Tag: budget cuts

Resilient learning begins with Zero Trust and cyber preparedness
Key points:

The U.K.’s Information Commissioner’s Office (ICO) recently warned of a surge in cyberattacks from “insider threats”–student hackers motivated by dares and challenges–leading to breaches across schools. While this trend is unfolding overseas, it underscores a risk that is just as real for the U.S. education sector. Every day, teachers and students here in the U.S. access enormous volumes of sensitive information, creating opportunities for both mistakes and deliberate misuse. These vulnerabilities are further amplified by resource constraints and the growing sophistication of cyberattacks.

When schools fall victim to a cyberattack, the disruption extends far beyond academics. Students may also lose access to meals, safe spaces, and support services that families depend on every day. Cyberattacks are no longer isolated IT problems–they are operational risks that threaten entire communities.

In today’s post-breach world, the challenge is not whether an attack will occur, but when. The risks are real. According to a recent study, desktops and laptops remain the most compromised devices (50 percent), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Once inside, most attacks spread laterally across networks to infect other devices. In over half of these cases (52 percent), attackers exploited unpatched systems to move laterally and escalate system privileges.

That reality demands moving beyond traditional perimeter defenses to strategies that contain and minimize damage once a breach occurs. With the school year underway, districts must adopt strategies that proactively manage risk and minimize disruption. This starts with an “assume breach” mindset–accepting that prevention alone is not enough. From there, applying Zero Trust principles, clearly defining the ‘protect surface’ (i.e. identifying what needs protection), and reinforcing strong cyber hygiene become essential next steps. Together, these strategies create layered resilience, ensuring that even if attackers gain entry, their ability to move laterally and cause widespread harm is significantly reduced.

Assume breach: Shifting from prevention to resilience

Even in districts with limited staff and funding, schools can take important steps toward stronger security. The first step is adopting an assume breach mindset, which shifts the focus from preventing every attack to ensuring resilience when one occurs. This approach acknowledges that attackers may already have access to parts of the network and reframes the question from “How do we keep them out?” to “How do we contain them once they are in?” or “How do we minimize the damage once they are in?”

An assume breach mindset emphasizes strengthening internal defenses so that breaches don’t become cyber disasters. It prioritizes safeguarding sensitive data, detecting anomalies quickly, and enabling rapid responses that keep classrooms open even during an active incident.

Zero Trust and seatbelts: Both bracing for the worst

Zero Trust builds directly on the assume breach mindset with its guiding principle of “never trust, always verify.” Unlike traditional security models that rely on perimeter defenses, Zero Trust continuously verifies every user, device, and connection, whether internal or external.

Schools often function as open transit hubs, offering broad internet access to students and staff. In these environments, once malware finds its way in, it can spread quickly if unchecked. Perimeter-only defenses leave too many blind spots and do little to stop insider threats. Zero Trust closes those gaps by treating every request as potentially hostile and requiring ongoing verification at every step.

A fundamental truth of Zero Trust is that cyberattacks will happen. That means building controls that don’t just alert us but act–before and during a network intrusion. The critical step is containment: limiting damage the moment a breach is successful.

Assume breach accepts that a breach will happen, and Zero Trust ensures it doesn’t become a disaster that shuts down operations. Like seatbelts in a car–prevention matters. Strong brakes are essential, but seatbelts and airbags minimize the harm when prevention fails. Zero Trust works the same way, containing threats and limiting damage so that even if an attacker gets in, they can’t turn an incident into a full-scale disaster.

Zero Trust does not require an overnight overhaul. Schools can start by defining their protect surface – the vital data, systems, and operations that matter most. This typically includes Social Security numbers, financial data, and administrative services that keep classrooms functioning. By securing this protect surface first, districts reduce the complexity of Zero Trust implementation, allowing them to focus their limited resources on where they are needed most.

