Category: IT leadership

Resilient learning begins with Zero Trust and cyber preparedness
Key points:

The U.K.’s Information Commissioner’s Office (ICO) recently warned of a surge in cyberattacks from “insider threats”–student hackers motivated by dares and challenges–leading to breaches across schools. While this trend is unfolding overseas, it underscores a risk that is just as real for the U.S. education sector. Every day, teachers and students here in the U.S. access enormous volumes of sensitive information, creating opportunities for both mistakes and deliberate misuse. These vulnerabilities are further amplified by resource constraints and the growing sophistication of cyberattacks.

When schools fall victim to a cyberattack, the disruption extends far beyond academics. Students may also lose access to meals, safe spaces, and support services that families depend on every day. Cyberattacks are no longer isolated IT problems–they are operational risks that threaten entire communities.

In today’s post-breach world, the challenge is not whether an attack will occur, but when. The risks are real. According to a recent study, desktops and laptops remain the most compromised devices (50 percent), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Once inside, most attacks spread laterally across networks to infect other devices. In over half of these cases (52 percent), attackers exploited unpatched systems to move laterally and escalate system privileges.

That reality demands moving beyond traditional perimeter defenses to strategies that contain and minimize damage once a breach occurs. With the school year underway, districts must adopt strategies that proactively manage risk and minimize disruption. This starts with an “assume breach” mindset–accepting that prevention alone is not enough. From there, applying Zero Trust principles, clearly defining the ‘protect surface’ (i.e. identifying what needs protection), and reinforcing strong cyber hygiene become essential next steps. Together, these strategies create layered resilience, ensuring that even if attackers gain entry, their ability to move laterally and cause widespread harm is significantly reduced.

Assume breach: Shifting from prevention to resilience

Even in districts with limited staff and funding, schools can take important steps toward stronger security. The first step is adopting an assume breach mindset, which shifts the focus from preventing every attack to ensuring resilience when one occurs. This approach acknowledges that attackers may already have access to parts of the network and reframes the question from “How do we keep them out?” to “How do we contain them once they are in?” or “How do we minimize the damage once they are in?”

An assume breach mindset emphasizes strengthening internal defenses so that breaches don’t become cyber disasters. It prioritizes safeguarding sensitive data, detecting anomalies quickly, and enabling rapid responses that keep classrooms open even during an active incident.

Zero Trust and seatbelts: Both bracing for the worst

Zero Trust builds directly on the assume breach mindset with its guiding principle of “never trust, always verify.” Unlike traditional security models that rely on perimeter defenses, Zero Trust continuously verifies every user, device, and connection, whether internal or external.

Schools often function as open transit hubs, offering broad internet access to students and staff. In these environments, once malware finds its way in, it can spread quickly if unchecked. Perimeter-only defenses leave too many blind spots and do little to stop insider threats. Zero Trust closes those gaps by treating every request as potentially hostile and requiring ongoing verification at every step.

A fundamental truth of Zero Trust is that cyberattacks will happen. That means building controls that don’t just alert us but act–before and during a network intrusion. The critical step is containment: limiting damage the moment a breach is successful.

Assume breach accepts that a breach will happen, and Zero Trust ensures it doesn’t become a disaster that shuts down operations. Like seatbelts in a car–prevention matters. Strong brakes are essential, but seatbelts and airbags minimize the harm when prevention fails. Zero Trust works the same way, containing threats and limiting damage so that even if an attacker gets in, they can’t turn an incident into a full-scale disaster.

Zero Trust does not require an overnight overhaul. Schools can start by defining their protect surface – the vital data, systems, and operations that matter most. This typically includes Social Security numbers, financial data, and administrative services that keep classrooms functioning. By securing this protect surface first, districts reduce the complexity of Zero Trust implementation, allowing them to focus their limited resources on where they are needed most.

With this approach, Zero Trust policies can be layered gradually across systems, making adoption realistic for districts of any size. Instead of treating it as a massive, one-time overhaul, IT leaders can approach Zero Trust as an ongoing journey–a process of steadily improving security and resilience over time. By tightening access controls, verifying every connection, and isolating threats early, schools can contain incidents before they escalate, all without rebuilding their entire network in one sweep.

Cyber awareness starts in the classroom

Technology alone isn’t enough. Because some insider threats stem from student curiosity or misuse, cyber awareness must start in classrooms. Integrating security education into the learning environment ensures students and staff understand their role in protecting sensitive information. Training should cover phishing awareness, strong password practices, the use of multifactor authentication (MFA), and the importance of keeping systems patched.

Building cyber awareness does not require costly programs. Short, recurring training sessions for students and staff keep security top of mind and help build a culture of vigilance that reduces both accidental and intentional insider threats.

