, according to the 2025 National Student Data Privacy Report from CoSN.

The report is based on results of a survey of school district edtech leaders from across the country. The report, divided into two parts, provides an unprecedented look into how districts are managing the critical task of safeguarding student data.

With more than 130 state student data privacy laws that have proliferated across the country and a steady stream of headlines highlighting data breaches in schools, the importance of safeguarding student data has become more critical than ever. The report examines how those responsible for student data privacy programs assess their district’s privacy practices, the tools and resources available to them, additional supports they find valuable and barriers to improvement.

“The 2025 National Student Data Privacy Report underscores the urgent need for stronger leadership, training and resources to protect student data in an increasingly digital world. The report provides a roadmap for districts to build stronger, more resilient privacy programs and highlights the significant impact of CoSN’s Trusted Learning Environment (TLE) Seal in fostering leadership alignment and cross-departmental collaboration,” said Keith Krueger, CoSN’s CEO.

CoSN surveyed more than 400 edtech leaders from across 39 states and the District of Columbia. Key findings from the report include:

Leadership and training gaps: Nearly 90 percent of edtech leaders who participated in the survey noted that they oversee their district’s student data privacy program, yet 73 percent say it’s not part of their job description and 17 percent have never received any relevant privacy training. A quarter of those trained paid out of pocket.

Barriers to improvement: Time and manpower (60 percent), guidance on federal laws (47 percent), state laws (46 percent) and privacy expertise generally (38 percent) were more frequently cited as barriers than financial resources (36 percent).

Employee-related concerns: Eighty-nine percent cite employee-related issues as extremely or very concerning, including challenges managing behavior (76 percent), controlling the influx of free and low-cost classroom technologies (69 percent), enforcing policies (55 percent) and mandating privacy training (49 percent).

Program performance disparities: Districts that have earned the CoSN Trusted Learning Environment (TLE) Seal, or have indicated that they are working towards obtaining one, are far more likely to outperform other districts with respect to the breadth and maturity of their student data privacy programs.

Opportunities for improvement: While district edtech leaders are committed to student data privacy, the necessary organizational structure to develop, implement and sustain a privacy program may not yet be in place across all districts. The report’s findings indicate the importance of reinforcing a commitment to student data privacy from leadership as a core priority while providing district EdTech leaders with training and implementation support to strengthen privacy practices.

“Protecting student data privacy has never been more important. The report demonstrates–for the first time–what school districts really need to be successful in their privacy efforts and the steps that every district can take to improve,” said Linnette Attai, project director of the CoSN Student Data Privacy Initiative and Trusted Learning Environment Program, and president of PlayWell, LLC.

The CoSN TLE Seal and the new TLE State Partnership Program are designed to close these gaps by equipping districts with actionable resources, training and a proven rubric of 25 data privacy practices.

States like Illinois, Indiana, North Carolina and South Carolina are already partnering with CoSN to empower districts through this initiative. By achieving the TLE Seal, districts not only reinforce their commitment to protecting student information but also build trust within their communities, setting a standard for excellence in data privacy and security that benefits students, families and educators alike.

This press release originally appeared online.

Key points:

• An 18-month study informs key recommendations to defend against cyberattacks
• How schools can fight growing ransomware attacks
• Preparing for evolving ransomware threats in 2025
• For more news on cybersecurity, visit eSN’s IT Leadership hub

The long-term impacts of K-12 cyberattacks, including lost learning time and disruptions to school operations, are just as damaging as stolen data, according to a new report from the Center for Internet Security, Inc. (CIS).

The 2025 CIS MS-ISAC K-12 Cybersecurity Report, released at the SXSW EDU conference, details the increasing sophistication, frequency, and impact of cyberattacks against K-12 schools.

This is the third annual CIS report dedicated to K-12 cybersecurity, and the second year CIS has partnered with the Consortium for School Networking (CoSN), to direct attention and resources to this critical issue.

Key findings

• Eighty-two percent of reporting K-12 organizations experienced cyber threat impacts
• Nearly 14,000 security events were observed, with 9,300 confirmed incidents
• Cybercriminals target human behavior at least 45 percent more than technical vulnerabilities
• Attacks surge during high-stakes periods like exams, disrupting education and forcing difficult decisions

Impact on communities

“The long-term impacts of stolen student and faculty data are only part of the story,” said Randy Rose, VP of security operations and intelligence at CIS. “Schools are a vital part of our local communities and cyberattacks against these institutions can have real-world consequences that include missed days, canceled exams, wasted food, and disruptions to child care among other things.”

Building cyber resilience: 

CIS emphasizes the importance of a collaborative approach to cybersecurity. Early engagement with the Multi-State Information Sharing and Analysis Center (MS-ISAC) improves outcomes, and schools that leverage no- and low-cost cybersecurity resources from the MS-ISAC significantly increase cybersecurity capabilities at a fraction of the cost. MS-ISAC services blocked more than one billion attempts to connect to malware domains, and over 320 million attempts to connect to phishing domains.

Recommendations

To better protect against cyberattacks:

• Create a culture of shared responsibility
• Establish direct lines of communication between IT teams and educators
• Implement smart technical controls that support learning without hindering it
• Strengthen partnerships, as collaboration amplifies impact

Final takeaways

Cybersecurity in education isn’t just about protecting data, it’s about protecting the students and families, as well as the services they rely on every day. Through proactive cybersecurity strategies and collaboration, K-12 schools can greatly improve their cyber defenses against a pervasive and evolving cyber threat.

This press release originally appeared online.

Key points:

• The education sector is a key target for cyberattackers
• Preparing for evolving ransomware threats in 2025
• How to prepare for a school cybersecurity audit
• For more news on K-12 cybersecurity, visit eSN’s IT Leadership hub

The education sector is facing a growing and multiplying menace: a surge in cyberattacks by ransomware groups that are leveraging generative artificial intelligence and other sophisticated tools.

Recently, a software provider was the target of a data breach that affected K-12 school districts across the U.S. As a result, sensitive data such as names, addresses, birth dates, financial reports, medical records, and Social Security numbers were obtained by hackers.

These attacks illustrate increasingly sophisticated and bold tactics of the ransomware gangs targeting schools and a variety of other sectors. According to a recent report, ransomware attacks targeting the U.S. education sector increased more than 25 percent between April 2023 and April 2024, compared to the same period a year earlier.

The heightened threat was part of an overall increase of 17.8 percent in ransomware attacks. Of those attempted attacks, 217 targeted the education sector–the fourth highest total of any industry.

In the era of a digital and hybrid learning world, the education sector faces numerous challenges when it comes to cybersecurity, including a lack of resources and budget, curious students, and outdated infrastructure. Combined with growing ransomware threats, schools should adhere to best practices for proper cyber hygiene, strong IT security fundamentals, and the implementation of a zero trust architecture. Taking these steps can minimize the attack surface, reduce breaches, eliminate lateral movement, stop data loss, and bolster defense capabilities.

Laying the foundation: Cyber hygiene and IT security fundamentals

However they choose to handle individual incidents, school IT teams have no choice but to stay prepared and prioritize improving their cyber hygiene and IT security fundamentals. Proactively addressing evolving ransomware threats will enable schools to remain more resilient.  

There are steps that everyone–even curious students–can take to enhance their cybersecurity posture. These include creating complex passwords, ensuring software is regularly updated, participating in phishing awareness training, and implementing multifactor authentication. Such best practices can be reinforced by integrating cybersecurity into the curriculum and ensuring that password updates and trainings occur on a set basis. Maintaining cyber hygiene and practicing IT security fundamentals is a continual effort that can become part of the daily habits of students and staff when consistently emphasized–fostering a culture of cybersecurity awareness and resilience.

Zero trust: Trust no one, always verify

Practicing proper cyber hygiene and maintaining security IT fundamentals is only part of the solution to protect against attacks. Evolving threats and technological advancements are not slowing down, and schools need a security framework that effectively keeps up with this new digital landscape. An important security progression is zero trust, which is a focus for federal agencies. Zero trust is not mandatory for the education sector, but school districts should prioritize implementing it as a strong overall security practice and specifically to help guard against ransomware attacks. 

Operating under the principle of “never trust, always verify,” zero trust assumes that breaches will happen, not might. The architecture promotes a proactive approach to cyber threats by treating every access attempt, whether from inside or outside the network, as potentially hostile. Continuous verification of identities and devices, regardless of location, is enforced.  

Should an attack occur, zero trust is inherently designed to minimize the network attack surface, prevent lateral movement of threats, and lower the impacts of a data breach. Pairing zero trust with cyber hygiene and IT security fundamentals puts a plan in place that allows schools to continue operations and secure sensitive data. 

Fortify with microsegmentation principles

A key component of a zero trust approach to cybersecurity is microsegmentation, which creates one-to-one segments that are brokered and authenticated by zero trust architectures. Based on the principles of least-privilege access, users are connected directly to requested applications without ever exposing the network. 

The implementation of a zero trust architecture and microsegmentation principles are best practices that enable schools to proactively secure critical assets such as student and other data–often the target of ransomware gangs. This approach not only protects valuable information, but lowers risks, unplanned downtime, and consequences stemming from an attack.

As these criminals become a growing threat to schools and to students’ privacy, it is imperative that the education sector take every possible step to secure its data and maintain strong security fundamentals. Having a clear plan in place and ensuring everyone recognizes the signs of potential ransomware attacks are essential first steps. From everyday practices, such as cyber hygiene and security fundamentals, to more IT-based implementations, such as zero trust and microsegmentation, everyone can play a role in the fight against ransomware attacks and bolstering cyber defenses. 

Key points:

• Digital access and universal connectivity are critical for postsecondary success
• The digital divide still holds students back
• How your school’s design can promote equity through access
• For more news on the digital divide, visit eSN’s Educational Leadership hub

Only 27 percent of states have plans to sustain K-12 digital access as key federal programs expire, according to a new report from SETDA, the principal association representing state and territorial educational technology and digital learning leaders.

The new report, Universal Connectivity Imperative: Sustaining Progress to Close the Digital Access Divide in K-12 Education, comes at a critical time, as several federal programs that bolstered student connectivity during and after the pandemic–including the Emergency Connectivity Fund (ECF), Affordable Connectivity Program (ACP), and Elementary and Secondary School Emergency Relief (ESSER)–have ended, and new state and federal leaders begin their policymaking cycles following the 2024 elections. 

“Universal connectivity is more than just internet access–it’s about addressing the digital divide to ensure every student is prepared for post-secondary success,” said Julia Fallon, executive director at SETDA. “Nearly every career pathway today demands tech literacy and digital citizenship skills–not just the jobs of tomorrow. This report provides evidence-based strategies and actionable policy recommendations to help education leaders and state and federal policymakers close the digital divide and build sustainable systems that ensure all students thrive beyond K-12 education.”

The report, informed by federal, state, and local government leaders, researchers, nonprofit organizations, industry representatives, and K-12 students and teachers, builds upon SETDA’s previous research, including the Broadband Imperative series and recent State Edtech Trends reports.

Key findings include:

• Funding sustainability is a major challenge: Only 27 percent of states have plans to sustain funding for technology initiatives previously supported by federal relief programs, despite 92 percent of school districts having used ESSER funds for educational technology.
• Digital skills gap persists: While 72 percent of students receive digital skills development support, just 24 percent of families receive similar assistance–creating barriers to reinforcing these critical skills at home.
• Cybersecurity remains top priority: With K-12 schools facing increasing cyber threats and costs ranging from $50,000 to $1 million per incident, state leaders consistently rank cybersecurity as their top technology concern.
• Affordability barriers continue: Nearly three million households risk losing internet service with the ACP’s sunset, while 8.3 million may need to downgrade to slower plans–directly impacting K-12 students’ ability to learn.

“States have made remarkable progress in connecting students to learning opportunities, but we’re at a critical juncture,” said Doug Casey, executive director of the Connecticut Commission for Educational Technology and SETDA board member. “This report provides a clear roadmap for maintaining momentum through policy solutions that address not just access, but the full spectrum of digital inclusion.”

The report provides specific policy recommendations to close the digital divide in education. It calls for reliable internet access for all K-12 students that meets updated FCC broadband benchmarks and emphasizes the need for individual, regularly updated internet-enabled devices.

The report also highlights the importance of developing digital skills aligned with community-developed learning standards, ensuring robust student privacy and data security, and creating inclusive, accessible digital tools and platforms to support all learning opportunities.

This press release originally appeared online.

This article originally appeared on CoSN’s blog and is reposted here with permission.

CoSN’s Driving K-12 Innovation initiative recently announced that Analytics & Adaptive Technologies as a Top Tech Enabler (tool) for 2025 and it’s appeared on the list five of the past seven years. The Driving K-12 Innovation Advisory Board defines Analytics & Adaptive Technologies as: these are digital technologies that collect and use data related to teaching and learning. Analytics refers to the process of analyzing data collected about student learning and the opportunity to leverage data to inform instructional decision making.

Adaptive technologies are tools that adapt to the student based on their interactions with the technology. ​​​​​​​​​These adaptations could be in the form of suggesting next steps, providing remediation, controlling pacing, or providing feedback based on analysis of the student’s performance.

But what is this topic exactly and why is it important for moving education forward?

During the November 2024 meeting of CoSN’s EdTech Innovation Committee, participants were asked those same questions, and shared their perspectives on what educators should do about the topic. Read on for 10 key takeaways from the discussion.

1. How much is too much data? “When I moved to Virginia [from Ireland], what struck me about the U.S. education system was your engagement with data,” said John Heffernan (CEF Professional Development, Ireland). “In Ireland, we don’t use data in the same way. We don’t collect the same amount of data, and I just wonder, is this a U.S.-centric thing that everything has to be measured?
2. We need common language and understanding around these terms. During the conversation, there was a need to define terms and shared language. For example, Analytics & Adaptive Technologies or Personalization? Personalized or Individualized Learning? Committee member Ruben Puentedura (Hippasus, Massachusetts) explained that we also need to distinguish between traditional data, like test scores, and the much bigger world of data that “can be used creatively and usefully applied by students and teachers that can include a range of things from students’ interests and type of social networks that exist in a classroom.” Puentedura added: “The data can be used, not just as a question of how to assess something, it can be used to scaffold and underpin what happens in a classroom. AI allows you to take rich worlds of quantitative data and qualitative, narrative data and do qualitative analysis on a scale that you couldn’t do before.”
3. Just as EdTech innovators need common terminology, we then need to be able to communicate it with leadership. “As we look at what the messaging should be, how can it be simplified for both school leaders and for teachers in understanding what it is? And then, what workload that we can eliminate from districts from an already full agenda,” asked Andrew Fekete (Community Consolidated School District 93, Illinois). “There’s a lot of resistance in saying that we don’t have time for this conversation. And my pushback is, we don’t have time to not have this conversation.”
4. Challenges in data collection and usage.” Right, wrong, or indifferent, we still have significant pockets of school districts that don’t grasp even the basics of data,” said Beverly Knox-Pipes, EdD (Former CTO/Education Consultant, Michigan). “As a result, they are often reactive rather than proactive, failing to plan and strategize effectively for what they truly need. This includes not only setting up and managing their student information systems but also understanding how to gather and use data to drive student achievement—the ultimate purpose of education.”
5. The impact of AI and machine learning on educational data. “With the advent of AI and small language models, we’re going to be more and more dependent on our own data internally,” said Pete Just, CETL (Just Strategics, Indiana). “I’ve been talking to a lot of school districts about this as they’re trying to figure it out. But the number one thing is: you have to have good data. So if you’re going to try to make decisions and try to go deep on using an AI tool to help make those decisions. They’re going to be off if your data is not quality.”
6. The importance of digital literacy. A high school teacher in Committee member Kathleen Stephany (School District of Holmen, Wisconsin)’s district is piloting a new course called Data Science, which will have a math component, content knowledge, and communication. “The teacher, when she proposed it, talked about how much data is created per minute,” said Stephany. “If you think about Venmo transactions, streaming videos – there’s tons of data. [The course is about] how to use that data and what goes into that.”
7. Since the beginning, this topic has been about student agency. “The role of adaptive technology and analytics was to grow student agency in their own learning path, whether it’s mastering outcomes or failing forward. To learn from it and the process,” said Janice Mertes (CDW Education State Level Ambassador). “There is an adult use of the term and a student use of this term, to the point of adding knowledge of data, literacy, and analytics.”
8. Analytics & Adaptive Technologies are about teacher agency, too. “We should also be talking about the need for teacher agency at the same place where we need student agency in conversations like these, especially when we’re talking about professional development of staff and being able to choose their pathway and have more choice in the targeted professional learning that we offer. We need ways that allow our educators to follow those paths based on the needs that they’re identifying and thinking about how we design those,” Nick Stoyas (Elmhurst Community Unit School District 205, Illinois).
9. Current concerns about data privacy. “I worry about how the data will be used after the student’s assessment. I’m a big believer in analytics and adaptive tech. I think that there’s some definite positives, but I just want to make sure we don’t lose track of that data privacy piece that protects our kids,” Ryan Cox (Osseo Area Schools – District 279, Minnesota).
10. The role of vendors when it comes to ethics and transparency in educational technology. A lively discussion arose about the need for vendors to be transparent about how student data is used and assessed, and Puentedura stated that if the vendor cannot share that information, they could not be considered. Many Committee members agreed. “It should be a checkbox, if they’re not transparent in what they’re doing with student data and supporting their privacy, the school should automatically pass and move on,” Emily Marshall (Vail School District, Arizona).

Thanks to all EdTech Innovation Committee members who participated in this essential discussion!

Key points:

• Schools should focus on modern cybersecurity practices and protecting critical assets
• How to prepare for a school cybersecurity audit
• Schools must bolster network continuity as they adopt more technology
• For more news on ransomware, visit eSN’s IT Leadership hub

In its 2024 threat assessment report, the U.S. Department of Homeland Security declared K-12 school districts “a near constant ransomware target.” The report attributed this alarming trend to budget constraints within school IT departments, insufficient dedicated cybersecurity resources, and the troubling success cybercriminals have had in persuading schools to pay ransoms. These vulnerabilities have made educational institutions a popular target for attackers, threatening not only the privacy of student and staff data, but also the continuity of critical operations.

As ransomware evolves, so must the strategies used to combat it. Traditional perimeter defenses, such as firewalls and antivirus software, are no longer sufficient in an era of artificial intelligence (AI)-fueled cyberattacks. Educational institutions should adopt an “assume breach” mindset focused on internal defenses, such as Zero Trust architectures, data encryption, segmentation tools, and post-breach containment strategies. By limiting attackers’ ability to move laterally within networks and quickly restoring operations after an attack, schools can minimize disruption and ensure the continuity of their missions. Without these proactive measures, the education sector risks falling further behind in ransomware attacks.