Breaches are inevitable, but disasters are optional

Breaches are inevitable. Disasters are not. The difference lies in preparation. For resource-strapped districts, stronger cybersecurity doesn’t require sweeping overhauls. It requires a shift in mindset:
- Assume breach
- Define the protect surface
- Implement Zero Trust in phases
- Instill cyber hygiene
When schools take this approach, cyberattacks become manageable incidents. Classrooms remain open, students continue learning, and communities continue receiving the vital support schools provide – even in the face of disruption. Like seatbelts in a car, these measures won’t prevent every crash – but they ensure schools can continue to function even when prevention fails.

Gary Barlet, Illumio

Gary Barlet is the public sector chief technology officer at Illumio, where he works with government agencies, contractors, and the broader ecosystem to incorporate Zero Trust Segmentation, or microsegmentation, as a strategic enabler of Zero Trust architecture. He can be reached at [email protected].

Latest posts by eSchool Media Contributors (see all)
Source link
November 25, 2025
10 reasons to upgrade to Windows 11 ASAP

K-12 IT leaders are under pressure from all sides–rising cyberattacks, the end of Windows 10 support, and the need for powerful new learning tools.

The good news: Windows 11 on Lenovo devices delivers more than an upgrade–it’s a smarter, safer foundation for digital learning in the age of AI.

Delaying the move means greater risk, higher costs, and missed opportunities. With proven ROI, cutting-edge protection, and tools that empower both teachers and students, the case for Windows 11 is clear.

There are 10 compelling reasons your district should make the move today.

1. Harness AI-powered educational innovation with Copilot
Windows 11 integrates Microsoft Copilot AI capabilities that transform teaching
and learning. Teachers can leverage AI for lesson planning, content creation, and
administrative tasks, while students benefit from enhanced collaboration tools
and accessibility features.

2. Combat the explosive rise in school cyberattacks
The statistics are alarming: K-12 ransomware attacks increased 92 percent between 2022 and 2023, with human-operated ransomware attacks surging over 200 percent globally, according to the 2024 State of Ransomware in Education.

3. Combat the explosive rise in school cyberattacks
Time is critically short. Windows 10 support ended in October 2025, leaving schools running unsupported systems vulnerable to attacks and compliance violations. Starting migration planning immediately ensures adequate time for device inventory, compatibility testing, and smooth district-wide deployment.

Find 7 more reasons to upgrade to Windows 11 here.

Laura Ascione is the Editorial Director at eSchool Media. She is a graduate of the University of Maryland’s prestigious Philip Merrill College of Journalism.

Latest posts by Laura Ascione (see all)

Source link

November 11, 2025
How school IT teams lock down QR-based SSO without hurting usability

Key points:

Schools can keep QR logins safe and seamless by blending clear visual cues, ongoing user education, and risk-based checks behind the scenes

QR-based single sign-on (SSO) is fast becoming a favorite in schools seeking frictionless access, especially for bring-your-own-device (BYOD) environments.

The BYOD in education market hit $15.2 billion in 2024 and is projected to grow at a 17.4 percent CAGR from 2025 to 2033, driven by the proliferation of digital learning and personal smart devices in schools.

However, when attackers wrap malicious links into QR codes, school IT leaders must find guardrails that preserve usability without turning every login into a fortress.

Phishing via QR codes, a tactic now known as “quishing,” is where attackers embed malicious QR codes in emails or posters, directing pupils, faculty, and staff to fake login pages. Over four out of five K-12 schools experienced cyber threat impacts with human-targeted threats like phishing or quishing, exceeding other techniques by 45 percent.

Because QR codes hide or obscure the URL until after scanning, they evade many traditional email spam filters and link scanners.

Below are three strategies to get that balance between seamless logins and safe digital environments right.

How to look out for visual signals

Approximately 60 percent of emails containing QR codes are classified as spam. Branded content, such as the school or district logo, consistent with the look and feel of other web portals and student apps, will help students identify a legitimate QR over a malicious one.

Frontier research shows that bold colors and clear iconography can increase recognition speed by up to 40 percent. This is the kind of split-second reassurance a student or teacher needs before entering credentials on a QR-based login screen.

Training your users to look for the full domain or service name, such as “sso.schooldistrict.edu” under the QR, is good practice to avoid quishing attacks, school-related or not. However, this will be trickier for younger students.

The Frontier report demonstrates how younger children rely more heavily on color and icon cues than on text or abstract symbols. For K-12 students, visual trust cues such as school crests, mascots, or familiar color schemes offer a cognitive shortcut to legitimacy.

Still, while logos and “Secured by…” badges are there to reassure users, attackers know this. Microsoft, Cisco Talos, and Palo Alto Unit42 have documented large-scale phishing campaigns where cybercriminals cloned Microsoft 365 and Okta login pages, complete with fake security seals, to harvest credentials.

For schools rolling out QR-based SSO, pairing visible trust cues with dynamic watermarks unique to the institution makes it harder for attackers to replicate.

User education on quishing risk

Human error drives most breaches, particularly in K-12 schools. These environments handle a mix of pupils who are inexperienced with security risks and, therefore, are less likely to scrutinize QR codes, links, or credentials.

Students and teachers must be taught the meaning of signs and the level of detail to consider in order to respond more quickly and correctly. A short digital literacy module about QR logins can dramatically cut phishing and quishing risk, reinforcing what legitimate login screens should look like. These should be repeated regularly for updates and to strengthen the retrieval and recognition of key visual cues.

Research in cognitive psychology shows that repeated exposure can boost the strength of a memory by more than 30 percent, making cues harder to ignore and easier to recall. When teaching secure login habits, short, repeated micro-lessons–for example, 3-5 min videos with infographics–can boost test scores 10-20 percent. Researcher Piotr Wozniak suggests spacing reviews after 1 day, then 7 days, 16 days, 35 days, and later every 2-3 months.

With proper education, students should instinctively not trust QRs received via text message or social media through unverified numbers or accounts. Encouraging the use of a Secure QR Code Scanner app, at least for staff and perhaps older students, can be helpful, because it will verify the embedded URL before a user opens it.

When to step up authentication after a scan

QR codes make logging in fast, but after a scan, you don’t have to give full access right away. Instead, schools can use these scans as the first factor and decide whether to require more proof before granting access, depending on risk signals.

For example, if a student or teacher scans the QR code with a phone or tablet that’s not on the school’s “known device” list, the system should prompt for a PIN, passphrase, or MFA push before completing login. The same applies to sensitive systems that include student data or financial information.

Microsoft’s 2024 Digital Defense Report shows that adding MFA blocks 99.2 percent of credential attacks. That means a simple SMS or push-based MFA can drastically slash phishing and quishing success rates. By adding a quick MFA prompt only when risk signals spike, school IT teams preserve the speed of QR logins without giving up security.

Schools can also apply cloud-security platforms to strengthen QR-based SSO without sacrificing ease of use. These tools sit behind the scenes, continuously monitoring Google Workspace, Microsoft 365, and other education apps for unusual logins, risky devices, or policy violations.

By automatically logging every QR login event, including device, time, and location, and triggering alerts when something looks off, IT teams gain visibility and early warning without adding extra friction for staff or students. This approach lets schools keep QR sign-ins fast and familiar with risk-based controls and data protection running in the background.

Schools can keep QR logins safe and seamless by blending clear visual cues, ongoing user education, and risk-based checks behind the scenes. Students and staff learn to recognize authentic screens, while IT teams add extra verification only when behavior looks risky. Simultaneously, continuous monitoring tracks every scan to catch problems early and improve education resources, all without slowing anyone down.

Latest posts by eSchool Media Contributors (see all)

Source link

November 10, 2025
How Windows 11 is powering the next generation of K-12 innovation
Key points:

As school districts navigate a rapidly evolving digital landscape, IT and academic leaders face a growing list of challenges–from hybrid learning demands and complex device ecosystems to rising cybersecurity threats and accessibility expectations. To stay ahead, districts need more than incremental upgrades–they need a secure, intelligent, and adaptable technology foundation.

That’s the focus of the new e-book, Smarter, Safer, and Future-Ready: A K-12 Guide to Migrating to Windows 11. This resource takes an in-depth look at how Windows 11 can help school districts modernize their learning environments, streamline device management, and empower students and educators with AI-enhanced tools designed specifically for education.

Readers will discover how Windows 11:
- Protects district data with built-in, chip-to-cloud security that guards against ransomware, phishing, and emerging cyberattacks.
- Simplifies IT management through automated updates, intuitive deployment tools, and centralized control–freeing IT staff to focus on innovation instead of maintenance.
- Drives inclusivity and engagement with enhanced accessibility features, flexible interfaces, and AI-powered personalization that help every learner succeed.
- Supports hybrid and remote learning with seamless collaboration tools and compatibility across a diverse range of devices.
The e-book also outlines practical strategies for planning a smooth Windows 11 migration–whether upgrading existing systems or introducing new devices–so institutions can maximize ROI while minimizing disruption.

For CIOs, IT directors, and district technology strategists, this guide provides a blueprint for turning technology into a true driver of academic excellence, operational efficiency, and district resilience.

Download the e-book today to explore how Windows 11 is helping K-12 districts become smarter, safer, and more future-ready than ever before.

Laura Ascione is the Editorial Director at eSchool Media. She is a graduate of the University of Maryland’s prestigious Philip Merrill College of Journalism.

Latest posts by Laura Ascione (see all)
Source link
October 23, 2025
K-12 districts are fighting ransomware, but IT teams pay the price
Key points:

The education sector is making measurable progress in defending against ransomware, with fewer ransom payments, dramatically reduced costs, and faster recovery rates, according to the fifth annual Sophos State of Ransomware in Education report from Sophos.