A shifting landscape in 2025

The ransomware landscape in 2025 will likely include more sophisticated attacks as threat actors leverage AI and other emerging technologies. These innovations will enable cybercriminals to identify system vulnerabilities faster by leveraging advanced tools, automated scanning methods, and sophisticated analytics. This capability will allow them to uncover weak points in security defenses and launch highly targeted attacks with unprecedented precision, often before schools can detect or respond effectively. Additionally, these tools are highly likely to further automate phishing campaigns, evade traditional detection mechanisms, and adapt in real-time to a school’s defenses.

The rise of advanced ransomware tactics underscores why schools, with their limited defenses and critical data, continue to be prime targets for cybercriminals. Attackers increasingly view the education sector as a high-reward and low-risk opportunity, underscoring the urgent need for a shift toward modern cybersecurity strategies. Fortunately, there are steps that even schools with limited resources can take that will make them better prepared to proactively face these new attacks.

Building internal defenses for education in 2025

To counter the growing sophistication of ransomware attacks, schools must embrace an “assume breach” mindset, which emphasizes strengthening internal defenses so that breaches don’t become cyber disasters. This approach shifts the focus beyond just prevention to include resilience and aims to minimize the impact of a breach by implementing proactive security measures, protocols, and tools designed under the assumption that attackers may already have access to parts of the network. By adopting this mindset, these measures prioritize safeguarding sensitive data, detecting anomalies, and enabling rapid responses to emerging threats before they even occur.

“Assume breach” is strengthened when it is paired with Zero Trust, which operates under a “never trust, always verify” mindset. As a result, measures are put in place to contain breaches quickly–such as continuously verifying users and ensuring they are only accessing the resources they need to access. From there, schools can implement protections that safeguard data in a proactive way, such as modern data encryption methods or apps, which are often quick and cost-effective.

Another vital defense is the adoption of Zero Trust Segmentation (ZTS). ZTS is designed to restrict lateral movement within a network by adopting Zero Trust measures to continuously verify communication and then creating granular policies that allow only essential interactions. For example, if an attacker breaches one segment, ZTS restricts their ability to move freely across the network and access sensitive assets, such as student records or financial databases. This containment strategy minimizes the damage of an attack, isolating threats before they can spread further. By implementing ZTS, schools create a layered defense system that safeguards critical assets while providing resilience against sophisticated cyber threats.

End-to-end visibility is also particularly critical in hybrid environments where a mix of on-premises and cloud-based systems expands the attack surface. By tracking communication between devices, workflows, and external networks, schools can better understand how data moves within their ecosystems. This understanding enables the enforcement of least-privilege policies, granting users access only to the resources they need for their roles. Such restrictions limit an attacker’s ability to exploit compromised accounts, reducing the potential impact of a breach. With a clearer picture of traffic patterns and system behavior, districts can strengthen their defenses against emerging threats.

Pairing Zero Trust principles and “assume breach” mindset with ZTS shifts the focus from preventing all breaches to containing their impact, using security measures and protocols to prevent incidents from escalating into disasters.

Flipping the paradigm: From reactive to proactive

As ransomware threats continue to evolve, schools face a critical inflection point. The growing integration of digital tools in K-12 schools, from virtual learning platforms to smart classroom technologies, has outpaced many districts’ cybersecurity resources, underscoring the urgent need for modern, proactive security strategies. Traditional perimeter defenses alone cannot withstand the sophisticated, AI-driven tactics of modern attackers. By embracing well-rounded and multi-faceted defense measures–such as an “assume breach” mindset, Zero Trust architectures, data encryption, segmentation, and post-breach containment strategies–schools can flip their cybersecurity posture from reactive to proactive. Proactive measures that emphasize containment and resilience set schools up to be better prepared to face the escalating threats of ransomware in 2025 and beyond. 

With a commitment to modern cybersecurity practices and a focus on protecting critical assets, schools can safeguard their data against new ransomware threats and continue to provide safe and secure environments for learning.

Key points:

• AI models are only as good as the data that goes into the tool
• Where AI and multimodal learning will go in 2025
• Teachers: It’s time to make friends with AI
• For more news on AI, visit eSN’s Digital Learning hub

It’s never too early for campus or district-wide IT teams to begin planning for upcoming tech upgrades and implementations. Because many of these upgrades happen over summer break, teams can use the upcoming spring semester to ensure their data is in A+ shape to support new AI tools.

AI has already significantly impacted education by improving how students learn, teachers teach, and educational institutions operate. The World Economic Forum’s Shaping the Future of Learning: The Role of AI in Education 4.0 touches upon AI’s extensive potential, from tailored student learning experiences to reducing administrative burdens to using this innovative technology to improve curricula.

For campuses and districts that haven’t started their AI journeys, it’s critical to know that AI models are only as good as the data that goes into the tool.

To ensure data can adequately train AI to improve education-related outcomes, consider these six strategies.

1. Solve for data anomalies

Detecting outliers in your data baseline–like observations, events, or data points that deviate from the standard–is key to optimizing AI in your educational system. Although data anomalies don’t always indicate something’s amiss, it’s wise to investigate them to be sure.

While the exact method depends on data types, distribution, and computational resources, anomaly detection can be handled through statistical, machine learning, and clustering-based methods. By detecting and solving data inconsistencies early, tech teams are more likely to ensure accurate AI models and avoid future problems.

2. Automate data cleansing

Automated data cleansing enhances accuracy and consistency by fixing or removing incorrect, corrupted, duplicate, or incomplete data within a dataset. It’s a critical step toward managing data, ensuring accuracy, and warranting trustworthiness.

This stage is vital because clean, well-prepared data prevents AI from generating distorted results and reduces the computational resources needed by training models. Further, clean, automated data frees educational tech teams to concentrate on developing AI models and other valuable tasks instead of fixing data obstacles.

3. Observe data quality metrics continuously

Identify your campus or district’s key data quality metrics to measure and improve datasets regularly. Monitoring these metrics involves assessing, measuring, and managing data for accuracy, consistency, completeness, reliability, and validity.

Regular audits allow tech teams to be informed and agile, detecting potential problems before they get out of control and negatively affect AI outcomes.

4. Make data governance routine

Setting the rules, roles, and uses of data will help ensure that datasets are clean and accurate before being leveraged for AI. This governance of data processes upholds all teams and tools to the standard needed for successful operation.

Perform and recognize data stewardship for employees promoting your school system’s data governance initiatives. Effective data governance helps decrease data inconsistencies in school-wide systems, which improves overall data integration initiatives.

5. Enhance data security

Since 2005, U.S. educational institutions have undergone 3,713 data breaches, affecting 37.6 million records. Data breaches can damage a school system’s reputation and decrease trust among students, faculty, and the community.

Further, a lack of sufficient data security measures in AI systems could lead to non-compliance, which is often accompanied by a school system being held liable for a breach, having funding withdrawn, or being investigated by the U.S. Department of Education.

To avoid such troubles, secure your data through encryption, access controls, firewalls, content filters, network security, endpoint segmentation, regular backups, continuous updates, and security awareness training.

6. Ensure data is standardized

Finally, data standardization helps AI models learn patterns more effectively and consistently. It is essential for preserving data quality and allows different systems to exchange data in a consistent format.

By practicing the most common standardization techniques–data cleaning, data governance, data normalization, and data transformation–educational institutions can safeguard data consistency, which is critical for training AI and machine learning models.

A+ AI relies on stellar data

AI can help transform school systems by adapting to each student’s learning needs and personalizing their learning experience. By automating clerical tasks, educators’ time becomes free for more hands-on instruction. It can also help to identify strengths and weaknesses in student performance, allowing educators to prepare better-targeted instructional strategies.

If your school district is ready for AI, adopt these six data strategies to ensure that your AI model is optimized for all stakeholders, especially students, teachers, and administrators.

There’s no need to wait for summer break to ensure your data gets a top grade. Start now so your AI program is at the head of its class next fall.

Key points:

• CoSN’s Driving K-12 Innovation initiative highlights the most pressing challenges and opportunities schools face
• The psychology of Disruptive Innovation
• Leveraging connectivity to tackle K-12’s biggest challenges
• For more news on digital innovation, visit eSN’s Educational Leadership hub

AI, learner agency, and digital equity are among a number of factors that can hinder or foster K-12 innovation, according to CoSN‘s annual Driving K-12 Innovation Top Topics, which outlines the key challenges and opportunities that will define K-12 education in 2025.

This year’s report (to be fully released in February 2025) identifies the top three Hurdles and Accelerators for schools to address, along with the top three Technology Enablers to leverage.

The Driving K-12 Innovation initiative pinpoints critical issues poised to accelerate, hinder or enable innovation in teaching and learning within K-12 spaces. By fostering awareness and guided action, the initiative empowers leaders, practitioners and policymakers to address these key topics effectively.

“Selecting the Top Topics is a vital step in CoSN’s Driving K-12 Innovation initiative, as it highlights the most pressing challenges and opportunities our schools face,” said Keith Krueger, CEO of CoSN. “We are deeply grateful to our Advisory Board for their invaluable contributions–their insights, diverse perspectives and commitment to innovation make this project possible. Together, we’re paving the way for meaningful change that empowers students, educators and technologists alike.”

The annual series, a cornerstone of CoSN’s commitment to delivering high-quality trend reports, involves an international Advisory Board of educators, technologists, changemakers and industry partners. There are approximately 130 Advisory Board members this year, spanning 13 countries and 34 states, including Washington D.C. Their process involves surveys, synchronous and asynchronous discussions, and a final survey to select the Top Topics featured in the annual publication.

Hurdles–The top three most important Hurdles for schools to address in 2025 that are roadblocks that force schools to slow down, prepare themselves and make a leap:

1. Attracting & Retaining Educators and IT Professionals
2. Evolution of Teaching & Learning
3. Digital Equity

Accelerators–The top three most important Accelerators for schools to utilize in 2025 to help motivate and increase speed of innovation:

1. Learner Agency
2. Building the Human Capacity of Leaders
3. Changing Attitudes Toward Demonstrating Learning

Tech Enablers–The top three most important Tech Enablers for schools leverage in 2025 in order to surmount Hurdles and leverage Accelerators:

1. Generative Artificial Intelligence
2. Analytics & Adaptive Technologies
3. Untethered Broadband & Connectivity

To learn more about Driving K-12 Innovation, sign up for the CoSN Newsletter, Roadmap to Innovation.

This press release originally appeared online.

Key points:

• Modern compliance is playing a crucial role in keeping threats at bay
• Protecting our students: The urgency of securing education data
• Building a culture of trust to protect personal data
• For more news on data protection, visit eSN’s IT Leadership hub

The edtech sector is booming. Valued at $334.2 billion in 2023, it’s projected to grow 14.13 percent annually to hit $738.6 billion by 2029. Schools are increasingly adopting technological solutions that enhance learning outcomes and simplify administrative tasks–from eLearning platforms to teacher scheduling apps and parent communication tools.

But with great tech comes great responsibility. Demonstrating you can protect data is no longer optional. In education, where safeguarding children’s privacy is paramount, data safety is a hallmark of quality and trust.

Transparent and third-party validated security practices can provide schools peace of mind when choosing the right vendors. For tech companies, thanks to modern advancements, developing programs to meet these needs has never been easier, allowing them to gain a competitive advantage with better data safety practices.

Modern compliance is a frictionless process for edtechs

Managing a compliance program wasn’t always seen as an asset for tech companies. It was deemed a burdensome task that went against a company’s best interests–auditors used to be perceived as judges who spot flaws rather than exalt good qualities and seek improvement. But today’s compliance processes are far from this notion, thanks to a better understanding of tech companies and improved auditing tools.

Modern compliance, especially when referring to SOC 2 reports or certifications like ISO 27001, supports vendors by keeping their needs in mind first and foremost. For example, auditors now use governance, risk, and compliance (GRC) tools that connect to a company’s tech stack to monitor compliance practices and suggest improvements.

These programs reduce the need for endless questionnaires and business interruptions, as compliance processes are running in the background rather than through endless paperwork. Auditing has also become more asynchronous, letting companies continue their operations as usual and meeting with auditors as needed throughout the process.

This highly technological and streamlined approach also gives auditors more time to discuss companies’ doubts, preferences, and expectations, allowing them to gain a deep understanding of what each organization wishes to achieve with compliance. As a result, auditors run more purposeful and tailored audits, giving companies actionable advice to improve their operations rather than highlight their weaknesses.

Compliance makes vetting easier for schools

Becoming compliant can be a massive business enabler by streamlining the vetting process for schools. These institutions, just like any other organization looking for vendors, evaluate their options with a magnifying glass to ensure services are safe and meet their standards.

SOC 2 and related reports help vendors demonstrate their security posture in an easy-to-read document that includes different testing criteria, areas of improvement, and an auditor’s assessment of company practices. This neatly organized document answers many of the security questions a school might have, bypassing the usual security questionnaire step in favor of this comprehensive report.

Early compliance adoption gives vendors a competitive advantage

Becoming compliant isn’t necessarily on every tech founder’s priority list–they might have an MVP to finish, investors to attract, and a customer base to secure first. However, there are benefits to adopting compliance early that will make significant differences for vendors down the line. Implementing it as early as possible is the best time to start.

Infusing compliance from the beginning will strengthen a product’s or service’s foundations, codifying data safety in every aspect of its operation. From the way engineers develop the software to how service contracts are drafted, security will permeate every corner of a vendor’s offering.

Early adoption also means compliance and security are built into company culture, placing efforts like employee awareness training and risk management strategies front and center in the company’s mission and values.

As such, a vendor’s commitment to data safety will be engraved in everything it does, giving investors and clients the confidence that the company takes data safety seriously. For an industry as regulated as education, this trustworthiness is a significant competitive advantage that shines through when schools choose their applications and software.

As schools continue to invest in technology, additional resources can be expected to focus on properly vetting vendors to safeguard student privacy. Modern compliance is playing a crucial role in keeping threats at bay and helping companies prove their commitment to safety. Today’s audits meet tech companies where they are with technological tools to ascertain their security practices and ease them into the vetting process–ultimately streamlining dealmaking, giving schools peace of mind and vendors a clear competitive advantage.

In a rapidly evolving digital landscape, K-12 IT teams play a critical role in shaping the future of learning. As schools navigate complex cybersecurity and data protection challenges, they also juggle issues including equitable access to technology.

Classrooms are increasingly reliant on digital learning tools, and the focus on robust infrastructure, cybersecurity, and effective technology implementation has never been more urgent. Prioritizing these areas empowers schools to create safe, inclusive, and future-ready learning environments for all students.

We asked K-12 IT leaders to share their thoughts around IT priorities in the new year. Here’s what they had to say:

Educational institutions face the unique challenge of needing to modernize their networks, while also improving user and employee experience and following compliance requirements. This will remain true in 2025, but these institutions must tackle these problems against the backdrop of persistent cyberattacks, as well as curious and capable students. Between 2023 and 2024, we saw a 35 percent increase in attacks on the education sector, and as ransomware groups continue to target the sector with more sophisticated attacks–by leveraging tools like generative artificial intelligence–the potential impacts could be devastating. Institutions have no choice but to stay prepared and prioritize improving their security posture. Education institutions should focus on maintaining strong IT security fundamentals and implementing zero trust architecture–especially for research projects with federal funding ramifications. These strategies minimize the attack surface, prevent breaches, eliminate lateral movement, and stop data loss. Proactively addressing these evolving threats will enable institutions to remain more resilient against a growing threat landscape in the coming year.
—Hansang Bae, Public Sector Chief Technology Officer, Zscaler  

Organizations will prioritize internal defenses and post-breach strategies over traditional perimeter security, recognizing that the fight against cyberattacks is shifting inward. Advanced attacks will increasingly target sectors like education and healthcare, making data encryption and network segmentation essential components of resilient cybersecurity frameworks. As AI-fueled attacks grow more sophisticated, agencies will focus on limiting attackers’ movements within networks, accepting that the perimeter can no longer be the sole line of defense.
—Gary Barlet, Public Sector CTO, Illumio 

In the two years since GenAI was unleashed, K-12 leaders have ridden the wave of experimentation and uncertainty about the role this transformative technology should have in classrooms and districts. 2025 will see a shift toward GenAI strategy development, clear policy and governance creation, instructional integration, and guardrail setting for educators and students. K-12 districts recognize the need to upskill their teachers, not only to take advantage of GenAI to personalize learning, but also so they can teach students how to use this tech responsibly. On the back end, IT leaders will grapple with increased infrastructure demands and ever-increasing cybersecurity threats.
—Delia DeCourcy, Senior Strategist, Lenovo Worldwide Education Team

With AI literacy in the spotlight, lifelong learning will become the new normal. Immediate skills need: The role of “individual contributors” will evolve, and we will all be managers of AI agents, making AI skills a must-have. Skills of the future: Quantum skills will start to be in demand in the job market as quantum development continues to push forward over the next year. Always in-demand skills: The overall increase in cyberattacks and emerging risks, such as harvest now and decrypt later (HNDL) attacks, will further underscore the continued importance of cybersecurity skills. Upskilling won’t end with AI. Each new wave of technology will demand new skills, so lifelong learners will thrive. AI will not be siloed to use among technology professionals. The democratization of AI technology and the proliferation of AI agents have already made AI skills today’s priority. Looking ahead, quantum skills will begin to grow in demand with the steady advance of the technology. Meanwhile cybersecurity skills are an evergreen need.
—Lydia Logan, VP of Global Education & Workforce Development, IBM

In 2025, K-12 schools will continue to experience significant transformations driven by AI, IoT, and biometric authentication. AI will significantly enhance school cybersecurity by automating threat detection and response, as well as introduce risks, such as AI-powered cyberattacks. Schools are adopting more advanced AI security tools to manage these threats, balancing real-time protection with privacy concerns. However, IoT adoption will require strong security protocols to prevent vulnerabilities, including network segmentation and careful vendor management. Biometric technologies, such as fingerprint and facial recognition, will be more widely deployed for security and authentication, streamlining processes like student check-ins, and building access. As biometrics merge with AI and IoT, privacy and data protection will be critical, requiring schools to ensure compliance with privacy regulations and secure handling of biometric data. Overall, as technologies evolve, K-12 schools must carefully balance innovation with privacy and security to enhance security, streamline operations, and create safer, more personalized learning environments for students and staff.
–Jason Martin, CTO, Incident IQ

K-12 schools faced a barrage of cybersecurity attacks in 2024, which showcased why building up the U.S. cybersecurity workforce is so important. Addressing this starts with K-12 cybersecurity education, upskilling, and improving cross sector collaboration. We’ve seen firsthand how education systems have forged stronger partnerships with industry partners and workforce development organizations to pool resources and intelligence. In 2025, we’ll continue to see local law enforcement step up their involvement in curbing these types of attacks, working together with schools to enhance security protocols and respond swiftly to incidents. This proactive approach has the potential to reshape the cybersecurity landscape in education, fostering a united front against malicious actors and ensuring our students have the skills, knowledge, and real-world experience to enter cybersecurity careers.
—Laurie Salvail, Executive Director, CYBER.ORG

Data and technology policies will tighten amid rising concerns for student privacy. As K-12 schools increasingly rely on digital tools and cloud-based platforms, districts across the United States are implementing stringent data protection measures to safeguard student information. The landscape of student privacy regulations continues evolving at state and federal levels, highlighting how schools are responding to growing concerns about data collection, storage, and sharing practices. In 2025, schools will move beyond collecting data to truly making it actionable. Instead of drowning in spreadsheets, educators will leverage predictive analytics to identify students needing support before they fall behind. The most successful districts will be those that can translate complex data into clear, actionable insights for both teachers and families.
—Joy Smithson, Data Science Manager, SchoolStatus

The threat of AI-powered cyberattacks: Experts think 2025 might be the year cybercriminals go full throttle with AI. Think about it: with the advancement of the technology, cyberattacks powered by AI models could start using deepfakes, enhanced social engineering, and ultra-sophisticated malware. If the Trump administration focuses on cybersecurity mainly for critical infrastructure, private companies could face gaps in support, leaving sectors like healthcare and finance on their own to keep up with new threats. Without stronger regulations, businesses will have to get creative–and fast–when it comes to fighting off these attacks.
–Alon Yamin, Co-Founder & CEO, Copyleaks

Related:
25 predictions for AI in 2025

Key points:

• E-learning has vast benefits, but it is unavailable for millions of Americans
• Online learning programs increase student access, engagement
• Virtual academies remove barriers and unlock student potential
• For more news on online learning, visit eSN’s Digital Learning hub

We are living through a dramatic transformation in how Americans learn. Though not exactly new, e-learning is being quickly embraced by more and more people as a complement or alternative to traditional classroom learning.