Still, these gains are accompanied by mounting pressures on IT teams, who report widespread stress, burnout, and career disruptions following attacks–nearly 40 percent of the 441 IT and cybersecurity leaders surveyed reported dealing with anxiety.

Over the past five years, ransomware has emerged as one of the most pressing threats to education–with attacks becoming a daily occurrence. Primary and secondary institutions are seen by cybercriminals as “soft targets”–often underfunded, understaffed, and holding highly sensitive data. The consequences are severe: disrupted learning, strained budgets, and growing fears over student and staff privacy. Without stronger defenses, schools risk not only losing vital resources but also the trust of the communities they serve.

Indicators of success against ransomware

The new study demonstrates that the education sector is getting better at reacting and responding to ransomware, forcing cybercriminals to evolve their approach. Trending data from the study reveals an increase in attacks where adversaries attempt to extort money without encrypting data. Unfortunately, paying the ransom remains part of the solution for about half of all victims. However, the payment values are dropping significantly, and for those who have experienced data encryption in ransomware attacks, 97 percent were able to recover data in some way. The study found several key indicators of success against ransomware in education:
- Stopping more attacks: When it comes to blocking attacks before files can be encrypted, both K-12 and higher education institutions reported their highest success rate in four years (67 percent and 38 percent of attacks, respectively).
- Following the money: In the last year, ransom demands fell 73 percent (an average drop of $2.83M), while average payments dropped from $6M to $800K in lower education and from $4M to $463K in higher education.
- Plummeting cost of recovery: Outside of ransom payments, average recovery costs dropped 77 percent in higher education and 39 percent in K-12 education. Despite this success, K-12 education reported the highest recovery bill across all industries surveyed.
Gaps still need to be addressed

While the education sector has made progress in limiting the impact of ransomware, serious gaps remain. In the Sophos study, 64 percent of victims reported missing or ineffective protection solutions; 66 percent cited a lack of people (either expertise or capacity) to stop attacks; and 67 percent admitted to having security gaps. These risks highlight the critical need for schools to focus on prevention, as cybercriminals develop new techniques, including AI-powered attacks.

Highlights from the study that shed light on the gaps that still need to be addressed include:
- AI-powered threats: K-12 education institutions reported that 22 percent of ransomware attacks had origins in phishing. With AI enabling more convincing emails, voice scams, and even deepfakes, schools risk becoming test grounds for emerging tactics.
- High-value data: Higher education institutions, custodians of AI research and large language model datasets, remain a prime target, with exploited vulnerabilities (35 percent) and security gaps the provider was not aware of (45 percent) as leading weaknesses that were exploited by adversaries.
- Human toll: Every institution with encrypted data reported impacts on IT staff. Over one in four staff members took leave after an attack, nearly 40 percent reported heightened stress, and more than one-third felt guilt they could not prevent the breach.
“Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” said Alexandra Rose, director of CTU Threat Research at Sophos. “While it’s encouraging to see schools strengthening their ability to respond, the real priority must be preventing these attacks in the first place. That requires strong planning and close collaboration with trusted partners, especially as adversaries adopt new tactics, including AI-driven threats.”

Holding on to the gains

Based on its work protecting thousands of educational institutions, Sophos experts recommend several steps to maintain momentum and prepare for evolving threats:
- Focus on prevention: The dramatic success of lower education in stopping ransomware attacks before encryption offers a blueprint for broader public sector organizations. Organizations need to couple their detection and response efforts with preventing attacks before they compromise the organization.
- Secure funding: Explore new avenues such as the U.S. Federal Communications Commission’s E-Rate subsidies to strengthen networks and firewalls, and the UK’s National Cyber Security Centre initiatives, including its free cyber defense service for schools, to boost overall protection. These resources help schools both prevent and withstand attacks.
- Unify strategies: Educational institutions should adopt coordinated approaches across sprawling IT estates to close visibility gaps and reduce risks before adversaries can exploit them.
- Relieve staff burden: Ransomware takes a heavy toll on IT teams. Schools can reduce pressure and extend their capabilities by partnering with trusted providers for managed detection and response (MDR) and other around-the-clock expertise.
- Strengthen response: Even with stronger prevention, schools must be prepared to respond when incidents occur. They can recover more quickly by building robust incident response plans, running simulations to prepare for real-world scenarios, and enhancing readiness with 24/7/365 services like MDR.
Data for the State of Ransomware in Education 2025 report comes from a vendor-agnostic survey of 441 IT and cybersecurity leaders – 243 from K-12 education and 198 from higher education institutions hit by ransomware in the past year. The organizations surveyed ranged from 100-5,000 employees and across 17 countries. The survey was conducted between January and March 2025, and respondents were asked about their experience of ransomware over the previous 12 months.