Part of this rapid change is because the full range of e-learning’s possibilities are now widely recognized. According to a survey from the University of the Potomac, 70 percent of students–and 77 percent of educators–say that online learning is better than traditional classroom learning.

It allows anyone with broadband access to become a student for life, opening new education and career opportunities. Widespread adoption of new AI applications will make it even more compelling with immersive and personalized learning programs.

But this opportunity is not equally available to everyone. In many parts of the country, the lack of stable and reliable internet connectivity leaves too many people out. If left unaddressed, this digital education divide will widen, and millions of Americans will be left behind without the skills they need to succeed in our fast-evolving and ever more competitive economy.

To meet this challenge head on, we must make e-learning easily accessible in underserved communities, many of them rural, so we can ensure there is a level playing field in the career landscape of tomorrow.

How e-learning levels the playing field by making education more engaging

Increasingly, AI is making online learning solutions more immersive and collaborative, and measurable benefits are already here. When content is more engaging, the lessons are more effective, and in some cases students are retaining up to 60 percent more of what they learn. Another study found companies using e-learning for employee training require up to 60 percent less time compared to traditional classroom instruction.

E-learning is also more flexible–students can set their own hours, revisit courses at will, change their program of study to suit their needs, and work at their own pace. It enables rural students to collaborate on projects with students or teachers in cities and gives them access to global educational content that might not be available otherwise.

It’s also valuable for workers looking to learn new skills, particularly in remote or rural areas where reskilling opportunities might not otherwise be immediately available. A 2024 survey of HR professionals in Europe, Asia, and North America found most HR professionals believed half their work force would need to be reskilled in the next five years. Those left behind risk losing access to well-paying jobs and long-term career security.

But the real benefit will come when AI-infused programs are tested, refined, and become more widely available. These promise to personalize e-learning, acting like an individual tutor that identifies students’ strengths and weaknesses, and tailoring lessons specifically to their needs.

Satellite connectivity can bridge the digital divide

The benefits of e-learning are substantial and will only increase as technologies improve. But they are unavailable for millions of Americans, largely in rural areas, who have no access to robust, affordable broadband connectivity.

This is the reality of the digital divide in the United States, and it is particularly acute in areas most in need of economic redevelopment. While broadband options like fiber-optics or cable provide fast, robust service, they have limited reach, and providers have so far mostly invested their geographical footprint in urban and suburban areas.

Connecting rural or remote communities is either too technically challenging or not cost-effective for many connectivity providers. For cable or fiber operators, there generally needs to be a critical mass of potential customers before it makes sense to build out a location’s infrastructure. Wireless is more common in rural and remote areas, but often the end user is too far from a tower to make service reliable. As a result, there are significant coverage gaps.

Satellite connectivity can easily overcome those challenges. With its turnkey accessibility, satellites can rapidly bridge the digital divide and enable lifelong learning and upskilling for students and workers alike, regardless of where they live. It isn’t affected by inclement weather or downed power lines. All that’s required is a dish to be installed on the property and an unobstructed view of the sky.

When considering a satellite operator, there are two primary kinds of service: geosynchronous (GEO), or geostationary, and low earth orbit (LEO) satellites. The former is usually more cost effective, but because of the longer distance between orbit and earth, there are sometimes latency issues for data-intensive applications. Meanwhile, the latter option provides lower latency for real-time applications.

For learners in rural areas–including tribal lands–satellite connectivity is the critical lynchpin that enables them to participate in e-learning programs when other connectivity options are unavailable or fall short. Without it, they are left disconnected from modern educational resources, new technologies, and career opportunities available to their urban and suburban counterparts.

Investing in satellite service is not just about closing the digital divide, it’s about breaking down barriers to education and creating pathways to brighter future for rural and remote communities. Maintaining a competitive, engaged workforce may depend on it.

Today, the Chan Zuckerberg Initiative (CZI) announced the expansion of its work in artificial intelligence to help ensure education tools that leverage AI are grounded in research and best practices for teaching and learning. CZI launched two new AI developer tools for education designed to empower developers to integrate high-quality education content seamlessly into their platforms. Knowledge Graph helps developers enhance AI system inputs by aligning them with learning science research, state academic standards, and curricula, while Evaluators help developers assess AI system outputs to ensure they meet the accuracy, rigor, and quality essential for teaching and learning.

Alongside these new private beta tools, CZI also announced the appointment of a new advisory board that includes experts in schools, data privacy, artificial intelligence, education technology, and learning science.

“With the rapid growth of artificial intelligence, improving the quality of outputs from large language models is increasingly important–especially where student learning and outcomes are involved,” said CZI’s Head of Education, Sandra Liu Huang. “CZI is partnering with education, research, and technology experts to help ensure artificial intelligence tools are high quality and support educator efforts to unlock the full potential of every student.”

These new tools are part of CZI’s efforts to help schools address everyday challenges by co-building tools with educators and empowering technology developers with resources to build high-quality, research-backed AI solutions for education.

Core AI Resources for Education Developers

Through Knowledge Graph and Evaluators, CZI is using its learning science expertise and technical strengths to enable edtech developers to incorporate rigorous, high-quality educational content into their platforms and improve the overall infrastructure of AI-driven education products.

To help developers improve the quality of their inputs, Knowledge Graph will launch with two key interconnected datasets: a high-quality, openly licensed core math curriculum in partnership with Illustrative Math, and academic standards from all 50 states in partnership with 1EdTech.

For Evaluators, CZI also worked with academic experts to help edtech developers support teachers in closing the gap in student reading skills. They leveraged a Rubric for Literature from Student Achievement Partners to evaluate the complexity of AI-generated text outputs. They also worked with English Language Arts experts from The Achievement Network and Gradient Learning to assess the dataset.

The private beta phase includes initial collaboration with Playlab and Diffit, who are piloting the tools to improve their AI-based educational offerings.

Education Advisory Board

CZI is also announcing its Education Advisory Board, bringing together a diverse group of experts to help guide efforts in advancing the use of AI to transform learning and improve educational outcomes.

The Advisory Board members are:

Dan Carroll

Former Chief Product Officer and co-founder of Clever

Richard Culatta

CEO of ISTE+ASCD

Alina von Davier

Chief of Assessment at Duolingo, CEO and Founder of EdAstra Tech, and VC Partner at the LearnLaunch Accelerator

Louis Gomez

Professor of Education at UCLA and a member of the National Academy of Education

Babak Mostaghimi

Founding Partner of LearnerStudio

Amelia Vance

Amelia Vance, Founder and President of the Public Interest Privacy Center (PIPC)

“We know more than ever about how kids actually learn. And so that’s sort of the whole point–to bridge the learning science and to get it into this new technology.”

“One of the challenges right now is that AI outputs might look right but there could be inaccuracies with them. And so we think one of the 1st steps in making Gen. AI more pedagogically aligned–more useful in the classroom–is to actually measure the quality that it’s returning.”

“In a nutshell, we’re really focused on both enhancing the AI system inputs and assessing those system outputs by being really intentional in our work with edtech developers.”

Join eSchool News for the 12 Days of Edtech with 2024’s most-read and most-loved stories. On the 1st Day of Edtech, our story focuses on the E-rate program.

Key points:

• Schools still rely on E-rate funds to upgrade and protect their technology infrastructures
• Will cybersecurity receive E-rate funding?
• 3 ways the E-rate program helps level up learning
• For more news on the E-rate, see eSN’s IT Leadership hub

When the Federal Communications Commission’s E-rate program first emerged in 1996, only 14 percent of the nation’s K-12 classrooms were connected to the internet. Since then, the program has transformed to help schools and libraries connect to high-speed broadband. Today, nearly three-quarters of K-12 school districts provide internet bandwidth at a minimum rate of 1 megabit per second, according to the 2023 Report on School Connectivity.

Despite making significant technological advances over the past two decades, schools still rely on E-rate funds to upgrade and protect their technology infrastructures. However, many districts find it challenging to engage in long-term planning without outside consultation or tools that help them evaluate their programs and stay abreast of the latest E-rate policy changes. Keeping up with comment cycles and changing requirements can open new opportunities for students and library patrons.

Bringing connectivity to school buses

After seeking input from the public, the FCC has issued new guidance for applicants seeking to outfit their school buses with Wi-Fi service. In December 2024, the E-rate program’s Eligible Services List for Funding Year 2024 was issued, which includes school bus Wi-Fi equipment and services as eligible for Category One funding. USAC, the E-rate program administrator, also provided specific guidance for the application process for this service.

Although E-rate has issued guidance for school bus Wi-Fi, including off-site hotspots into the program is still up for consideration.

Hotspots remain a hot topic

The FCC issued a Notice of Proposed Rulemaking (NPRM) late last year to make off-campus Wi-Fi hotspot services eligible for E-rate program discounts. During the initial comment period, the Commission received more than 60 comments, showing mixed support for making Wi-Fi hotspot services eligible for E-rate discounts. While commenters agreed students need access to off-campus internet services, they disagreed about ways to support that need. Some felt that E-rate laws should not include at-home internet connectivity. Others expressed concerns about the potential cost of adding hotspot service to the E-rate program.

Funds For Learning estimates that adding hotspot services to E-rate would increase the total demand for E-rate funds by 6.67 percent, or nearly $198 million; however, integrating hotspot support into the E-rate program would enhance remote learning capabilities and support the FCC’s commitment to educational equity. The increase would keep E-rate funding below the program’s $4.456 billion cap.

Limited time left to influence school and library cybersecurity

In November 2023, the FCC proposed the creation of a Schools and Libraries Cybersecurity Pilot Program—separate from the E-rate program—and sought comments on ways to fund enhanced cybersecurity and advanced firewall services for E-rate applicants. Under this proposal, interested schools and libraries would apply to participate in a pilot (or trial) program to receive funding for advanced cybersecurity projects.

Throughout the comment period, the Commission received nearly 40 comments from individuals and organizations who agreed that the FCC should move forward with the pilot, citing the critical need for advanced cybersecurity protections in schools. However, commenters stated they felt the three-year pilot needed to be shorter and its $200 million proposed budget should be higher. They also suggested the FCC refrain from narrowing the types of products, services, and technologies eligible for the program.

In comments Funds For Learning submitted to the FCC in January, we expressed our support for a shorter pilot window. We also proposed a higher $312 million pilot budget,  based on the average cost per participant for robust cybersecurity outlined in our 2021 E-rate Cybersecurity Cost Estimate report developed in conjunction with the Consortium for School Networking (CoSN). We also encouraged the FCC to empower applicants to use innovative and technologically enhanced solutions to protect their networks. Reply comments for the cybersecurity NPRM ended in February 2024.

Is your school or library prepared for E-rate Funding Year 2024?

Potential E-rate program applicants risk losing millions each year due to shortfalls in their E-rate processes and the need for insight into the FCC’s regulatory guidance. With the E-rate filing window now open through March 27, 2024, organizations must quickly evaluate their needs and complete eligible funding requests.

With the right data, school leaders can make informed decisions that maximize their budgets. New analytics and management tools can help service providers and school leaders manage their E-rate funds, meet critical application deadlines, and plan for the future.

The E-rate program continues to grow to meet the changing technology needs of schools and libraries due to the overwhelming number of voices expressing their needs and concerns with connectivity and cybersecurity. Continue to share your voice, and together, we can continue to improve the technology needs of schools, libraries, and our students.

Key points:

• Every auditor is different, and it’s critical to be prepared
• How schools can take full advantage of the FCC’s new cybersecurity program
• Hackers don’t take a summer vacation–neither can school cybersecurity
• For more news on cybersecurity, visit eSN’s IT Leadership hub

School cybersecurity audits don’t have to be stressful. If you know what to expect, you can be well prepared and set yourself up for future success. The effort put into the first audit will also pay dividends in the future–once the first audit has been completed, subsequent audits are much easier. You’ll be able to recycle information and make slight adjustments for any systems or processes that have changed in the last year. Most importantly, successful cybersecurity audits allow a school to obtain cybersecurity insurance–a growing need, and one that could be mandatory in the future.

So, what exactly are auditors looking for? There are usually a few overarching things they scrutinize: multi-factor authentication (MFA), secure backups, vulnerability/endpoint protection, and cybersecurity awareness training.

The auditor will provide a list of questions and related sub-questions, and will likely include these inquiries:

1. Is your school running anti-virus on your computers, and does it provide advanced vulnerability protection and detection? Are similar protections on your email server?
2. Are your backups ‘air-gapped’–do they exist separate from your production environment or in the cloud? This is critical for ransomware protection.
3. Is MFA turned on everywhere it makes sense to? MFA can stop most hackers, especially in the event of compromised passwords.
4. Are you training your teaching staff and employees in good cyber hygiene? The human element is the weakest link in the security chain, so keeping folks aware of the threats and what they look like is paramount to good security.

Expanding on these core questions, likely additional questions include those about specific technology. For example, what kind of Wi-Fi authentication is used? Do you use an identity management platform or RADIUS server? How secure is your VPN setup? Does VPN use MFA? What kind of MFA is used for VPN? Who has physical access to servers and backups? Do you have a backup and data recovery plan? How often do you test your backups?

When the auditor evaluates your school’s cybersecurity awareness training, they will often ask both for the cadence or frequency of these training sessions, including if they are mandatory for all employees or staff. Usually, the expectation is that trainings are held at least once a year with all employees required to attend, but more frequent trainings are always better. Sometimes schools schedule these cybersecurity trainings alongside harassment training. Depending on your school’s culture, it may be better to conduct the training via webinars to enable the full school staff to conveniently participate and ask questions to help reinforce the material.

Almost all these cybersecurity audit questions can be addressed with a simple explanation alongside a photograph, screenshot, or an official document showing procedures, policy, or proof of training. In addition, responses can include logs from your backup device detailing successful backups and/or recovery. You can attach your backup recovery or continuity plan alongside the audit as well. If you have additional evidence to prove a question on the audit, add it in.

Be advised, however–every auditor is different, and every audit sheet will ask questions differently. In some instances, questions may be worded strangely or open to some interpretation. In these situations, don’t fret–simply answer and provide evidence the best you can, and the auditors will let you know if more clarity or detail is required.

An audit can become quite difficult if your current IT staff is less technically inclined, or if they simply lack documentation and knowledge to explain how current systems work. It’s not unusual for things to get lost along the way, especially if your IT department has changed hands a few times. If you know this is the case, then you may want to start preparing your IT team ahead of an audit. You can even use this article as a practice test–talk to your team, ask these questions, and discuss where there may be blind spots. If you can get out ahead of these issues, you’ll have a much easier time when the real audit comes.

After the first cybersecurity audit has been completed successfully by your school IT team, it provides a template for your next one. Keep this as a ‘living’ document and ask your IT staff to update it accordingly if anything changes. Changed your MFA for VPN? Maybe you put in more robust identity management for Wi-Fi access?  Whatever the case, update your audit document to show this, and when the next audit comes around, you (or your IT team) can kick back, relax, and send it off to the auditors. Most importantly, a cybersecurity audit can help provide assurance that your school IT environment is secure and understood by your IT staff–and should the absolute worst happen, your cybersecurity insurance can help take care of the rest.

Key points:

• The education sector is a high-value target in today’s threat landscape
• Creating IEPs with GenAI while ensuring data privacy
• It’s not business, it’s personal: Building a culture of trust to protect data
• For more on student data, see eSN’s IT Leadership hub

When considering industries such as finance or healthcare, the potential for sensitive data to fall into the wrong hands is a common concern. These sectors are prime targets for cybercriminals due to the financial and personal information they store. But there is another critical area often overlooked in these discussions: education.

Our educational institutions, from elementary schools to universities, are not immune to the growing threat of cybercrime. They gather a lot of personally identifiable information (PII) such as contact details, health data, and Social Security numbers. For many K–12 students, this represents an early introduction to the risks of digital data collection–and, unfortunately, cybercrime. Schools across the U.S. are already seeing an uptick in cyber threats, making it clear that protecting student data should be a top priority.

Identity theft begins before graduation

The frequency of data breaches in the education sector surged in 2023, compromising the private information of students, parents, and educators. This highlights a significant vulnerability: While schools increasingly rely on digital tools and platforms to enhance learning, many lack robust cybersecurity measures to safeguard sensitive data.

Parents provide schools with sensitive information about their children at the start of each school year, such as immunization records and medical histories. This creates an opportunity for cybercriminals to exploit students’ personal data. For instance, in 2023, the MOVEit ransomware attack affected over 800 educational organizations, compromising the personal information of nearly 1.7 million individuals. Children are particularly vulnerable to identity theft because they rarely monitor their credit, making them prime targets for long-term fraud.

According to a report from Sophos, 80 percent of K–12 schools and 79 percent of higher education institutions in the U.S. were hit by ransomware attacks in 2022–a sharp increase from previous years. These incidents highlight the growing threat to educational institutions, where cyberattacks often exploit system vulnerabilities, putting student and staff data at serious risk.

Misunderstanding cybercrime motivations

Despite the alarming rise in attacks, many have grown worryingly apathetic. Social media is flooded with comments like, “When will hackers pay off my debts since they’re already in the system?”–a sentiment that reflects the growing indifference toward the constant threat of cybercrime.

This attitude stems from a misunderstanding of cybercriminals’ motives. It is crucial to remember that hackers and ransomware attackers are not pranksters–they are financially driven opportunists who aim to exploit vulnerabilities, steal data, and hold systems for ransom. This knowledge should fuel our vigilance and caution in the face of cyber threats.

Historically, education was not a prime target, but that has changed. Cybercriminals are increasingly focusing on schools and universities as lucrative targets. As this threat grows, securing data in educational institutions must become a higher priority.

Steps to prevent data theft in education

Weak cybersecurity measures have made educational institutions attractive targets for cybercriminals. Data from the 2024 Sophos State of Education report revealed that 85 percent of ransomware attacks on K-12 schools and 77 percent on higher education institutions involved data encryption. The financial toll has been significant, with the cost of recovering from attacks doubling for K-12 schools and quadrupling for universities.

A key issue is that educational institutions often disclose data breaches slowly. For instance, only 29% of K–12 schools publicly disclose cyberattacks, though the actual number of incidents is likely higher. This lack of transparency increases risks significantly, as individuals may remain unaware their personal information has been compromised for an extended period, making it harder to prevent further misuse of stolen data.

Cybercriminals continue to target educational institutions, and current security protocols are insufficient. While perfect security may be impossible, schools can take steps to improve data protection.

Prioritizing data protection in education

To better defend against cyber threats, the education sector must prioritize investing in comprehensive data protection solutions. Encryption and tokenization are two powerful techniques that can help shield student and teacher data by making it useless without proper decryption keys. Even if attackers breach a system, encrypted data remains inaccessible.

Schools must also adopt transparent cybersecurity policies. It is crucial to work with external vendors to ensure all digital tools and platforms meet strict security standards. Additionally, promoting cybersecurity awareness among parents, educators, and students can reduce the risk of human error, such as falling for phishing scams.

Conclusion

While the education sector is often overlooked in discussions about data security, it is undeniably a high-value target in today’s threat landscape. Protecting all data is important, but safeguarding the personal information of young students is especially critical. By investing in the right data protection technologies and fostering a culture of cybersecurity, schools can improve their defenses and protect the futures of both students and educators.

Now is the time to act before cybercriminals strike with even greater force. The security of our children and teachers depends on it.

Key points:

• The E-rate remains a vital part of schools’ access to edtech and connectivity
• New E-rate rules could narrow the homework gap
• E-rate insight protects school technology infrastructure
• For more news on the E-rate, visit eSN’s IT Leadership hub

Federal E-rate funding remains an essential function in bridging the digital divide, particularly for rural and underserved communities, according to an annual report from Funds For Learning, a leading advocate for educational technology funding.

The 14th annual E-rate Trends Report reveals the current successes and challenges of the E-rate program and evaluates how the program can most effectively support schools and libraries. School and library input is compiled and delivered directly to the Federal Communications Commission (FCC) to inform program administration.

More than 21,000 applicants and 3,700 vendors participate in the E-rate program, emphasizing its vital role in providing internet access for U.S. educational institutions. The 2024 E-rate survey, conducted in June, garnered 2,355 responses, about 11 percent of all applicants, offering valuable insights into stakeholder experiences and needs.

Key takeaways and comments from the report include:

E-rate’s vital role: Over 88 percent of respondents affirmed that E-rate funding is essential in ensuring equitable access to internet services, particularly for underserved and rural communities.

“The E-rate program is crucial for modern education. This program ensures schools can access vital technology for student learning. From broadband to Wi-Fi, this funding bridges the digital divide, empowering students with equitable access to educational resources, fostering innovation, and ultimately, shaping a brighter future for students.”
–California School District

“We are a very small rural library. My county has very poor connectivity options. My library’s Wi-Fi is used on a daily basis by people just sitting in their cars. The E-rate program has allowed a whole new group to be able to connect.”
–Rural Virginia Library

Cybersecurity remains a top concern: With the launch of the FCC’s $200 million Cybersecurity Pilot Program, protecting school networks is more critical than ever. Many respondents emphasized the increasing need for E-rate support in this area.

“Cybersecurity is increasingly becoming a greater part of our budgeted dollars, and we could definitely use E-rate dollars to support our endpoint protection, network monitoring, firewalls and filtering.”
–Wisconsin School District

“On the current times, the cybersecurity issue is top priority for almost any industry, but for a school is almost impossible to pay for this matter with their limited resources.”
–Puerto Rico School

Rising costs and service eligibility: As technology evolves, applicants are advocating for an expanded list of eligible services, with a significant focus on funding for cybersecurity and advanced networking tools.

“Our school district’s goal is to take full advantage of eligible services and would greatly benefit from cybersecurity services/software eligibility.”
–Texas School District

“Our schools could not operate or exist without E-rate Cat 1 and Cat 2 funding. This funding is essential for our schools to survive!”
–California School

“The findings in this report highlight the critical role of the E-rate program in bridging the digital divide for schools and libraries,” said Brian Stephens, director of stakeholder engagement at Funds For Learning. “However, we must prioritize expanding funding eligibility for cybersecurity services to protect our students and educators in an increasingly complex digital landscape.”

This press release originally appeared online.

Key points:

• A modern digital infrastructure is the critical foundation for successful esports programs
• The 4Cs: How esports promotes student development
• How esports can help students in the classroom (no, seriously!)
• For more news on esports, visit eSN’s Digital Learning hub

Esports programs are continuing to grow in popularity, as evidenced by the widespread adoption by schools across the country. In fact, the global esports market is projected to grow to $4.8 billion by 2030. While esports programs are more commonly found on college and university campuses, high schools and even middle schools have started launching programs. 

Participating in esports can help students develop teamwork and leadership skills, and may even lead to scholarship opportunities at certain colleges and universities, according to Scholarships.com. Technology serves as the underlying foundation for any scholastic esports program; however, organizers don’t need to have robust internal IT teams–the expertise of a technology partner can help get students into the esports arena. 

Bringing an esports program to life 

A modern digital infrastructure is the critical foundation for a successful esports program. In the world of online gaming, a few milliseconds can make the difference between a win or loss–with school pride, prizes, and potentially scholarships on the line. Latency or lag time in a school’s internet connection can significantly impact the outcome of a competition. Using a dedicated wired connection can provide optimal reliability and minimize latency. It is also helpful to consider service-level agreements (SLAs) from providers that not only guarantee reliability, but also include strong metrics for performance indicators such as latency. As the esports program grows, the digital infrastructure should be able to easily scale. The increased bandwidth required by adding more players and playing increasingly high-resolution games shouldn’t risk affecting other school operations on the network.  

The Cannon School, a K-12 school in Concord, North Carolina, has created a successful esports program that serves both as a recreational league and a competitive varsity sport. The school opted for a co-managed system where its service partner installed fiber connectivity and manages the security of the network–unified threat management that includes a firewall, advanced malware protection, and intrusion prevention–while Cannon School’s internal IT team manages the content filtering to ensure that students are accessing only age-appropriate websites.  

Approximately 60 students joined Cannon School’s esports program in its first two years of operating and about half compete on the varsity team. Tram Tran, the school’s Manager of Information Technology, credits its popularity to the simple fact that young people love computer gaming. Tran expects the school’s esports program to see a surge in participants over the next several years, and the implemented IT solution can easily scale to address the greater number of users on the system, as well as the ever-increasing data-intensive video games.  

“With our esports program, we are building this pathway from high school to college and then from college to the pros,” Tran said. 

Securing technology as the foundation for esports 

Understanding and implementing the technology foundation necessary may be daunting for schools with limited internal IT resources, but working with an experienced technology partner can help. Technology partners not only offer the expertise and guidance needed for implementing an esports program, but also can provide ongoing support–through managed network services–to ensure that network operations are continually monitored and that competitions have the bandwidth needed to run smoothly.  

According to the Consortium for School Networking (CoSN) on the 2023 State of EdTech Leadership, nearly half of respondents (45 percent) felt inadequately staffed to plan and implement new technology. Managed network services can offer schools peace of mind by monitoring for network performance and cybersecurity issues 24/7, freeing IT staff from day-to-day troubleshooting. Beyond supplementing staffing resources, managed services also offer the benefit of no upfront hardware ownership costs, and the fixed, regular expense offers predictability for schools’ budgets.  

Next steps 

For schools thinking about launching an esports program, a conversation with a potential technology solutions partner is a good place to start. An experienced partner can evaluate a school’s current IT network services, help identify what is required, and determine a realistic plan and timeline to establish a program. Schools equipped with a robust digital infrastructure can offer students unique opportunities to compete, collaborate, and thrive in the realm of esports, and leveraging managed network services for help with the technology performance can make things easier for the employees who are focused on the program’s execution and success.  

Key points:

• E-rate eligibility is expanding to Wi-Fi hotspots
• Critical insights on the 2025 E-rate program
• E-rate insight protects school technology infrastructure
• For more news on the E-rate, visit eSN’s IT Leadership hub

Learning is mobile–but how can schools provide reliable high-speed internet for students who need devices at home, but who lack connectivity?

In July, the Federal Communications Commission (FCC) approved the use of E-rate funds to loan Wi-Fi hotspots that support students, school staff, and library patrons without internet access.

For an update on the 2025 E-rate, register for an eSchool News webinar featuring expert insight.

The federal E-rate program provides discounts to help schools and libraries obtain affordable telecommunications and internet access. Over the years, the program has been modernized to focus support on bringing high-speed broadband to and within schools and libraries.  This latest action will help students gain access to educational resources that may have been previously out of reach and enable them to learn without limits.

“I believe every library and every school library in this country should be able to loan out Wi-Fi hotspots to help keep their patrons and kids connected. It is 2024 in the United States. This should be our baseline. We can use the E-rate program to make it happen,” said FCC Chairwoman Jessica Rosenworcel in a statement.

“That is why today we modernize E-rate to ensure that schools and libraries nationwide can loan out Wi-Fi hotspots to support high-speed internet access in rural America, urban America, and everything in between. The time to do this is now. We do not need to go back; we can go forward and make it possible for everyone to get the connections they need,” she added.

According to an FCC announcement, the new ruling will:

• Allow schools and libraries to use E-rate funding to loan out Wi-Fi hotspots and support high-speed internet access for students, school staff, and library patrons in both rural and urban parts of the country.
• Adopt a budget mechanism that sets a limit on the amount of support that an applicant can request for Wi-Fi hotspots and services over a three-year period.  In the event that demand for E-rate support exceeds available funding in a given funding year, eligible on-premises category one and category two equipment and service requests will be prioritized and funded before eligible off-premises equipment and service requests.
• Adopt numerous safeguards to protect the integrity of the E-rate program, including measures to ensure the supported Wi-Fi hotspots and services are in use, are used for educational purposes, are not funded through other sources, and are properly documented for auditing purposes.
• Require compliance with the Children’s Internet Protection Act.

“We commend the FCC for working to ensure that every student has the opportunity to thrive in a connected world. The approval of this initiative represents a forward-thinking approach to the E-rate program, aligning it with the realities of today’s educational landscape,” said John Harrington, CEO of Funds For Learning. “Learning extends outside the classroom or library to homes, while on the go, and in every community space. This move empowers schools and libraries to bridge the homework gap, providing students with the resources they need to succeed academically, regardless of their socioeconomic status or geographical location.”

Harrington added: “The COVID-19 pandemic highlighted the vital role of connectivity in education, and this decision makes it possible for more students and library patrons to gain internet access. Reliable internet access is fundamental to modern education, allowing students to participate fully in digital learning environments. This is a monumental step towards closing the digital divide and ensuring equitable access to educational resources for all. Funds For Learning is committed to supporting this expansion and will continue to advocate for policies that enhance the effectiveness of the E-rate program.”

On June 6, the FCC adopted a three-year, $200 million Schools and Libraries Cybersecurity Pilot Program, which will allow the FCC to obtain and analyze actionable data about which cybersecurity services and equipment would best help K-12 schools and libraries address growing cyberthreats and attacks against their broadband networks.

Through the pilot, the FCC aims to learn how to improve school and library defenses against sophisticated ransomware and cyberattacks that put students at risk and impede their learning.

The pilot will enable the FCC to gather the data needed to better understand whether and how universal service funds could be used to support the cybersecurity needs of schools and libraries and to share lessons learned with our federal partners to jointly combat this growing problem.

This article originally appeared on CoSN’s blog and is reposted here with permission.

Key points:

• AI tools can benefit students, but student privacy must be protected
• Creating IEPs with GenAI while ensuring data privacy
• It’s not business, it’s personal: Building a culture of trust to protect data
• For more news on GenAI in schools, visit eSN’s Digital Learning hub

In recent years, school districts have shown increasing interest in the potential of Generative AI (GenAI) to revolutionize education. GenAI offers the promise of enhancing personalized learning, streamlining administrative tasks, and providing innovative educational resources. However, as districts rush to adopt these cutting-edge technologies, they must carefully select the right AI tools to meet their unique needs. This rapid adoption brings significant risks, particularly regarding data privacy and accessibility.

Ensuring that AI tools protect student data and comply with accessibility standards is crucial for creating an inclusive and secure educational environment. This blog post will explore expert recommendations for selecting GenAI tools, helping districts navigate these challenges effectively. 

Data privacy considerations and recommendations for GenAI adoption in schools 

Linnette Attai, Project Director for CoSN’s Student Data Privacy Initiative and President of the compliance consulting firm PlayWell, LLC, shares insights on data privacy risks associated with adopting GenAI tools and offers guidance for responsible implementation. 

While security breaches are a common concern, Linnette emphasizes that protecting students’ privacy and data involves more than just avoiding breaches. There is a broader responsibility to safeguard students’ emotional well-being and personal information, or as she calls it, a ‘responsibility of care.’ Key privacy considerations include: 

Ownership and control of data:

District leaders should be cautious when using large language models not specifically designed for educational purposes. These models might use student data to further train the AI, raising concerns about the commercial use of personal information and potential exposure of sensitive data. In addition, for some districts, any type of commercial use of personal information is unlawful. 

Linnette advises districts to adhere to fundamental practices when adopting new tools: 

1. Have a clear objective: Despite the growing popularity of GenAI tools, districts should identify a specific reason for their use. This approach ensures that the tool aligns with district needs and maximizes its impact on student outcomes. 
2. Be informed before testing: Districts must thoroughly understand the tool, including its privacy practices, security measures, and contract terms, before making a commitment. Especially, districts must ensure that the tool will be used solely for educational purposes. 
3. Start with staff: Testing AI tools with staff, rather than students, helps avoid premature exposure of student data. Some companies offer beta tests or sandboxes for staff to simulate student experiences, which can be a valuable way to assess the tool’s effectiveness. 

A practical example: Hinsdale Township High School District 86 

Keith Bockwoldt, Chief Information Officer for Hinsdale Township High School District 86 in Illinois, shares his district’s thoughtful approach to GenAI. Keith’s ‘Reimagining Learning through Innovation’ program allows teachers to pilot new tools funded by the district’s IT budget. Teachers submit proposals for evaluation, which are assessed for compliance with data privacy policies before pilot implementation. Teachers must then provide evidence of the tool’s impact by year-end, and the department reviews whether the tool should be adopted more broadly. 

Keith highlights two critical considerations: 

1. Vendor compliance: He ensures vendors are aware of and comply with data privacy policies, such as the Student Online Personal Protection Act (SOPPA). He discusses data protection measures, including data purging and storage practices. 
2. Ongoing vendor engagement: Continuous communication with vendors is crucial for maintaining compliance with data privacy standards. 

Ensuring accessibility 

Jordan Mroziak, Project Director for AI and Education at InnovateEDU, emphasizes the need for a deliberate approach to adopting new technologies. He warns against the educational arms race of adopting unproven or potentially unsafe AI products. Instead, districts should focus on meeting the needs of all students, particularly those who are underserved or disadvantaged. As a helpful resource, Jordan shared his and his colleagues’ work with the EdSAFE AI Industry Council, which aims to offer guidance and reliable standards for districts exploring GenAI tools. Companies join this alliance by demonstrating how their products adhere to the SAFE framework for AI, which focuses on safety, accountability, fairness, equity, and efficacy. This collective effort ensures that AI tools are developed with these critical principles in mind, promoting responsible and effective use. 

Additionally, the recent update to ADA Title II requires that accessibility is prioritized from the beginning. Districts must choose AI tools that comply with ADA standards and ensure equitable access for all students. This process includes assessing tools for adherence to accessibility guidelines, involving diverse stakeholders in testing, and making adjustments to meet various learning needs. By addressing these requirements proactively, districts can ensure that their AI tools are inclusive, effective, and legally compliant, thereby maximizing technology’s benefits for every student. 

For more recommendations on accessible GenAI implementation, read Blog 5 of this series: Adapting to ADA Title II: Effective Strategies for Accessible AI in Education. 

The integration of Generative AI tools into education offers significant opportunities for enhancing learning and efficiency. However, it also poses challenges related to data privacy and accessibility. Thoughtful implementation and ongoing evaluation are essential to maximize the benefits of these tools while ensuring the protection and support of all students. 

Key points:

• Schools should be able to educate students without worrying about disruptive cyberattack
• Hackers don’t take a summer vacation–neither can school cybersecurity
• Schools must bolster network continuity as they adopt more technology
• For more news on cybersecurity, visit eSN’s IT Leadership hub

K-12 school districts are becoming an increasingly popular target of ransomware operations and other cyber threat actors. Ransomware attacks alone targeted 108 U.S. school districts in 2023–more than double the 45 attacked in 2022. Just as the 2024 school year was about to start, a ransomware attack shut down some schools in the United States and Great Britain, including 34 schools serving 17,000 students in the Seattle area.

And although the number of attacks overall declined somewhat during the past year, the costs of those attacks are escalating. So far in 2024, recovery costs for K-12 schools are averaging $3.76 million, more than double the costs from 2023.

The wealth of personal information that school districts hold on students and parents makes them a prime target for cybercriminals looking to exploit or sell the data on black markets. The fact that many schools rely on older, underfunded IT infrastructure and have not invested heavily in cybersecurity controls or defenses also makes them easier to breach–and smaller IT departments with fewer resources also mean they are slower to respond to threats.

Thankfully, the much-needed funding and resources needed to enhance schools’ cybersecurity infrastructure is coming. The Federal Communications Commission (FCC) recently announced that it is making up to $200 million available in reimbursements to help schools, school districts, and libraries purchase equipment and services to improve their cybersecurity postures.