This press release originally appeared online.

k-12-districts-are-fighting-ransomware-but-it-teams-pay-the-price

Latest posts by eSchool Media Contributors (see all)
Source link
October 10, 2025
The silent hero of modern learning
Key points:

Education is undergoing a profound digital transformation. From immersive AR/VR learning in science labs to hybrid classrooms, real-time collaboration platforms, and remote learning at scale, how students learn and educators teach is changing rapidly. These modern, data-intensive applications require far more than basic connectivity. They demand high bandwidth, ultra-low latency, and rock-solid reliability across every corner of the campus.

In other words, the minimum requirement today is maximal connectivity. And this is where Optical LAN (OLAN) becomes a game changer.

The challenge with traditional LANs

Most schools and universities still rely on traditional copper-based local area networks (LANs). But these aging systems are increasingly unable to meet the demands of today’s digital education environments. Copper cabling comes with inherent speed and distance limitations, requiring rip-and-replace upgrades every 5 to 7 years to keep up with evolving needs.

To increase network capacity, institutions must replace in-wall cables, switches, and other infrastructure–an expensive, time-consuming and highly disruptive process. Traditional LANs also come with large physical footprints, high maintenance requirements, and significant energy consumption, all of which add to their total cost of ownership (TCO).

In a world that’s demanding smarter, faster, and greener networks, it’s clear that copper no longer makes the grade.

Built for the campus of the future

Optical LAN is a purpose-built solution for both in-campus and in-building connectivity, leveraging the superior performance of fiber optic infrastructure. It addresses the limitations of copper LANs head-on and offers significant improvements in scalability, energy efficiency and cost-effectiveness.

Here’s why it’s such a compelling option for education networks:

1. Massive capacity and seamless scalability

Fiber offers virtually unlimited bandwidth. Today’s OLAN systems can easily support speeds of 10G and 25G, with future-readiness for 50G and even 100G. And unlike copper networks, education IT managers and operators don’t need to replace the cabling to upgrade; they simply add new wavelengths (light signals) to increase speed or capacity. This means educational institutions can scale up without disruptive overhauls.

Better yet, fiber allows for differentiated quality of service on a single line. For example, a school can use a 1G wavelength to connect classrooms and dormitories, while allocating 10G bandwidth to high-performance labs. This flexibility is ideal for delivering customized connectivity across complex campus environments.

New School Safety Resources

2. Extended reach across the entire campus

One of the standout features of OLAN is its extended reach. Fiber can deliver high-speed connections over distances up to 20–30 km without needing signal boosters or additional switches. This makes it perfect for large campuses where buildings like lecture halls, research centers, dorms, and libraries are spread out over wide areas. In contrast, copper LANs typically max out at a few dozen meters, requiring more switches, patch panels and costly infrastructure.

With OLAN, a single centralized network can serve the entire campus, reducing complexity and improving performance.

3. Energy efficiency and sustainability

Sustainability is top-of-mind for many educational institutions, and OLAN is a clear winner here. Fiber technology is up to 8 times more energy-efficient than other wired or wireless options. It requires fewer active components, generates less heat and significantly reduces the need for cooling.

Studies show that OLAN uses up to 40 percent less power than traditional LAN systems. This translates into lower electricity bills and a reduced carbon footprint–important factors for schools pursuing green building certifications.

In fact, a BREEAM (Building Research Establishment Environmental Assessment Method) assessment conducted by ENCON found that deploying OLAN improved BREEAM scores by 7.7 percent, particularly in categories like management, energy, health and materials. For perspective, adding solar panels typically improves BREEAM scores by 5-8 percent.

4. Simpler, smarter architecture

Optical LAN significantly simplifies the network design. Instead of multiple layers of LAN switches and complex cabling, OLAN relies on a single centralized switch and slim, passive optical network terminals (ONTs). A single fiber cable can serve up to 128 endpoints, using a fraction of the physical space required by copper bundles.

This lean architecture means:
- Smaller cable trays and no heavy-duty racks
- Faster installation and easier maintenance
- Fewer points of failure and lower IT footprint
The result? A network that’s easier to manage, more reliable, and built to grow with an education institution’s needs.

5. Unmatched cost efficiency

While fiber was once seen as expensive, the economics have shifted. The Association for Passive Optical LAN (APOLAN) found that POL saved 40 percent of the cost for a four-story building in 2022. Even more, Optical LAN now delivers up to 50 percent lower TCO over a 5-year period compared to traditional LAN systems, according to multiple industry studies.

Cost savings are achieved through:
- Up to 70 percent less cabling
- Fewer switches and active components
- Reduced energy and cooling costs
- Longer lifecycle as fiber lasts more than 50 years
In essence, OLAN delivers more value for less money, which is a compelling equation for budget-conscious education institutions.

The future is fiber

With the rise of Wi-Fi 7 and ever-increasing demands on network infrastructure, even wireless connectivity depends on robust wired backhaul. Optical LAN ensures that Wi-Fi access points have the bandwidth they need to deliver high-speed, uninterrupted service.