The Schools and Libraries Cybersecurity Pilot Program, intended to help institutions improve protection against ransomware and other attacks, is accepting applications from schools, libraries, or consortia until November 1. Before applying for the pilot program, however, institutions should make an effort to understand their current security postures and vulnerabilities–and how the categories of services and product available can help–to fully ensure requested services will address the most important vulnerabilities and infrastructure challenges they face.

Let us first review the covered services and equipment, which involve four basic categories of cybersecurity.

The four pillars of cybersecurity the pilot program addresses

Advanced/next generation firewalls. These network security software process network traffic and apply rules to block potentially dangerous traffic. While most schools likely have a firewall in place, internally managed firewalls are time-consuming and laborious to administer.

Endpoint protection. Endpoint protection and response (EDR) tools monitor endpoints such as laptops, smartphones, and other devices for signs of attack or anomalous behavior. This is also a solution that some schools may already have. For example, schools using a provider like Microsoft could have licensing that includes some amount of endpoint protection, but it’s likely not robust. It’s encouraged that schools look at what they have in place for their tech stack to determine the extent of their current EDR capabilities.

Identity protection and authentication. As credential compromises have become the primary means of access for attackers, the front line of defense has shifted from endpoint devices to the user. This means that individual users, particularly those with privileged access, will be the most likely target for cybercriminals. Identity and access management (IAM) tools control which users can access resources. As schools adopt more digital platforms for learning, administration, and communication, these tools help manage and control who has access to various resources, ensuring that only authorized individuals can access sensitive data like student records, health data, and financial details. As with EDR tools, current IAM tools provided to schools may not be robust enough.

Monitoring, detection and response. This category includes equipment, services, or a combination of both that monitor and/or detect threats to a network and take responsive action to remediate or otherwise address those threats. This includes managed service providers, who combine technology with human expertise to identify attackers and limit the impact of threats as they move through a school’s network. Under current budget constraints, this is the capability schools and libraries are least likely to have, as it requires a dedicated team to ensure no malicious actors are in the network.

Beyond funding: Essential next steps for maximizing the FCC pilot program

School districts must first understand the risks and where they stand in relation to them to fully reduce their vulnerability to cyberattacks. Once they understand which services they have and the extent of those services, they can then identify any gaps in security capabilities and make a plan for speaking to the appropriate vendors of those tools.

To make the most use of the program and the funding the FCC will supply, schools need to choose their solutions carefully. Schools can ensure cybersecurity vendors will meet their needs by following some key steps:

Put vendors through their paces. It’s important to identify the right vendors for what you need. Ask vendors to demonstrate how they have responded to attacks, as well as their proven experience in working with schools or educational institutions. These vendors will better understand the specific challenges schools face, such as limited budgets, varied user groups (students, staff, parents), and the need for a secure but accessible online learning environment.

Check customer references. Request references from other K-12 districts that have used the vendor’s services. This provides insights into the vendor’s ability to deliver on their promises, handle sensitive data, and provide ongoing support. A positive customer reference can be a major indicator of whether the vendor and their solution will be suitable to address your own needs.

Check for important features and support. A major block to getting adequate security in place within school districts is at the top of the pyramid. When evaluating vendors in any category, a key area where they can provide support is their ability to offer tabletop exercises that can engage and educate administrators and other faculty who might not understand or appreciate security. These exercises simulate real-world cyberattacks to help schools prepare for potential incidents, allowing them to practice their incident response in a low-risk environment, ultimately improving their overall cybersecurity posture. They also serve as an educational tool, raising awareness about common attack vectors like ransomware or phishing so the entire staff can be better prepared to recognize and respond to cyber incidents. Finally, they can help uncover vulnerabilities in communication, decision-making, and technical defenses–allowing leaders to understand cybersecurity deficiencies firsthand and the devastating impact they can have.

When considering monitoring, detection, and response (MDR) solutions, there are a few capabilities that are essential for robust cybersecurity. The first is user and entity behavior analytics (UEBA), which uses machine learning to help identify signs of insider threats, external attacks, and risky behavior on a network, including endpoints. It allows schools to identify whether behavior meets the standard baseline or if it’s starting to stray. For example, someone accessing an Oregon school network from the Bahamas might look fishy, but if it’s a teacher on vacation there, it could be okay.

MDR tools should also be autonomous. A solution must be able to capture information and respond automatically. If it identifies stolen credentials being used on the dark web, for example, ensure that it can initiate password resets and disable those credentials. There are various touch points that can indicate a ransomware attack or data exfiltration, such as file modifications, registry keys being added, or auto run tasks being added to the registry. A solution should be able to detect that activity and stop it before too much damage is done. In other words, these solutions should block and tackle as criminals make moves.

Safeguarding education through smart cyber investments

Schools focus primarily on educating students–and as educational institutions, their mindset has traditionally leaned toward sharing, rather than protecting, information. Cybersecurity has not always been top of mind. But the trend in cyberattacks, which can shut down schools and prevent them from teaching, is changing that.

Schools need to strengthen their cybersecurity postures, and programs like the FCC pilot can help. By clearly assessing their current security posture and taking action to close any gaps in their defenses using the appropriate services and equipment, they can get back to their main goal of educating their students without worrying about suffering from disruptive cyberattacks.

This story on data privacy in special education originally appeared on CoSN’s blog and is reposted here with permission.

Key points:

• Ensuring data protection helps prevent discrimination and stigmatization
• How to maintain secure access and data privacy
• It’s not business, it’s personal: Building a culture of trust to protect data
• For more news on data privacy, visit eSN’s IT Leadership hub

Adam Garry is the former Senior Director of Education Strategy for Dell Technologies and current President of StrategicEDU Consulting. Through his expertise as a professional development strategist, he has supported districts in the implementation of Generative Artificial Intelligence in their schools. CoSN approached him to discuss the importance of data privacy and the different approaches towards creating IEPs with GenAI while ensuring student data privacy. 

Protecting the data of students with disabilities is crucial for several reasons. Firstly, all students have a right to privacy, and their personal and sensitive information must be kept confidential to protect them from unwanted exposure of their Personal Identifiable Information (PII) and its potential misuse. Ensuring the protection of this information helps prevent discrimination and stigmatization, and in more critical cases, identity theft. To ensure data privacy, legal standards such as FERPA and IDEA have been designed, which require schools to limit the access to the students’ PII. When it comes to the use of Generative AI tools, educators must be aware of the data privacy risks that their implementation entails. 

Special education professionals have started to notice the potential of Generative AI to create Individualized Education Programs (IEPs), as it could help provide recommendations of personalized learning experiences by analyzing vast amounts of data, and tailor educational paths to each student’s unique needs. However, there is a critical concern: IEPs require detailed information about students’ disabilities, learning needs, medical history, and academic performance. Because many AI tools and platforms used in education are developed by third-party vendors, sharing student data through these tools requires trusting that vendors will handle the data responsibly and securely. Any lapse in their data protection practices can result in unauthorized access or exposure. 

Adam suggests a three-level solution for the safe implementation of Generative AI in school districts. The levels are organized in terms of how much personalization of the tool is possible. For each level, he mentions that it is necessary to ponder their risks and rewards. 

General level: Utilizing a Large Language Model (LLM) like Google’s Gemini or Microsoft’s Copilot 

Google and Microsoft have created their own GenAI tools specifically targeted for educators. At a more general level, these tools could be valuable to create personalized content for students. 

1. Reward: Microsoft and Google ensure their tools comply with student data protection regulations. These tools protect user and organizational data while chat prompts and responses are not saved. Additionally, these companies ensure that students’ information is not retained or used to train the AI models (Microsoft Education Team, 2024; Google for Education, n.d.). 
2. Risk: The risk is very low in terms of security, yet it exists. Moreover, there might be some loss in functionality compared to other tools, as it cannot build on from a prompt standpoint. In other words, the prompt cannot “learn” from previous answers, as the latter are not saved by the model.

Small Language Models

Educators could utilize technology from Microsoft or Google to build a Small Language Model. Small Language Models are simpler, more resource-efficient text processors that handle basic language tasks and can be easily deployed on everyday devices like smartphones. Districts can strip out the LLM functions they do not need and focus the tool on specific tasks, such as creating IEPs. 

1. Reward: An SLM maintains the privacy protections established by Google or Microsoft while personalizing the tool for a specific need. By targeting a specific task, it is also easier to set specific guardrails and train teachers. 
2. Risk: In addition to the risks mentioned with LLMs, they might have a more limited knowledge base compared to an LLM. 

The Open-Source Model

The district could create their own GenAI application through the use of an open-source model. This model is a type of artificial intelligence (AI) where the underlying code and data are made publicly available for anyone to use, modify, and distribute. 

1. Reward: The models are highly customizable, allowing districts to tailor them to their specific needs and integrate them with existing systems. This allows them to maintain control over their data, ensuring it is used in compliance with privacy regulations and local policies. 
2. Risk: Setting up and maintaining an open-source model requires significant technical expertise and substantial computational resources, which may necessitate additional investments in infrastructure and staff training. There are security risks involved in handling sensitive student data, and ensuring robust protection is essential. Unlike proprietary software, open-source projects may lack formal customer support, and ensuring legal and regulatory compliance can be complex and challenging. 

Whatever option is selected, Adam highlights the importance of merging the framework that the district has already in place to protect data privacy and go about specific tasks (such as the creation of IEPs) while detailing the tools, guidelines, and resources required in the implementation of GenAI tools. 

Integrating Generative AI tools in school districts offers significant benefits, particularly in creating personalized learning experiences and Individualized Education Programs (IEPs). However, it’s crucial to balance these innovations with strong data privacy measures. By choosing the right AI model—whether a general Large Language Model, a tailored Small Language Model, or a customizable open-source model—districts can enhance education while protecting sensitive student information. With careful planning, school districts can use AI to support diverse student needs in a secure, inclusive environment. 

References: 

Microsoft Education Team. (2024, January 23). Meet your AI assistant for education: Microsoft Copilot. https://www.microsoft.com/en-us/education/blog/2024/01/meet-your-ai-assistant-for-education-microsoft-copilot/ 

Google for Education. (n.d.). Guardian’s Guide to AI. https://services.google.com/fh/files/misc/guardians_guide_to_ai_in_education.pdf

Key points:

• As AI grows in prominence, workers will need highly-qualified AI skills
• New group targets AI skills in education and the workforce
• 5 critical priorities for AI in education
• For more news on IT challenges, visit eSN’s IT Leadership hub

Although a high majority of enterprises are adopting AI in some capacity (88 percent), many still lack the necessary data infrastructure and employee skills to truly benefit from it, according to a new survey from Cloudera, a hybrid platform for data, analytics and AI.

The State of Enterprise AI and Modern Data Architecture is based on a survey of 600 IT leaders located in the U.S., EMEA, and APAC regions and explores the challenges and barriers that exist for enterprise AI adoption across global enterprises and current applications.  It also analyzes plans for AI adoption, the state of data infrastructure, and the benefits of hybrid data management in relation to enterprise AI adoption.

In recent years, AI has become a global phenomenon, namely for its ability to supercharge business operations, enable informed decision making, accelerate innovation, and enhance experiences for both employees and customers.

However, not every organization has been able to reap the benefits. The survey found that the top barriers to adopting AI were worries about the security and compliance risks that AI presents (74 percent), not having the proper training or talent to manage AI tools (38 percent), and AI tools being too expensive (26 percent). These findings signal that despite rapid AI adoption, many pillars of a resilient AI strategy are being neglected or forgotten.  

As AI tools become more prominent in all industries, K-12 and higher education face the major challenge of producing graduates who have the necessary AI skills to compete in the workforce.

As AI evolves and cements its place in the global economy, educators and stakeholders recognize that in addition to using AI in learning, students will need to develop AI skills and knowledge to succeed in the workforce–and efforts are underway to do just that.

A new commission comprising policymakers, education leaders, business leaders, and education stakeholders from 16 states is tackling AI’s role in education from kindergarten through postsecondary programs, focusing on AI skill readiness and policy development.

The Southern Regional Education Board (SREB) Commission on Artificial Intelligence in Education is chaired by South Carolina Gov. Henry McMaster and is co-chaired by Brad D. Smith, president of Marshall University (WV) and former Intuit CEO.

The commission will review research and industry data and hear from education experts as it develops recommendations for southern states around using AI in teaching and learning, developing AI-related policies, and preparing students for careers in AI.

Survey findings

A key finding of the survey is that all AI efforts are ultimately tied back to trustworthy data. While 94 percent of respondents said that they trust their data, 55 percent also said they would rather get a root canal than try to access all of their company’s data. This frustration is driven by challenges including contradictory datasets (49 percent), an inability to govern data across platforms (36 percent), and too much data (35 percent). These areas of frustration signal that many enterprises might be missing a modern data architecture that empowers organizational-wide access to data–wherever it may live–in a secure, accessible and trustworthy manner.

From automating and streamlining IT processes, to building chatbots capable of supporting front-line customer needs quickly and effectively, to leveraging analytics to foster better decision-making, the survey revealed the top use cases for AI included improving customer experiences (60 percent), increasing operational efficiency (57 percent), and expediting analytics (51 percent). 

• Improving customer experience: Companies are applying AI technology to enhance security and fraud detection (59 percent), automate aspects of customer support (58 percent), leverage predictive customer service (57 percent), and power chatbots (55 percent), all with a goal of giving customers a safer, simpler, and more intuitive experience. 
• Increasing operational efficiency: AI is being integrated into nearly every facet of business. The survey found that IT departments are not the only ones using AI, 52 percent of respondents reported using it for customer service like better informed chatbots, and 45 percent indicated it’s used for marketing, such as analyzing call center data to offer more targeted incentives to customers. 
• Expediting analytics: Faster, easier, and more dependable access to analytics means more informed decision making, giving the companies leveraging AI a distinct competitive advantage. Nearly 80 percent of respondents said it is either “completely” or “very” true that their company is using all of the data at its disposal to make smarter business decisions. This data provides mission critical information, so access to all of an organization’s data is critical. 

“For the majority of companies, the quality of their data is not great, it’s distributed across various infrastructures and not documented in an efficient manner, and we’re seeing the fallout from that presented in the challenges identified by the survey,” said Cloudera Chief Strategy Officer Abhas Ricky. “Managing data where it resides is the most important thing when it comes to adopting AI–being able to run models in a cost efficient manner where that data already lives. Instead of bringing the data to the models, enterprises are starting to realize the advantages of bringing AI models to their data.”

This press release originally appeared online.

Key points:

• As we enjoy summer, we can’t forget school cybersecurity challenges
• It’s time to rethink cybersecurity in education
• Schools must bolster network continuity as they adopt more technology
• For more news on K-12 cybersecurity, visit eSN’s IT Leadership hub

School’s out for summer but, for admins, there’s no final bell. Ransomware attacks in education are doubling year-on-year and the arrival of the summer holidays doesn’t mean to expect fewer attacks. Recent history shows that hackers actually ramp up their activity during vacations and long weekends.

The good news is that summer skeleton crews can fight back–slowly but surely–by focusing their limited resources on mapping ecosystems, patching devices, and enforcing strict password practices.

When classrooms empty, cyber threats multiply

Research by Check Point backs up the theory that as we head out to enjoy the sun, hackers head to work. They know that most employees are on vacation, security teams are understaffed, and that schools are “data rich, resource poor.”

Moreover, they’re aware that most schools are still catching up to the rapid digitization imposed by remote learning and COVID-19 lockdowns. A stark example occurred in 2022 when the Los Angeles Unified School District, the nation’s second-largest school system, fell victim to a ransomware attack over Labor Day weekend. The breach resulted in a significant data leak, compromising sensitive student information.

Unfortunately, things haven’t gotten much better since this massive breach. A report last year from Emsisoft revealed a surge in K-12 cyberattacks with cases more than doubling from 45 in 2022 to 108 in 2023. This escalation isn’t coincidental. Cybercriminals target schools because they host sellable information on comparatively outdated systems with lower defenses. To bad actors, summer vacation represents a golden opportunity to exploit network backdoors and potentially remain undetected for weeks, maximizing the attack’s impact and profitability.

It’s therefore up to education to take the target from its back. This involves a two-pronged approach: bolstering security measures and making attacks less financially rewarding. Summer presents an ideal opportunity to initiate both of these crucial improvements.

Three steps for stronger school cybersecurity

To the first point–bolstering security measures–IT can make a big difference to school cybersecurity today and tomorrow by focusing on three elements over the break.

First, begin with a comprehensive inventory of all devices connected to the network. A unified endpoint management platform, for example, can reveal the extent of the ecosystem. This is what Canada’s Barnaby School District did across its 41 elementary schools and 8 secondary schools, uncovering more than 2,000 additional endpoints than previously thought. In effect, this represents 2,000 potential network entry points. Knowing what’s connected is the first step to protecting what’s connected.

Next, ensure that every endpoint is updated with the latest software. Roughly half (45 percent) of reported software vulnerabilities from last year remain unpatched–a big concern considering that such exploitable vulnerabilities are responsible for almost two-thirds of all data breaches. Good patch management starts by setting a strategy for implementation, like establishing alerts and leveraging unified consoles, and working towards regular device audits, patch testing, and rollback plans.

Finally, get serious about access. Complex passwords backed by multi-factor authentication are the gold standard for a reason. If hackers crack a device password, asking for an additional phone code or fingerprint scan sets another obstacle in their way. Before something like zero trust network architecture is mandated in education like in the military–and here’s hoping–admins can effectively thwart hackers without breaking the bank via stricter access controls. 

A summer test education can’t afford to fail

Schools can’t tackle this challenge alone. We need policymakers and school districts to step up, not just during summer but year-round. Their support is vital in funding additional resources and tackling the second point–making attacks less financially rewarding.

One area that demands top-down leadership is the issue of ransom payments. The education sector faces the highest rates of ransomware attacks across all industries, with about half (47 percent) of globally affected schools paying to recover stolen data. While banning ransom payments could help discourage these criminals, I acknowledge this is a complex issue with no easy solutions.

Encouragingly, cybersecurity coordination is advancing at the national level. This March saw the formation of the Government Coordinating Council for the Education Facilities Subsector. This collaborative effort unites federal, state, and local governments to provide schools with essential guidance and resources for strengthening their cyber resilience. By tapping into the expertise of the Department of Education and the Cybersecurity and Infrastructure Security Agency, schools can make significant progress in safeguarding data and protecting staff and students.

As we enjoy summer, let’s not forget the cybersecurity challenges facing our schools. By focusing on device inventory, software updates, and access control, skeleton crews can go a long way to thwarting potential attacks and laying the groundwork for the new school year. 

The summer months may be a break for students, but they’re the ultimate test for school cybersecurity–and one we can’t afford to fail.