And as educational institutions continue to adopt smart building technologies, video surveillance, IoT devices, and remote learning platforms, only fiber can keep up with the pace of change.

Optical LAN empowers educational institutions to build networks that are faster, greener, simpler, and future-proof. With growing expectations from students, faculty, and administrators, now is the perfect time to leave legacy limitations behind and invest in a fiber-powered future.

After all, why keep replacing copper every few years when operators can build it right once?

Ana Pesovic, Nokia

Ana Pesovic heads the Fiber Access marketing in in Nokia. She built up extensive international telecom experience, with positions in sales, pre-sales and R&D in Germany, Spain, Portugal, Belgium, and India. As member of various industry organizations, she’s a strong advocate of Fiber.

Latest posts by eSchool Media Contributors (see all)
Source link
August 20, 2025
A practical guide for sourcing edtech
Key points:

Virtual reality field trips now enable students to explore the Great Wall of China, the International Space Station, and ancient Rome without leaving the classroom. Gamified online learning platforms can turn lessons into interactive challenges that boost engagement and motivation. Generative AI tutors are providing real-time feedback on writing and math assignments, helping students sharpen their skills with personalized support in minutes.

Education technology is accelerating at a rapid pace–and teachers are eager to bring these digital tools to the classroom. But with pandemic relief funds running out, districts are having to make tougher decisions around what edtech they can afford, which vendors will offer the greatest value, and, crucially, which tools come with robust cybersecurity protections.

Although educators are excited to innovate, school leaders must weigh every new app or online platform against cybersecurity risks and the responsibility of protecting student data. Unfortunately, those risks remain very real: 6 in 10 K-12 schools were targeted by ransomware in 2024.

Cybersecurity is harder for some districts than others

The reality is that school districts widely vary when it comes to their internal resources, cybersecurity expertise, and digital maturity.

A massive urban system may have a dedicated legal department, CISO, and rigid procurement processes. In a small rural district, the IT lead might also coach soccer or direct the school play.

These discrepancies leave wide gaps that can be exploited by security threats. Districts are often improvising vetting processes that vary wildly in rigor, and even the best-prepared system struggles to know what “good enough” looks like as technology tools rapidly accelerate and threats evolve just as fast.

Whether it’s apps for math enrichment, platforms for grading, or new generative AI tools that promise differentiated learning at scale, educators are using more technology than ever. And while these digital tools are bringing immense benefits to the classroom, they also bring more threat exposure. Every new tool is another addition to the attack surface, and most school districts are struggling to keep up.

Districts are now facing these critical challenges with even fewer resources. With the U.S. Department of Education closing its Office of EdTech, schools have lost a vital guidepost for evaluating technology tools safely. That means less clarity and support, even as the influx of new tech tools is at an all-time high.

But innovation and protection don’t have to be in conflict. Schools can move forward with digital tools while still making smart, secure choices. Their decision-making can be supported by some simple best practices to help guide the way.

5 green flags for evaluating technology tools

New School Safety Resources

With so many tools entering classrooms, knowing how to assess their safety and reliability is essential. But what does safe and trustworthy edtech actually look like?

You don’t need legal credentials or a cybersecurity certification to answer that question. You simply need to know what to look for–and what questions to ask. Here are five green flags that can guide your decisions and boost confidence in the tools you bring into your classrooms.
1. Clear and transparent privacy policies
A strong privacy policy should be more than a formality; it should serve as a clear window into how a tool handles data. The best ones lay out exactly what information is collected, why it’s needed, how it’s used, and who it’s shared with, in plain, straightforward language.

You shouldn’t need legal training to make sense of it. Look for policies that avoid vague, catch-all phrases and instead offer specific details, like a list of subprocessors, third-party services involved, or direct contact information for the vendor’s privacy officer. If you can’t quickly understand how student data is being handled, or if the vendor seems evasive when you ask, that’s cause for concern.
1. Separation between student and adult data
Student data is highly personal, extremely sensitive, and must be treated with extra care. Strong vendors explicitly separate student data from educator, administrator, and parent data in their systems, policies, and user experiences.

Ask how student data is accessed internally and what safeguards are in place. Does the vendor have different privacy policies for students versus adults? If they’ve engineered that distinction into their platform, it’s a sign they’ve thought deeply about your responsibilities under FERPA and COPPA.
1. Third-party audits and certifications
Trust, but verify. Look for tools that have been independently evaluated through certifications like the Common Sense Privacy Seal, iKeepSafe, or the 1EdTech Trusted App program. These external audits validate that privacy claims and company practices are tested against meaningful standards and backed up by third-party validation.