Key points:

• Many school district policies prohibit the installation of new cell towers at schools
• The surprising/unsurprising things education IT leaders have to say 
• Tech investments determine school success
• For more news on safe tech, visit eSN’s IT Leadership hub

Around a decade ago, districts began installing Wi-Fi technology in schools to facilitate access to enhanced “21st century” educational resources. Before Wi-Fi, students used computers plugged in through ethernet cords in dedicated computer rooms. Today, even kindergarteners sit in circles on the floor with Wi-Fi tablets on their laps. 

Although Wi-Fi is certainly convenient, wireless devices emit radio frequency radiation (RFR), considered an environmental issue in today’s classrooms. A growing body of research indicates RFR exposure can pose serious health risks. To protect children’s health, countries such as France, Israel, and Belgium prohibit Wi-Fi in kindergartens. Since 2019, France has ensured wireless devices are labeled with warnings which read: “Keep radio equipment away from the belly of pregnant women, and away from the lower abdomen of adolescents.”

Thankfully, there are many simple ways to reduce RFR exposure in the classroom. Here is what you need to know: 

Sources of RFR exposure

The multiple RFR sources in a typical classroom include tablets, laptops, cell phones, clickers, cell boosters, and Wi-Fi networks. Cell towers on or near schools will also elevate ambient RFR levels, particularly in nearby sports fields and playgrounds. 

Children are uniquely vulnerable

The American Academy of Pediatrics has long recommended reducing children’s RFR exposure because of their unique vulnerability. RFR penetrates deeper in children’s brains and bodies due to their thinner skulls, higher water content in brain tissue, and physiology. In addition, children’s rapidly developing brains are more sensitive to exposure than are adults. 

Scientific research

In 2011, the World Health Organization International Agency for Research on Cancer reviewed the science and determined RFR was a “possible” Class 2B carcinogen, which is in the same category as lead and several pesticides. That year, the Parliamentary Assembly of the Council of Europe passed Resolution 1815 calling on European governments to “take all reasonable measures” to reduce exposure “for children…particularly in schools and classrooms, give preference to wired Internet connections…”

Since 2011, the scientific evidence on health effects from RFR exposure has continued to mount, with the vast majority of studies indicating adverse biological effects. Controlled experimental studies carried out in a number of countries have found that even very low levels of RFR exposure can disturb biological cell communication, weaken membranes, and impact brain development. Several experts have concluded that current science indicates that RFR is a human carcinogen. 

Outdated government regulations 

When parents raise concerns about health effects from Wi-Fi or school cell towers, administrators often take RFR measurements to ensure compliance with U.S. human exposure limits. However, these outdated limits, set by the Federal Communications Commission (FCC) in 1996, were designed only to address the overheating effects of short term exposure (an hour or less). Regulations do not protect for effects of long-term exposure.  In 2021, a federal appeals court ordered the FCC to explain how its 1996 limits adequately protect children’s unique vulnerability and the effects of long term exposure. Some three years later, the FCC has not responded. 

The International Commission on the Biological Effects of Electromagnetic Fields states:

“From a public health perspective, the FCC and ICNIRP should make the public aware of their exposures to RF and promote precautionary measures to minimize potential adverse effects, especially for children and pregnant women.” 

Expert recommendations 

Many public health agencies as well as medical and scientific organizations are recommending that schools take prudent measures to limit student exposure to RFR in the classroom to mitigate potential health risks, cautioning that U.S. regulations are not protective. 

In 2023, the Santa Clara County Medical Association released “Best Practices For Safe Technology in Schools,” referencing the scientific evidence indicating neurologic, genotoxic, immunologic, reproductive and hormonal effects from RFR, stating: 

We have become especially concerned with the dramatic increase in the use of this technology in schools resulting in exponentially higher levels of non-ionizing radiofrequency electromagnetic radiation (EMR) emitted by these wireless devices.

Many school districts and municipalities have passed policies prohibiting the installation of new cell towers at schools. Joshua Pearce, a professor in Electrical Engineering from Michigan Technological University, published a 2019 research review concluding that there is adequate medical-scientific evidence to warrant long-term liability concerns and he recommends cell towers be at least 500 meters away from schools. In 2020, the New Hampshire State Commission on 5G released a Final Report recommending that cell towers be distanced from schools and that Wi-Fi be replaced with safer technology in schools and libraries. 

Teacher unions have passed resolutions and numerous resources are available to educate students on safer ways to use modern technology. The United Educators of San Francisco passed a resolution recommending that the California Department of Public Health cell phone radiation guidance be posted in all classrooms. The Collaborative for High Performance Schools, the United States’ first green building rating program designed for K-12 schools, developed Best Practices for Low RFR classrooms in 2014 and the interdisciplinary Maryland State Children’s Environmental Health And Protection Advisory Council also recommended safer classroom technology in 2017. 

For example, the Massachusetts Breast Cancer Coalition produced educational modules for K-12 students on various environmental exposures, including cell phones, which are free to download and use in your classroom. 

Ways to minimize RFR in the classroom 

School policies 

• Cell phones turned completely off and away from the body, not muted 
• Prohibit leases for cell towers on school property 
• Monitor RFR levels in classrooms and remediate elevated levels

Classroom practice

• Ensure iPad and tablets are used on tables, not laps
• Teach students how to use airplane mode and work offline 
• Screen movies for students to watch collectively, not by virtual reality 

Educate students on how to reduce cell phone radiation 

• Use a speakerphone, instead of a phone to the head
• Carry the phone away from the body, not in a pocket or bra 
• Use wired, not wireless, headsets
• Turn the phone off and move it away from the bed at night
• Educate students on situations where devices emit higher RFR so students can reduce usage in these conditions
• Text rather than video chat; minimize wireless streaming
• Show students how to connect devices to the internet with ethernet cords 

School tech systems

• Prioritize hardwired internet connections
  • Install and utilize ethernet ports in each classroom to enable hardwired connections for laptops and tablets, instead of Wi-Fi
  • Purchase tech that offers ethernet ports and an easy way to turn devices on airplane mode
  • Connect accessories (keyboards and mouse) with cords, not wireless 
  • Connect stationary equipment, including printers, projectors, and IoT devices with ethernet and corded connections 
• Use pre-downloaded software, rather than cloud based, so students can work offline as often as possible
• When using Wi-Fi
  • Reduce the power output level of Wi-Fi routers so that they provide only the desired coverage; also, consider using low-emissions routers when replacing them
  • Install On/Off Switches to disable Wi-Fi access points. Default settings should be set to off
• Install hard wired ethernet internet systems in new construction  
• Install hard wired telephones in every room, not cordless–this is important for security reasons as well as for lowering radiation

Resources  

California Department of Public Health, Cell phone advisory 

Maryland State Children’s Environmental Health and Protection Advisory Council, Guidelines to Reduce Electromagnetic Field Radiation 

Santa Clara California Medical Association, Recommendations for Best Practices for Safe Technology in Schools

New Jersey Education Association, Minimize health risks from electronic devices 

New Hampshire State Commission on 5G Final Report to Study the Health and Environmental Effects of Evolving 5G Technology 

Collaborative for High Performance Schools, Low EMF Best Practices Summary 

Massachusetts Breast Cancer Coalition, “Lets Talk Prevention” educational modules

Environmental Health Trust: Educational Resources for Students  

References 

Davis, D., Birnbaum, L., Ben-Ishai, P., Taylor, H., Sears, M., Butler, T., & Scarato, T. (2023). Wireless technologies, non-ionizing electromagnetic fields and children: Identifying and reducing health risks. Current Problems in Pediatric and Adolescent Health Care, 53(2), 101374.  

Clegg, F. M., Sears, M., Friesen, M., Scarato, T., Metzinger, R., Russell, C., Stadtner, A., & Miller, A. B. (2020). Building science and radiofrequency radiation: What makes smart and healthy buildings. Building and Environment, 176, 106324.  

International Commission on the Biological Effects of Electromagnetic Fields (ICBE-EMF), (2022). Scientific evidence invalidates health assumptions underlying the FCC and ICNIRP exposure limit determinations for radiofrequency radiation: implications for 5G. Environ Health. Oct 18;21(1):92.

Fernández, C., de Salles, A. A., Sears, M. E., Morris, R. D., & Davis, D. L. (2018). Absorption of wireless radiation in the child versus adult brain and eye from cell phone conversation or virtual reality. Environmental Research, 167, 694–699.

Miller, A. B., Sears, M. E., Morgan, L. L., Davis, D. L., Hardell, L., Oremus, M., & Soskolne, C. L. (2019). Risks to Health and Well-Being From Radio-Frequency Radiation Emitted by Cell Phones and Other Wireless Devices. Frontiers in Public Health, 7.  

Pearce, J. M. (2020). Limiting liability with positioning to minimize negative health effects of cellular phone towers. Environmental Research, 181, 108845.  

Key points:

• Institutions should consider always-on connectivity through OOB management
• FCC adopts $200M cybersecurity pilot program
• Critical steps to help school districts combat ransomware attacks
• For more on network continuity, visit eSN’s IT Leadership hub

Technological innovations have always been a vital aspect of education, with today’s classrooms coming a long way from chalkboards and overhead projectors to the latest in cloud computing and the Internet of Things (IoT) devices. Network infrastructure is at the heart of these modern technologies, enabling the resources and devices teachers and their students use daily.

Unfortunately, many institutions do not have suitable networking solutions in place to facilitate always-on connectivity. Should a human error or a cyberattack compromise the network, these technologies could become unavailable, making essential educational processes impossible.

The consequences and causes of network downtime in education  

As educators become more reliant on network-dependent technologies to do their jobs, the greater the consequences when these things become inaccessible due to unexpected network outages. Just as the driver who only uses their backup camera struggles to reverse without it, so is the predicament educators find themselves in today.

Online learning, for example, requires constant connectivity–should the network go down, students will have no way of accessing learning materials or turning in assignments. Likewise, network outages can block staff from accessing financial and operational systems and learning management applications. In some cases, educators may be unable to complete fundamental tasks such as taking attendance or using grading systems.

In addition to disrupting educational processes and jeopardizing productivity, network outages can be expensive, mounting up tangible costs in recovery fees as well as intangible costs such as damaged reputations. Research from Comparitech shows that between 2018 and mid-September 2023, ransomware attacks against K-12 and higher education institutions around the world cost over $53 billion in downtime.

In recent years, cyberattacks on K-12 schools have increased mainly due to these institutions being easy targets for bad actors. A 2022 U.S. Government Accountability Office report found that classes can take up to three weeks to return to normal after an attack. The report also notes that behind the scenes, some districts can take nine months to recover.

Bolstering network resiliency with Out-of-Band Management

There are two ways to manage a network: in-band management and Out-of-Band (OOB) management. Many education institutions rely on the former, which involves managing the network through the network itself. The issue with this methodology is that when an outage occurs, there is no way for network engineers and IT personnel to access remote devices and remediate the problem.

Alternatively, OOB management allows network engineers to establish a separate management plane that operates independently from the data plane or productive infrastructure. In other words, a school’s technicians can use OOB management to reach remote devices without directly accessing the IP production address in the data plane. Even if the network is down, IT teams can still access, manage, and remediate devices remotely and securely.

Some best-in-class OOB management solutions allow network engineers to detect and remediate issues through proactive monitoring, including systems that automatically notify requisite personnel of network issues or environmental inconsistencies via email or SMS. By preemptively recognizing and remediating issues, educational institutions can detect faults before they spiral into failures, minimizing downtime and operating costs through operational continuity. Moreover, the ability to monitor and remediate problems remotely eliminates the need for schools to dispatch engineers to sites to make configuration changes and troubleshoot issues, saving precious time.

Additionally, OOB management enables education institutions to isolate and contain security incidents, like breaches or attacks. Locking down and quarantining affected parts of the network will prevent bad actors from moving freely, protecting the sensitive data of students and staff. These capabilities significantly enhance network resilience in the face of cyberattacks, preserving network integrity to ensure learning and other business operations can continue without interruption.  

The need for connectivity amid rapid technology adoption

As advanced technologies go from novelty to mainstream, more schools and universities across the world will adopt them, including artificial intelligence, wearable technology, natural language processing, and virtual and augmented reality, reshaping learning for the better. Simultaneously, students and faculty demand faster, more innovative applications and devices.

Although these technologies and applications will open the door to new educational possibilities, they will place greater strain on the network and increase the risk of outages, underscoring the need for always-on connectivity through OOB management.  

Key points:

• Cybersecurity leaders must remain vigilant and protect school networks
• We need a new approach to cybersecurity
• FCC adopts $200M cybersecurity pilot program
• For more news on cybersecurity, visit eSN’s IT Leadership hub

IT leaders are tasked with protecting school district networks and must constantly evaluate their cybersecurity strategies as attacks from outside threats increase in frequency and become more sophisticated.

Education institutions are among the most-targeted, and the move to cloud-based virtual learning has given hackers new ways to infiltrate networks, according to new data.

In a 2022 survey by the UK-based National Cyber Security Centre, 78 percent of schools had been hit by at least one cybersecurity incident.

The Los Angeles Unified School District experienced a cyberattack in September of 2022 that cause a massive computer system shut-down. In May of 2022, Lincoln College shut down permanently after a ransomware attack financially devastated the 157-year-old institution.

As IT leaders strive to find new ways to protect school networks, they often turn to Zero Trust Network Access (ZTNA) strategies. ZTNA does not trust a single user, device, or application and always assumes that the network is hostile, external and internal threats are always present, and that location is not enough to determine trust.

ZTNA approaches can help educational institutions protect their networks and get back to basics: teaching and learning.

Learn more about how ZTNA can help your district’s IT team better protect school networks and valuable personal information.

Key points:

• Already, IT teams contend with too few resources to meet cybersecurity needs
• FCC adopts $200M cybersecurity pilot program
• Cybersecurity is top priority for K-12 edtech leaders
• For more news on network protection, visit eSN’s IT Leadership hub

Tech-enabled learning is an educational mainstay and it is top of mind for IT directors as they face shifts in regulation, vulnerability, and best practices in managing student data.

Many who initially relied on policies like the General Data Protection Regulation (GDPR), Family Education Rights and Privacy Act (FERPA) or Children’s Online Privacy Protection Act (COPPA) as the standard now see them as a baseline and instead are doing far more.

Here are several trends that are emerging:

Data security is job #1 

Protecting student data and privacy is non-negotiable and that hasn’t changed since the first tech tools emerged on the scene. Cybersecurity ranks as a top concern for IT leaders. Attacks continue to increase. Cyberattacks and ransomware attacks targeting schools and districts have affected more than 2.5 million students.

In response to these threats, school leaders are building data classification frameworks, establishing firm data-sharing rules, updating technical directives, increasing district-wide data privacy training, and they are auditing current systems. They’re getting more specific on how vendors may use and secure data, and how they protect it from cyberattacks. IT teams are pressing vendors about the ways meta- and personally-identifiable data are captured and used, and are requiring detailed backup and disaster recovery plans. 

Each measure contributes to the layers needed to protect students and the school. 

Demands for easy-to-find and easy-to-understand standards

Encompassing the expansion of edtech safety and security evaluation is a growing preference for transparency and clarity from vendors. Many IT directors do not have enough time to wade through complicated statements and legalese. There are nearly half a million educational apps available for learning, as well as an innumerable number of edtech tools beyond apps. Data from 2023 reported that educators deal with an average of 42 learning apps and devices each day. Overwhelmed by the volume, school IT professionals are telling us to make it easier for them to find and understand what works.

Claire Archibold, DPO for Schools and Information Governance Consultant at Education Data Hub, told me IT teams are favoring vendors that present clear information on safety and security measures. Archibold said: “We look at a lot of edtech vendor privacy and data protection information–some are fab, others are…well…not so fab. But as we looked at one specific solution, we let out a little sigh of contentment. [It’s] easy to read, contains all the required information, a clear link to a Data Processing Agreement, which is then incorporated into the Terms of Use, and even a Vendor RFI document included which contains all the technical information for our data protection due diligence.”

Nurture and promote healthy digital engagement

Educators and IT directors today are more attentive to creating a safe and positive experience for students via the learning tools and administrative technology employed at the district. For IT directors and administrators, that has meant being extra vigilant in selecting products that nurture wellness and protect students.

District policies for selecting those products based on how well they protect student data and their well-being is a strict and serious business, usually managed by cross-departmental teams of district administration personnel and the top leadership in IT. It’s a collaboration that makes sense, because IT is tasked with keeping the checks and balances in place, while district administrators focus on the holistic view of the student.

With online safety software, for example, these teams determine who and how much access and control are given per department (like teachers, for example) and even per individual (such as the school nurse). Via the online safety software, they create monitoring and intervention policies and alerts for concerning phrases and words. Such alerts could indicate a student is being bullied or is in danger of self-harm, which, when received by approved staff, prompts them to take approved action to hopefully prevent the unimaginable from happening.

Tech and human oversight work together to protect and support students 

Since the first computers came onto the scene, teachers have worried about how much and what kind of digital content students engage with each day. I believe that more discussion is worthwhile, regardless of how hard it may be–and moreso now with the increase of alarmingly convincing phishing sites and “bad actors” intent on dupping youngsters and adults. This 2023/24 study reports that 21 percent of 12-27 year-olds have been victims of phishing scams. 

As threats grow, IT directors are giving educators more ways to steer students away from harmful (or even benign, but more entertaining, sites) so that students will stay focused on learning. Classroom management software–cloud-based or network-based–and the built-in metering features allow teachers to observe who students are collaborating with and the websites and applications they are using. 

There is another layer of support, though. Rather than only leaning on teachers to monitor online activity, leaders are leveraging technology to automate enforcement. With the right IT management solution, established lists of permitted and restricted sites and apps can be used school-wide, and even made accessible at only certain times of the day. That kind of proactive management eases everyone’s workload, and in this age of rapid technology innovation, it has become vital.  

The rapid evolution of emerging technologies, coupled with the strain on already-stretched teams, makes urgent action necessary. Already, IT teams contend with too few resources. Two-thirds of technology directors report their resources to combat cybersecurity issues are insufficient. Add to this figuring out how to safely adopt AI-powered tools, threading the needle of protecting data, privacy, and the social-emotional well-being of students, fostering healthy learning environments, and maintaining trust with internal and external stakeholders while navigating the onslaught of new tech. It all requires careful planning.

Key points:

• Schools must prioritize ZTS and integrate robust cybersecurity practices
• FCC adopts $200M cybersecurity pilot program
• Cybersecurity is top priority for K-12 edtech leaders
• For more news on cybersecurity, visit eSN’s IT Leadership hub

The Federal Communications Commission (FCC) recently voted to adopt a three-year, $200 million Schools and Libraries Cybersecurity Pilot Program. The pilot program will provide schools and libraries with cybersecurity services and equipment. It will also allow the FCC to gather and analyze data on which cybersecurity services and equipment would best help K-12 schools and libraries address growing cyber threats and attacks against their broadband networks.

While the much-needed resources and funding represent a significant step towards fortifying cybersecurity in the education sector, it remains a modest advancement for a critical issue. As K-12 schools increasingly become prime targets for cyber criminals due to their often-limited resources and reliance on outdated systems, the collaboration between the federal government and the education sector is more crucial than ever.

By providing essential funding, advanced cybersecurity resources, expert guidance, and gathering analytics and data, the federal government can help schools effectively protect against cyber threats.

The critical importance of federal collaboration with schools

Establishing partnerships between federal entities, cybersecurity experts, and the education sector offers numerous benefits, including enhanced information sharing, expanded training opportunities, and access to specialized resources. For example, the partnership between the Department of Homeland Security and K-12 schools with the Cybersecurity Education and Training Assistance Program has provided resources and training to thousands of educators, helping to integrate cybersecurity concepts into K-12 education and foster a culture of proactive cybersecurity awareness and preparedness within the educational community. Additionally, the U.S. Department of Education and the Cybersecurity and Infrastructure Security Agency launched the Government Coordinating Council (GCC) for the Education Facilities Subsector, enhancing collaboration among all levels of government to protect K-12 schools from cyber threats.

The federal government plays a pivotal role in shaping cybersecurity practices across K-12 schools, which often lack their own necessary guidance and policies around cybersecurity practices. By adhering to guidance from the federal government–like what we see in the K-12 Digital Infrastructure Brief–schools can work toward improved cybersecurity.

Collaboration efforts are most effective when schools prioritize and leverage available resources

The effectiveness of the FCC initiative, policies published by the federal government, and other similar collaborative efforts from the federal government hinges on two efforts that fall solely on schools.

First, schools must make cybersecurity a priority. Effective prioritization of cybersecurity comes from leadership and involves identifying specific vulnerabilities, allocating resources, and creating a comprehensive plan and budget to address potential threats. To respond to cyber threats effectively, cybersecurity must be supported from the top down.  

Second, schools must utilize the resources provided by the federal government to address both their immediate vulnerabilities and long-term security needs. With cyber threats increasingly targeting the education sector and threats not slowing down any time soon, it is vital that schools prioritize and adopt a strategic approach to maximize the impact of federal collaboration efforts, which focus on immediate, achievable goals.

Partnering with federal agencies grants access to specialized resources and funding and provides schools with crucial guidance on cybersecurity best practices, often enhancing their cybersecurity posture. Educational entities can also partner with one another to increase their buying power to bolster their cybersecurity resources, such as partnering to buy software and licenses as a collective.

Beyond the FCC funding

Schools, just like many other sectors, operate in a hybrid environment and must have an actionable plan in place to protect their valuable data no matter the location. It is crucial to secure endpoints, including laptops, tablets, and mobile devices, with comprehensive protection solutions that provide real-time monitoring and threat detection. This shift to digital learning environments has expanded the attack surface, making every connected device a potential entry point for cyber threats.

The education sector is not required to meet a Zero Trust deadline as required for federal government agencies. However, as the education sector looks to the federal government for collaboration and best practices, it should also consider implementing a Zero Trust framework–ideally one with segmentation at its core. Zero Trust Segmentation (ZTS)–segmentation using Zero Trust principles–is a crucial technology within the Zero Trust framework. Through the continuous visualization of all communication patterns and traffic between workflows, devices, and the internet, ZTS constantly verifies a user and creates granular policies that permit only essential communication. If an attack were to occur, ZTS applies the principles of Zero Trust to broaden visibility into all networks and across all traffic and limit free lateral movement–containing the attack and minimizing its impact.

Schools should also implement endpoint protection platforms that not only safeguard against malware and viruses but also offer advanced features, such as behavioral analysis and automated response capabilities. These solutions should be able to identify suspicious activities and isolate compromised devices to prevent the spread of infections. Real-time monitoring ensures that any anomalies are detected immediately, allowing for swift action to mitigate potential threats.

It is crucial schools enforce policies for regular software updates and patching efforts, alongside educating students and staff on best practices for device security. By securing endpoints comprehensively and prioritizing timely implementation of these measures, schools can protect the integrity of their hybrid learning environments and ensure the safety of their educational communities.

Given the constantly changing threat landscape, schools must act with urgency and have robust cybersecurity plans in place now, rather than in a decade. Any improvement is a step in the right direction, and organizations don’t need to achieve 100 percent security immediately.

Enhancing cybersecurity for educational resilience

Overall, while the FCC’s program marks a crucial investment in enhancing cybersecurity across K-12 schools and will generate valuable data on which services work best for the education community, it addresses only a fraction of the challenges faced by educational entities. To maximize the impact of this funding and other federal collaboration efforts, schools must prioritize ZTS, integrate robust cybersecurity practices into their educational frameworks, and foster collaborative partnerships with federal agencies and industry experts.

Continued advocacy for increased support and streamlined collaboration will further bolster cybersecurity resilience, ensuring that K-12 schools can adapt effectively to evolving cyber threats and provide a safe digital space for students and educators alike.

This post on mobile and broadband speeds originally appeared on CoSN’s blog and is reposted here with permission.

Key points:

• School districts can connectivity information to address the digital divide
• Demystifying network speed: Measuring true Wi-Fi and wired network needs
• Reliable internet and Wi-Fi in schools should be top priority
• For more news on internet connectivity, visit eSN’s IT Leadership hub

In today’s digital age, understanding mobile and broadband speeds is crucial for school administrators and educators to ensure students have access to adequate internet connectivity.

This article aims to clarify key terms, discuss the Federal Communications Commission’s (FCC) recent changes to minimum speed requirements, and explore how school districts can use this information to address the digital divide.

Key terms

• Upload speed in kbps: Kilobits per second (kbps) is a unit of measurement for data transfer speed. Upload speed refers to the rate at which data is sent from a user’s device to the internet. Higher upload speeds are important for tasks like video conferencing and sharing large files.
• Download speed in kbps: Download speed is the rate at which data is received by a user’s device from the internet. Higher download speeds are crucial for streaming video, downloading files, and browsing the web.
• Latency: Latency is the delay between a user’s action and the response from the network. Lower latency is essential for real-time applications like video calls and online gaming. High latency can cause noticeable delays and poor user experience.

FCC minimum speed requirements

In March 2024, the FCC raised the benchmark for broadband speed for the first time in nearly a decade:

• Fixed broadband: 100 Mbps download and 20 Mbps upload (previously 25/3 Mbps)
• Mobile broadband: 35 Mbps download and 3 Mbps upload (new category)
• Schools: 1 Gbps per 1,000 students and staff (previously 500 Mbps)

The FCC also set a long-term goal of 1 Gbps download and 500 Mbps upload for fixed broadband. These new standards will be used to determine if broadband is being deployed in a reasonable and timely manner.

Mobile vs. broadband speeds

Mobile broadband relies on cellular networks to provide internet access to devices like smartphones and tablets. It offers portability but may have lower speeds and higher latency compared to fixed broadband. Fixed broadband, such as cable, fiber, or fixed wireless, provides internet access to a specific location. It generally offers higher speeds, lower latency, and more reliability than mobile broadband.

Addressing the digital divide

School districts can use the FCC’s new speed benchmarks to assess the adequacy of internet access for students and staff. By identifying areas with insufficient broadband coverage, districts can prioritize resources and partnerships to improve connectivity.The Consortium for School Networking (CoSN) provides a Digital Equity Dashboard that helps districts visualize and analyze data related to the digital divide. The dashboard includes information on broadband access, device availability, and digital literacy. By leveraging this tool, administrators can make data-driven decisions to promote digital equity.

Conclusion

Understanding mobile and broadband speeds is essential for school administrators and educators to ensure students have the necessary internet access for learning. The FCC’s recent changes to minimum speed requirements provide a framework for assessing connectivity needs. By using tools like the CoSN Digital Equity Dashboard, districts can identify gaps and take action to bridge the digital divide.

Key points:

• Embracing smart technology is a necessity to prepare students for the future
• 9 in 10 K-12 tech leaders predict surge in IT workload
• 3 considerations to ensure a future-proof network
• For more news on IT innovations, visit eSN’s IT Leadership hub

The modern classroom is evolving, and technology is at the forefront of this transformation. Imagine a classroom where the lights automatically adjust to the optimal brightness for learning, where the air quality is constantly monitored to ensure student focus, and where energy usage is minimized to save precious school funds.

This isn’t science fiction. When schools embrace the Internet of Things (IoT) to create a “smart” environment, the benefits extend far beyond energy savings. Research consistently shows that students thrive in optimized learning spaces, and schools can allocate precious funds more efficiently.

Imagine classrooms with advanced security systems, air quality sensors that ensure a healthy environment, and even smart trash cans that optimize waste collection. At the university level, “smart buildings” have become a powerful recruitment tool. The question then becomes: Why aren’t more schools embracing this transformative technology?

The challenge of upgrading legacy systems

The global IoT in education market was valued at $8.7 billion in 2022, and is projected to reach $46.4 billion by 2032. Yet many schools face significant obstacles in upgrading their IT infrastructure to support the growing demands of modern technology.

• While copper cables might have been sufficient in the past, these older networks struggle to provide the speed and bandwidth needed for data-intensive applications such as high-definition video streaming, cloud-based applications, and large file transfers.
• The increasing number of Power over Ethernet (PoE) devices strains existing power systems. The average PoE device consumes 30-90 watts, and with classrooms increasingly equipped with interactive displays, security cameras, and other tech, this strain can quickly overwhelm traditional networks.
• Upgrading cabling and switches can be expensive, and funding for these upgrades is often limited. Many tech upgrades such as lighting, cameras, vape detection, or access control are not eligible for E-rate funds, a federal program providing discounts of up to 90 percent to help eligible schools obtain affordable telecommunications and internet access.

But the savings that schools may experience is clear. By implementing smart lighting, one Texas school district achieved a remarkable 41.4 percent reduction in energy usage, saving $33,665 annually. This translated to a significant reduction in its annual carbon footprint, equivalent to the air-cleaning power of 177 mature trees. Additionally, the smart lighting system doubled the lifespan of bulbs, reduced maintenance costs, and enhanced the learning environment by allowing for adjustable lighting hues, providing a better learning environment for the students.

Debbie Karcher, a K-12 education technology advisor, highlights the benefits: “Integrating AI into school curriculum and technology systems is a game-changer for student outcomes. Transforming traditional systems, like lighting, into smart platforms that collect and act on environmental information is incredibly exciting for educators. Merging AI with advanced networking technology allows school districts to enhance teaching, personalize learning, and streamline operations, ultimately supporting student success.”

Distributed Edge Architecture: The smart solution

To overcome the challenges and begin achieving results, there is one clear solution: a Distributed Edge Architecture (DEA), a safe and efficient way to move high power and data to today’s connected classroom. By combining centralized floor-mounted racks with in-ceiling Intermediate Distribution Frames (IDFs), schools can create a unified backbone that seamlessly integrates IT and Operational Technology (OT) systems. This hub and spoke architecture not only simplifies network management but also unlocks substantial cost savings by allowing OT systems like lighting, security cameras, and HVAC to leverage the same infrastructure.

Only DEA ensures the ability to install these next-generation systems into schools. The advantages of DEA extend beyond energy savings and improved learning environments. It also enables schools to:

• Future-proof their networks: The flexible design of DEA makes it easy to adapt to evolving technology needs.
• Enhance connectivity: Fiber-based networks provide high-speed internet access for all students.
• Facilitate innovation: The unified infrastructure supports the integration of new technologies like smart whiteboards, virtual reality systems, and more.
• Improve safety and security: IoT sensors can monitor air quality, detect vape use, and enhance overall security measures.

The transition to DEA may seem daunting at first, but the long-term benefits are undeniable. By breaking down silos between IT and OT systems, schools can maximize efficiency, reduce costs, and create a more engaging and effective learning environment for their students. Imagine utilizing smart bus tracking for improved safety and efficiency, wearable devices to monitor student health and activity levels, or augmented reality (AR) and virtual reality (VR) devices for immersive learning experiences. We encourage schools nationwide to explore resources and learn more about implementing this solution.

In today’s fast-paced digital world, embracing smart technology is not just a luxury; it’s a necessity for preparing students for the future.

Key points:

• IT leaders are increasingly in need of time, support, and training
• 9 in 10 K-12 tech leaders predict surge in IT workload
• 5 ways to combat tech fatigue and support student success
• For more news on IT trends, visit eSN’s IT Leadership hub

Sometimes, when you ask a question, you get an answer that’s surprising and completely expected at the same time.   

That’s what happened when we surveyed education technology leaders, and not the people you may think of when you hear that description. Not entrepreneurs, investors, and pundits. They get plenty of ink already. Instead, late last year and into the first portion of 2024, we surveyed information technology leaders in schools–the people in the IT departments who work to make technology work. We asked questions to the people for whom innovation and disruption turn into to-do lists. 

Our survey wasn’t long or overly detailed. Squeezed by security threats, daily demands, and new deployments, they have enough to do. 

And although some of the answers surprised us–and they may surprise you–many of the responses make perfect sense if you step back a pace or two and review through a wider lens. Which, honestly, is why we asked. 

The first response that fitted the surprising/not surprising pattern was when we asked scholastic IT leaders to think about the mix of “all the technologies used in schools and classrooms.”  

Perhaps not surprising to many of us involved in schools is that more than two-thirds of education technology practitioners said they were not lacking technology solutions. The largest group within that said the mix of tools was fine as it is, and the remainder implied by their response that they couldn’t keep up with what was needed to fully understand how to use them all effectively.

If you think about it, this makes sense. Those who actually manage education tech are doing the grind. They are stretched, feeling underwater 10 days out of 10. 

That conclusion was reinforced when we asked them what they would “want most for the school or classroom.” This time, there was a more surprising answer–most did not want more funding. Just 28 percent listed financial resources as their top want. The most common answer was time–our education technology teams wanted more time. Thirty-one percent (31 percent) said that, above all else, they wanted more time to learn and implement the technologies they were already using or trying to use. 

On the same question, 22 percent also said they wanted more training and support around technology solutions, which is a version of time. So, if you add those two–training and more time directly–a majority (53 percent) wanted space and support, not money. 

Surprising, maybe. When is the last time you heard anyone in education say they did not need more money? The answer should send a strong message of how seriously our school IT leaders need the time and support to do their jobs–they are more or less willing to pay for it. 

To be clear, the IT leaders we surveyed are not anti-tech. It would be really big news if they were. In fact, when asked about how they felt about education technology in general, a resounding 92 percent said that edtech, when used right, “makes teaching and learning better.” 

It’s that level of endorsement that ought to open some eyes about where our schools, teachers, and technology experts are right now. They very much love education technology, but clearly do not want more of it. That says a ton. 

The results we see in the survey data echo what we hear from clients and partners all the time. For those who have to do the doing, the tech is great, but the pace and space are increasingly incompatible. 

We liken it to one of those self-serve sundae bars. The ice cream and all the toppings are amazing. But sometimes, we need time to digest what we ingest. Sometimes, there’s already too much on our plate to even contemplate adding more. That’s how our school IT departments feel. That’s what they’re telling us. 

For those of us who work in education or in education technology, the lesson ought to be that we need to invest much more in the support, training, and management of our technologies, especially for the heroes in IT departments. They need the time and space to do the jobs we’ve already asked them to do before we can reasonably ask them to do more. And that we, collectively, need to spend time making implementation and management of our technology maximally easy and effortless. 

Honestly, that does not feel like too much to ask of ourselves. We all know that none of us can do what we want to do without the help and consistency of IT leaders. They are literally indispensable to the mission of every other education technology leader. And it’s past time that we ask them more questions, listen to their answers and center them in our planning and development. 

Key points:

• Tools like printers can have a surprising impact on budget, especially within education systems
• 3 top priorities for K-12 administrators
• 5 ways to engage your school community with tech-powered communication
• For more news on budgets, visit eSN’s Educational Leadership hub

In recent years, school system leadership has been confronted with many complex decisions, ranging from security concerns and public health crises to budgetary constraints and the diverse needs of students, faculty, and staff. Among these challenges, integrating technology, particularly printing solutions, should be a line on the budget for advancing institutional achievement.

Print technology plays a unique role in modern education–and the right strategies can optimize printing resources to support the overarching goals of educational excellence.

Consider this: There are thousands (sometimes millions) of printing devices within the schools in a given state. At first glance, technology may seem ubiquitous and readily available. However, within this vast array of devices lies a hidden complexity: multiple models of the same device coexist. This diversity inevitably leads to challenges for IT departments and budgetary concerns for school systems as the procurement of various consumables and software becomes necessary.

This example of a trickle-down effect underscores the influence tools like printers can have on a budget, especially within education systems. The good news is that by standardizing your equipment, you can promote efficiency and effectiveness, ultimately contributing to the enhancement of student education.

Investing upfront for long-term success

Academic leaders face many decisions when laying the groundwork for school success. Among the most important is recognizing a school or district’s technological requirements and implementing a strategic plan to ensure that schools, particularly their IT departments, invest upfront with long-term success objectives in mind.

In the age of digitization, printing remains a pivotal element of modern education and a prerequisite for school achievement. Whether it involves providing supplementary resources for students with high needs, utilizing visual learning aids to display complex concepts, or disseminating classroom newsletters, the investment in printers for school systems nationwide is indispensable.

Printer standardization benefits all

By prioritizing upfront investments in printing technology, educational institutions can lay the foundation for continued success in the long term. Though pricey initially, standardizing your printer fleets is more time-efficient and cost-effective in the long run. The benefits include, but are not limited to, simple user setup, increased security capabilities, streamlined IT and maintenance processes, and document management/monitoring–all necessary for school systems to operate effectively.

Let’s take a look at each, one by one.

Simple user setup standardizes all printers, ensuring consistency in authentication methods, access controls, and permission settings. This streamlined approach makes managing user profiles easier, enhances security measures, and promotes accountability across the board.  

Increased security capabilities give school leadership peace of mind that sensitive data (particularly regarding students) is safe from hackers and breaches. It is more easily attainable if all devices have the same security features and safeguards.

Streamlined IT and maintenance processes help keep printers working correctly and minimize the risk of device downtime, which could cause several issues for schools as they’re trying to provide resources for students and families.

Document management and monitoring ensure alignment between scanning, file sharing and storage, and archiving activities. This alignment guarantees that documents are readily accessible and well-organized for easy retrieval across multiple institutions.

Budget-friendliness is the name of the game when it comes to printing. Dealing with multiple vendors, various models, different types of inks and toners, and accessories can quickly strain a budget. Consolidating these elements is critical to driving cost efficiencies and maintaining financial responsibilities.