Alignment with broader security frameworks like NIST Cybersecurity Framework (CSF), ISO 27001, or SOC 2 can add another layer of assurance, especially in states where district policies lean heavily on these benchmarks. These technical frameworks should complement radical transparency. The most trustworthy vendors combine certification with transparency: They’ll show you exactly what they collect, how they store it, and how they protect it. That openness–and a willingness to be held accountable–is the real marker of a privacy-first partner.
1. Long-term commitment to security and privacy
Cybersecurity shouldn’t be a one-and-done checklist. It’s a continual practice. Ask vendors how they approach ongoing risks: Do they conduct regular penetration testing? Is a formal incident response plan in place? How are teams trained on phishing threats and secure coding?

If they follow a framework like the NIST CSF, that’s great. But also dig into how they apply it: What’s their track record for patching vulnerabilities or communicating breaches? A real commitment shows up in action, not just alignment.
1. Data minimization and purpose limitations
Trustworthy technology tools collect only what’s essential–and vendors can explain why they need it. If you ask, “Why do you collect this data point?” they should have a direct answer that ties back to functionality, not future marketing.

Look for platforms that commit to never repurposing student data for behavioral ad targeting. Also, ask about deletion protocols: Can data be purged quickly and completely if requested? If not, it’s time to ask why.

Laying the groundwork for a safer school year

Cybersecurity doesn’t require a 10-person IT team or a massive budget. Every district, no matter the size, can take meaningful, manageable steps to reduce risk, establish guardrails, and build trust.

Simple, actionable steps go a long way: Choose tools that are transparent about data use, use trusted frameworks and certifications as guideposts, and make cybersecurity training a regular part of staff development. Even small efforts , like a five-minute refresher on phishing during back-to-school sessions, can have an outsized impact on your district’s overall security posture.

For schools operating without deep resources or internal expertise, this work is especially urgent–and entirely possible. It just requires knowing where to start.

Ben Johnson, Prodigy Education

Ben Johnson is Prodigy Education‘s Chief Technology Officer. He has been with the company since 2016, where he began his career as Engineering Manager. Today, Ben oversees the engineering and cybersecurity teams at Prodigy, and is a strong advocate for safe and responsible edtech.

Latest posts by eSchool Media Contributors (see all)
Source link
August 1, 2025
Centralized IT governance helps improve learning outcomes

Key points:

As school districts continue to seek new ways to enhance learning outcomes, Madison County School District represents an outstanding case study of the next-level success that may be attained by centralizing IT governance and formalizing procedures.

When Isaac Goyette joined MCSD approximately seven years ago, he saw an opportunity to use his role as Coordinator of Information Technology to make a positive impact on the most important mission of any district: student learning. The district, located in northern Florida and serving approximately 2,700 students, had made strides towards achieving a 1:1 device ratio, but there was a need for centralized IT governance to fully realize its vision.

Goyette’s arrival is noted for marking the beginning of a new era, bringing innovation, uniformity, and central control to the district’s technology infrastructure. His team aimed to ensure that every school was using the same systems and processes, thereby advancing the students’ access to technology.

Every step of the way, Goyette counted on the support of district leadership, who recognized the need for optimizing IT governance. Major projects were funded through E-rate, grants, and COVID relief funds, enabling the district to replace outdated systems without burdening the general fund. MCSD’s principals and staff have embraced the IT team’s efforts to standardize technology across the district, leading to a successful implementation. Auto rostering and single sign-on have made processes easier for everyone, and the benefits of a cohesive, cross-department approach are now widely recognized.

To successfully support and enable centralization efforts, Goyette recognized the need to build a strong underlying infrastructure. One of the key milestones in MCSD’s technology journey was the complete overhaul of its network infrastructure. The existing network was unreliable and fragmented in design. Goyette and his team rebuilt the network from the ground up, addressing connectivity issues, upgrading equipment, and logically redoing district systems and processes, such as the district’s IP network addressing scheme. This transformation has had a positive impact on student learning and engagement. With reliable connectivity, students no longer face disruptions.

The implementation of an enterprise-grade managed WAN solution has further transformed the educational experience for MCSD’s students and educators, serving as the backbone for all other technologies. Goyette’s innovative co-management approach, coupled with his deep understanding of network topology, has enabled him to optimize the resources of an experienced K-12 service provider while retaining control and visibility over the district’s network.

New School Safety Resources

Another significant milestone MCSD has achieved is the successful deployment of the district’s voice system. This reliable phone system is crucial for ensuring that MCSD’s schools, staff, and parents remain seamlessly connected, enhancing communication and safety across the district.

Goyette’s innovative leadership extends to his strategies for integrating technology in the district. He and his team work closely with the district’s curriculum team to ensure that technology initiatives align with educational goals. By acting as facilitators for educational technology, his team prevents app sprawl and ensures that new tools are truly needed and effective.

“Having ongoing conversations with our principals and curriculum team regarding digital learning tools has been critical for us, ensuring we all remain aligned and on the same page,” said Goyette. “There are so many new apps available, and many of them are great. However, we must ask ourselves: If we already have two apps that accomplish the same goal or objective, why do we need a third? Asking those questions and fostering that interdepartmental dialogue ensures everyone has a voice, while preventing the headaches and consequences of everyone doing their own thing.”