It’s common for tasks like printing to be overlooked and fall to the bottom of the priority list. Let’s face it: With the increasing digitalization of education, some may question the necessity of printing altogether. However, it’s important to recognize that often, it’s the “small stuff” or everyday processes that can significantly impact a school’s budget, especially considering the scrutiny that expenditure receives across administrations. That is why having manageable and standardized printing systems is essential, as the absence of such can lead to heightened expenses, security vulnerabilities, and a host of other challenges for school leaders, particularly IT teams.

Investing in a standardized printer fleet upfront mitigates risks and promises long-term benefits that ultimately enrich student learning experiences and boost educator productivity.

This post on interoperability originally appeared on CoSN’s blog and is reposted here with permission.

Key points:

• As privacy and security become increasingly important, so has the need for interoperability
• 3 strategies to streamline K-12 data management
• 3 ways a modern data solution can improve student outcomes
• For more news on interoperability, visit eSN’s IT Leadership hub

Interoperability is the seamless, secure, and controlled exchange of data between applications. Implementing interoperability can bring information from edtech tools together to holistically contextualize student learning, allowing educators, schools, and districts to understand their students better and support their paths to graduation. Executing data interoperability standards creates a modern data infrastructure by supporting improved development, privacy, and cybersecurity practices while ensuring compliance with industry best practices.

Interoperability has often been seen as an extra step that districts couldn’t necessarily implement due to capacity. However, as privacy and security become increasingly important due to advancing technology, so has the need for interoperable systems.

As Project Director of Project Unicorn, my role has been to show educators and edtech vendors why interoperability is a critical foundational component of a data ecosystem. I often speak with district administrators or edtech vendors who have never heard of “interoperability” or don’t know about using K-12 data standards. This is why Project Unicorn was created; to build a movement for data interoperability and ensure that everyone can access important knowledge about the building and implementation portion of data interoperability.

Project Unicorn works with early adopters who are ready to start their interoperability journey, knowing they have the privacy and security practices to begin. But as new technologies emerge, like generative AI, and as cybersecurity breaches continue to increase (80 percent of school IT professionals reported that their schools were hit by ransomware in 2023, up from 56 percent in 2022, noted in a recent article), educators, solutions providers, and government officials alike have realized that interoperability, privacy, and security enhance each other, and an integrated ecosystem matters.

“The importance of interoperability’s intersection with privacy and security cannot be overstated,” said Paula Maylahn, CoSN, Interoperability Project Director and Principal Consultant at Paula Maylahn Consulting. “Often, the focus on interoperability is on one side of the coin–getting data where it needs to go. Equally as important is the flip side–keeping data from where it should not go.”

How interoperability, privacy, and security enhance each other

Practicing data interoperability can support improved development, privacy, and cybersecurity while ensuring compliance with industry best practices from both districts and vendors in these ways:

Interoperability standards add clarity to data collection and management
Interoperability has the potential to support data portability and ownership
Interoperability standards can improve product usability and security
Supporting interoperability increases transparency around data practices
Interoperability standards can help simplify the process of compliance with privacy laws

(Learn more about Privacy, Security, and Interoperability at https://www.projectunicorn.org/resources/privacy-security-interoperability)

Interoperability at the White House

On Monday, August 7, 2023, a group of school superintendents, educators, and education technology vendors met at The White House with First Lady Jill Biden, Secretary of Education Miguel Cardona, and Secretary of Homeland Security Secretary Alejandro Mayorkas to unveil the new Infrastructure Briefs, a series of three documents by the Office of Educational Technology, one including Cybersecurity and Infrastructure Security Agency (CISA). They spoke on the importance of interoperability and cybersecurity in building safe and resilient data ecosystems in K-12. This “Back to School Safely” event framed how to build an interoperable, secure, and privacy-enabled ecosystem for education technology and support the field.

A national plan for edtech

Following the Infrastructure Briefs, the United States Department of Education released the 2024 National Educational Technology Plan (NETP) on January 22, 2024.

Since 1996, the NETP has served as the flagship educational technology policy document for the United States, setting a vision and plan for K-12 learning enabled by technology across the U.S., territories, tribal lands, and DoDEA schools worldwide. This latest iteration of the NETP delves into the transformative potential of educational technology, highlighting systemic solutions to bridge the digital divides in use, design, and access, particularly in the context of educational equity.

The 2024 NETP aligns with the Activities to Support the Effective Use of Technology (Title IV A) of the Every Student Succeeds Act and continues to promote a vision of equity, active use, and collaborative leadership. It aims to ensure equitable access to technology and the transformative learning experiences that technology enables.

“In the real, day-to-day work of interoperability in a K-12 school district, the goal is to get actionable data in the hands of administrators and educators to make the best possible decisions to ensure all of our students succeed,” said Dr. Chantell Manahan, Director of Technology (MSD of Steuben County & CoSN Board Member) “While we can achieve this through hard work by intentionally designing infrastructure, building local capacity, aligning with vetted data standards, and choosing the EdTech vendors who also champion this vision, it is never easy. And we have an obligation to achieve this interoperability at scale, all while protecting student data privacy. This means ensuring access to student data on a need-to-know basis, following all federal, state, and local laws and community norms. It’s a delicate balancing act of access to the right data for the right decision-makers, and support from the federal level through the infrastructure briefs and the NETP provide the guidance and prioritization of interoperability for achieving this digital equity.”

Don’t fall behind: Steps districts can take

To keep up with emerging technologies and keep your data infrastructure and student data secure, you must ensure the foundational pieces of the data ecosystem are in place: interoperability, privacy, and cybersecurity. With that foundation in place, your technology can advance, benefiting students without worrying about security.

Use the Project Unicorn School System Data Survey tool to assess your data ecosystem. The brief survey is designed to help the education sector better understand current K-12 school system capabilities for leveraging education data. Review your results with free personalized resources and technical support from the Project Unicorn team.

Key points:

• Cybersecurity remains a real and evolving threat to K-12 schools and libraries
• K-12 cybersecurity threats to your school can be lowered–here’s how
• Cybersecurity is top priority for K-12 edtech leaders
• For more news on cybersecurity, visit eSN’s IT Leadership hub

The Federal Communications Commission (FCC) on June 6 adopted a three-year, $200 million Schools and Libraries Cybersecurity Pilot Program, which will allow the FCC to obtain and analyze actionable data about which cybersecurity services and equipment would best help K-12 schools and libraries address growing cyberthreats and attacks against their broadband networks.

Through the pilot, the FCC aims to learn how to improve school and library defenses against sophisticated ransomware and cyberattacks that put students at risk and impede their learning.

The pilot will enable the FCC to gather the data needed to better understand whether and how universal service funds could be used to support the cybersecurity needs of schools and libraries and to share lessons learned with our federal partners to jointly combat this growing problem.

“This is a landmark moment for schools and libraries across the nation. The cybersecurity threats facing our educational institutions are significant,” said Funds For Learning CEO John Harrington in a statement. “This pilot program represents a crucial step in providing the resources necessary to safeguard sensitive information and maintain secure, reliable access to digital learning tools.

“Cybersecurity in education is not just about protecting data; it’s about safeguarding our children’s future and ensuring a safe, uninterrupted learning environment for all. We commend the FCC for acknowledging the urgency of these issues and taking initial steps to address the cybersecurity concerns of E-rate applicants.”

In Funds For Learning’s annual E-rate Applicant Survey, over the past six years, more than 95 percent of respondents believe cybersecurity products and services should be eligible for E-rate support. In the 2023 survey, over 100 applicants shared their individual opinions about the need for cybersecurity.

“CoSN applauds the FCC for its leadership in helping school districts tackle the serious and universal problem of cybersecurity threats,” said Keith Krueger, CEO of CoSN. “This pilot program will not only provide much-needed support to a select group of schools and libraries but also offer valuable insights into the scope of the challenge and the resources required to keep our students and educators safe online. We look forward to working closely with the FCC to ensure the program’s success and to build a more secure future for schools’ digital infrastructure.”

Modeled after the Connected Care Pilot Program, the pilot program will make $200 million in Universal Service Fund support available to participating schools and libraries to defray the costs of eligible cybersecurity services and equipment. These funds are separate from the FCC’s E-rate program, to ensure gains in enhanced cybersecurity do not undermine the E-rate’s success in connecting schools and libraries and promoting digital equity.

This pilot is part of Chairwoman Jessica Rosenworcel’s Learn Without Limits initiative, which addresses the Homework Gap by ensuring connectivity in schools and libraries so everyone, everywhere has access to high-speed internet services. This initiative includes Wi-Fi on school buses, E-rate support for libraries in Tribal communities, and funding from the FCC’s E-rate program for the off-premises use of Wi-Fi hotspots and wireless internet access services.

Material from a press release was used in this report.

Key points:

• K-12 has hurdles–but robust connectivity can help
• Reliable internet and Wi-Fi in schools should be top priority
• Demystifying network speed: Measuring true Wi-Fi and wired network needs
• For more news on connectivity, visit eSN’s IT Leadership hub

Even before the pandemic, education leaders championed the necessity of strong internet connectivity in schools and communities. This need skyrocketed with the nation’s move to online and hybrid learning during peak pandemic years, and now, strong and reliable connectivity remains a must-have for every educator and student.

A high-speed, reliable internet connection can elevate technology-driven learning and harness new learning potential, said Verizon experts during an eSchool News webinar on connectivity, moderated by eSN Content Director Kevin Hogan.

The webinar delves into the current state of and future possibilities for technology-driven education, exploring solutions to elevate digital infrastructures while maximizing E-rate funding to foster inclusive, secure, and efficient learning environments. Paramount to the discussion is the critical role of increased bandwidth in empowering schools to harness the potential of new technologies.

Cybersecurity is one of K-12’s biggest technology challenges–and strong connectivity can help meet this challenge. “One of the biggest things we learned during the pandemic is how we protect our kids now that we’re encouraging them to use online and digital tools. How do we make sure our kids are safe?” noted Kim Mirabella, Vice President, Business Development for Verizon.

And with 17 million households still lacking internet access–leaving students unable to get online at home for research, homework, and other tasks–digital equity is another issue requiring a solution grounded in connectivity, particularly as funding programs expire.

“We’ve had a lot of government programs, grant programs, and funding, but as those programs start to wind down, the problems don’t go away,” Mirabella said.

Watch the full webinar here.

Key points:

• Publishing student images without protections can have serious consequences
• Building a culture of trust to protect personal data
• How to maintain secure access and data privacy
• For more news on student data protection, visit eSN’s IT Leadership hub

In places such as Australia, the UK, and other European countries, strict laws are already in effect to restrict the collection of personal data and the distribution of digital content involving students, to respect those students’ privacy and protect them from harm. But in the US? It’s largely still a free-for-all. Each year, US schools capture, and publish online, millions of images of students, many of which contain personally identifying information. This exposes children to serious risks such as grooming, bullying, AI voice cloning, deepfakes, and identity theft.

However, new legislation to require increased security on social media platforms–as well as lawsuits against social media platforms by parents and school districts–signal that Americans now understand and are mobilizing against the threats that digital environments pose to their children. For school districts, the message is clear: Make changes now, or be swept up in the backlash.

There are three major areas for educators to focus on as they work to protect students’ image privacy:

Infrastructure

Until there is secure infrastructure in place to collect, organize, protect, and share digital content to ensure digital media is processed in a manner that is compatible with data protection law, nothing can be done on other fronts. The technologies that school districts adopt for this purpose need to be airtight, user-friendly, and offer parents or guardians full control over what content is shared.

The following features should be considered a minimum:

• Central, secure file storage to ensure better indexing and organization, and to prevent access by unauthorized parties.
• Direct upload capability, so that no file copies are made inadvertently on personal devices that could make their way onto the internet.
• The collection and management of school media to support schools in gaining real-time exposure, transparency, and control over school media sharing practices, as well as to assist schools in managing parental/legal guardian photo consent.
• Automatic exclusion of unpublishable content, to streamline security processes and prevent human error.
• A priority of user ownership, empowering school districts to change platform settings according to their needs and preferences.
• Parental control over sharing–in a recent survey of US parents, 93 percent said they want control over images of their children, but 42 percent reported that a teacher or school had shared their child’s image online without permission. This has to change.

Consent

It is important that children and young people feel happy about their achievements at school and that their parents have access to images of these special moments. This includes photos and videos taken by teachers during school performances and special events, or by staff and volunteers delivering events and activities outside of school. However, for this to be achieved safely for all students, appropriate safeguards must be put in place to also protect their privacy, especially of high-risk children. Ensuring the timely application of parent and student consent to share digital content is paramount in this digital age.

Digital media platforms can incorporate simple solutions to address many challenges schools face today. Real-time image consent forms, for example, give instant self-managed control to parents and/or students (depending on age) over how their content is captured and shared by the school. These forms also let them see that content, and flag any content they don’t want share publicly. Because people may feel differently about their privacy or personal circumstances change from one year to the next or one moment to the next, a good media management platform should be not only secure, but flexible, allowing users to withdraw or grant consent whenever they see fit. This is not often the case currently: In the previously cited parent survey, 82 percent of respondents said it is important to them to be able to update their consent easily, but only 41 percent reported it is very easy for them to do.

Ethical AI

Manually cataloging vast amounts of digital content is a task educators don’t have time for, and yet, it is their legal obligation to ensure such content is managed efficiently and effectively to protect children. How do they quickly organize the tens-to-hundreds of thousands of photos that schools already have on file and ensure they are handled in an ethical way so that students’ privacy is protected? This is particularly important when managing at-risk students.

When combined with human oversight, research shows AI tools achieve faster and more accurate results than either humans or AI can on their own.

Educators and administrators therefore need to feel empowered and confident to sit successfully at the helm of AI innovation and use it in ways that are trustworthy and effective. Ethical AI application, however, is only possible if a school partners with a trusted solutions provider that is able to deliver on privacy-enhanced technology.

I see the recent wave of concern in the US over the insecurity of student content as a move in the right direction. Until you acknowledge a problem, you can’t begin to solve it. Although they may be further behind than they would prefer, school districts across the country have the opportunity to use innovative solutions to safely secure photos and videos of students. It’s imperative that schools act now to protect students’ privacy and well-being.

Key points:

• Network speed requirements will vary on a number of factors
• How to prepare for the future of technology in education
• Reliable internet and Wi-Fi in schools should be top priority
• For more news on school networks, visit eSN’s IT Leadership hub

There’s no question that educational institutions require reliable, high-speed connectivity. We’re all in agreement there. The question that arises is: How fast is fast enough?

There are a number of misconceptions surrounding the answer. Let’s demystify these one by one. Then we can talk about how to accurately measure and predict each networks’ needs.

Misconception one: Faster is always better

Here’s the truth–the fastest network speed often isn’t necessary or cost-effective. While our Wi-Fi standards offer incredibly fast speeds (1.3 Gbps for Wi-Fi 5 and 9.6 Gbps for Wi-Fi6 and 6E), these speeds are a maximum theoretical speed. They aren’t intended for daily, real-world use by every school.

This is more than fine because individual users don’t need those speeds. Real-world situations don’t need those speeds. Even video streaming applications using 4K resolution only have recommended speeds of 15 Mbps or higher. Wi-Fi 5’s 1.3 Gbps equals 1300 Mbps.

So then why do Wi-Fi standards keep evolving to offer faster speeds? This is because our networks are growing more congested. The maximum speed (upload and download) offered by your network plan is shared amongst every device. The faster devices can communicate, the faster they jump off the airwaves and let another device take their place.

No individual device or application needs 1.3 Gbps, but sharing that much speed amongst 1,000 devices does make a difference. This is why it’s important to know how many devices you have, how many of them are used at the same time, and what max speeds are recommended for their optimal use. This will help you determine the upload and download speeds needed on your network.

One final tip: Often, when it comes to high-speed requirements, people bring up AR and VR applications. It’s true that sometimes these devices, depending on their utilization, have requirements of 200 to even 5,000 Mbps. However, schools aren’t inundated with these applications at this moment in time.

Misconception two: Bigger is always better

Bandwidth is a capacity measurement for your network. Each device that connects takes up a piece of that bandwidth. If you have more devices than your bandwidth can support, you will run into problems. These can include:

• Problems accessing the network
• Poor application performance

Because of this, when network performance is slow, it’s common for people to assume a lack of bandwidth is the problem. However, this isn’t always the case. There can be other root causes for these performance issues. Investing in more bandwidth when you don’t need it will lead you to waste money on an upgrade that doesn’t bring with it a positive ROI.

What do you do? First, you need an accurate understanding of your bandwidth needs. Your service provider can help with this. The recommendation is often for 1-2 Mbps of bandwidth per user.

Next, you need a way to analyze network performance and identify the root cause of issues. This will tell you right away if bandwidth is a problem, or if you have another issue. There are several tools and solutions on the market that can help.

Misconception three: One size fits all

Every educational institution needs wired and Wi-Fi networks, but they don’t all need the exact same network. Network needs differ based on several factors, including, but not limited to, school size, curriculum focus (are students often streaming video?), and the student-to-device ratio.

Schools need both constant real-time analytics and long-term performance trends to understand the user experience. Is it good or bad, and could it be better? Detailed analytics provide the information every school needs in order to make efficient and budget-friendly network decisions.

Tips for accurately measuring your school’s network needs

Conduct a comprehensive network assessment

You need to know where you stand before you can make useful plans. Take three months to evaluate current network usage and performance. Work with a tool that will automatically capture end user experience metrics during that time so that you know if your network is meeting the needs of your staff and students.

Once you have the data, determine if performance is consistently optimal. If it isn’t, is a lack of speed or bandwidth the problem?

Consider peak usage times

The reason I suggest gathering network analytics for three months is to provide an accurate representation of network performance during down times and peak utilization. Depending on your institution, peak times could be during exams, conferences, or even sporting events.

While peak usage might only happen three or four times a year, you need to know that your network speed is sufficient for those times, and not just for everyday use.

Plan for future growth

All networks need to be scalable and future proofed.

Your network capabilities might optimally support your users currently, but if you have plans to increase the student population or the number or types of devices and applications on the network in a few years, it’s time to dig deeper.

What impact will that have on performance? Does your network have the bandwidth and speed available to support that?

Futureproofing within a budget is impossible without detailed analytics. Network upgrades aren’t cheap. You want to upgrade incrementally, only as needed, to meet specific needs. With the right data, you know what your problems are, what they aren’t, and how to resolve them and avoid them in the future.

Listen to your network

There is a time and place for insanely fast, high-speed networks. There are also plenty of times and places for slower speeds. Look through the metrics and numbers available from your network, and let it tell you what it needs. This way you can boost performance and user satisfaction, all while saving money.