MCSD’s IT transformation has had a profound impact on student learning and engagement. With reliable connectivity and ample bandwidth, students no longer face disruptions, and processes like single sign-on and auto account provisioning have streamlined their access to educational resources. The district’s centralization efforts have not only improved the educational experience for students and educators but have also positioned Madison County School District as a model of success and innovation.

###

Jesus Peña, UDT

Jesus Peña serves as Executive Vice President and Chief Experience Officer (CXO) at UDT, where he leads customer-focused innovation and strategic growth initiatives. With a career spanning leadership roles in sales, service delivery, and executive management, he brings a proven ability to align technology with business outcomes. Prior to joining UDT, Jesus held senior positions at leading technology firms including Cisco, Modcomp, R2 Technologies, and Dimension Data, and co-founded Davocom One. Known for his people-first leadership and passion for delivering meaningful experiences, he consistently drives value for clients across public and private sector organizations. He may be reached at [email protected].

Latest posts by eSchool Media Contributors (see all)

Source link

July 17, 2025
Ryan Lufkin, Vice President of Global Academic Strategy, Brings the Skinny

When the developers of Canvas, the world’s leading web-based learning management system (LMS) software, invite you to a party—July 22-24 this year in Spokane, WA—you might consider the offer. Expected to draw 3,000 attendees across various roles from individual educators to IT leadership, the event promises product reveals, professional development, and collaborative opportunities like Hack Night, designed to help educators and administrators demonstrate tangible value when they return to their institutions. I was able to grab Ryan Lufkin, Vice President of Global Academic Strategy at Instructure, for some pre-show scuttle butt. Have a listen and scroll down for some highlights:

➜InstructureCon 2025 is evolving its AI strategy beyond basic features to an “agentic approach,” leveraging partnerships with Anthropic, Microsoft, and Google to create integrated AI experiences across campus environments. Says Ryan: “That’s because our open architecture is the most well-positioned learning platform in the world to really pull in, not just those AI-powered features that we’ve developed, but we also leverage those from our partners.”

➜Instructure is responding to educational institutions’ budget constraints by focusing on helping customers maximize their technology investments through better data usage, adoption metrics, and optimization strategies. Says Ryan: “We really want educators and administrators to walk away with just a toolkit of how to use these products better, how to use them more deeply and tangibly show that value because we know the budgets are tight.”

A few session highlights:

Transforming Student Success with Mastery Connect: A Proven Approach to Data-Driven Instruction in Richland One School District

Get ready to discover how Richland One (R1) School District in South Carolina has been transforming student success with Mastery Connect since 2015! This digital assessment platform has empowered R1 teachers to seamlessly administer standards-based formative and summative assessments, dive into score reports, and collaborate with colleagues. MC has unlocked deeper insights into student mastery, giving teachers and teams the tools they need to drive data-driven instruction. Join us for an exciting session where R1 will share its curriculum map structure and district approach to formative assessments. Discover how to save time on data collection and analysis—whether you’re a teacher or an admin. Learn how newer features like Quick Reassess and Assessment Compare can help you work smarter, not harder! You’ll also explore how to harness real-time data to fuel impactful discussions in your Professional Learning Communities (PLCs), driving focused, results-oriented collaboration.

Cracking the Code: Turning Data into Action with Mastery Connect

Drowning in data but struggling to make it meaningful? Join us on a journey to transform numbers into actionable insights using Mastery Connect! In this session, we’ll share how we built educator buy-in, shifted mindsets, and empowered teachers to use data in meaningful ways. Discover practical strategies for making data analysis approachable, actionable, and impactful—without overwhelming teachers. We’ll explore real-world examples, time-saving tips, and effective ways to connect assessment data to instructional decisions. Whether you’re just getting started or looking to refine your approach, this session will equip you with insights and strategies to turn data into a catalyst for student success.

Beyond the Classroom: Maximizing Canvas for Non-Academic Programs in Resource-Limited Environments.

As institutions face financial and regulatory challenges, maximizing existing technology investments is essential. While Canvas is primarily used for academic courses, its capabilities extend beyond the classroom. This session explores how a small liberal arts institution has successfully repurposed Canvas for faculty onboarding, professional development, syllabus archiving, student organizations, and institutional assessment—all without additional costs. A key focus will be the development of a syllabus submission portal designed to streamline syllabus collection, ensure compliance with learning outcomes, and create a structured faculty repository. Attendees will gain practical insights into overcoming adoption challenges, achieving measurable ROI, and applying these strategies to institutions of varying sizes.

Kevin is a forward-thinking media executive with more than 25 years of experience building brands and audiences online, in print, and face to face. He is an acclaimed writer, editor, and commentator covering the intersection of society and technology, especially education technology. You can reach Kevin at [email protected]

Latest posts by Kevin Hogan (see all)

Source link

May 8, 2025