With this approach, Zero Trust policies can be layered gradually across systems, making adoption realistic for districts of any size. Instead of treating it as a massive, one-time overhaul, IT leaders can approach Zero Trust as an ongoing journey–a process of steadily improving security and resilience over time. By tightening access controls, verifying every connection, and isolating threats early, schools can contain incidents before they escalate, all without rebuilding their entire network in one sweep.

Cyber awareness starts in the classroom

Technology alone isn’t enough. Because some insider threats stem from student curiosity or misuse, cyber awareness must start in classrooms. Integrating security education into the learning environment ensures students and staff understand their role in protecting sensitive information. Training should cover phishing awareness, strong password practices, the use of multifactor authentication (MFA), and the importance of keeping systems patched.

Building cyber awareness does not require costly programs. Short, recurring training sessions for students and staff keep security top of mind and help build a culture of vigilance that reduces both accidental and intentional insider threats.

Breaches are inevitable, but disasters are optional

Breaches are inevitable. Disasters are not. The difference lies in preparation. For resource-strapped districts, stronger cybersecurity doesn’t require sweeping overhauls. It requires a shift in mindset:
- Assume breach
- Define the protect surface
- Implement Zero Trust in phases
- Instill cyber hygiene
When schools take this approach, cyberattacks become manageable incidents. Classrooms remain open, students continue learning, and communities continue receiving the vital support schools provide – even in the face of disruption. Like seatbelts in a car, these measures won’t prevent every crash – but they ensure schools can continue to function even when prevention fails.

Gary Barlet, Illumio

Gary Barlet is the public sector chief technology officer at Illumio, where he works with government agencies, contractors, and the broader ecosystem to incorporate Zero Trust Segmentation, or microsegmentation, as a strategic enabler of Zero Trust architecture. He can be reached at [email protected].

Latest posts by eSchool Media Contributors (see all)
Source link
November 25, 2025
A practical guide for sourcing edtech
Key points:

Virtual reality field trips now enable students to explore the Great Wall of China, the International Space Station, and ancient Rome without leaving the classroom. Gamified online learning platforms can turn lessons into interactive challenges that boost engagement and motivation. Generative AI tutors are providing real-time feedback on writing and math assignments, helping students sharpen their skills with personalized support in minutes.

Education technology is accelerating at a rapid pace–and teachers are eager to bring these digital tools to the classroom. But with pandemic relief funds running out, districts are having to make tougher decisions around what edtech they can afford, which vendors will offer the greatest value, and, crucially, which tools come with robust cybersecurity protections.

Although educators are excited to innovate, school leaders must weigh every new app or online platform against cybersecurity risks and the responsibility of protecting student data. Unfortunately, those risks remain very real: 6 in 10 K-12 schools were targeted by ransomware in 2024.

Cybersecurity is harder for some districts than others

The reality is that school districts widely vary when it comes to their internal resources, cybersecurity expertise, and digital maturity.

A massive urban system may have a dedicated legal department, CISO, and rigid procurement processes. In a small rural district, the IT lead might also coach soccer or direct the school play.

These discrepancies leave wide gaps that can be exploited by security threats. Districts are often improvising vetting processes that vary wildly in rigor, and even the best-prepared system struggles to know what “good enough” looks like as technology tools rapidly accelerate and threats evolve just as fast.

Whether it’s apps for math enrichment, platforms for grading, or new generative AI tools that promise differentiated learning at scale, educators are using more technology than ever. And while these digital tools are bringing immense benefits to the classroom, they also bring more threat exposure. Every new tool is another addition to the attack surface, and most school districts are struggling to keep up.

Districts are now facing these critical challenges with even fewer resources. With the U.S. Department of Education closing its Office of EdTech, schools have lost a vital guidepost for evaluating technology tools safely. That means less clarity and support, even as the influx of new tech tools is at an all-time high.

But innovation and protection don’t have to be in conflict. Schools can move forward with digital tools while still making smart, secure choices. Their decision-making can be supported by some simple best practices to help guide the way.

5 green flags for evaluating technology tools

New School Safety Resources

With so many tools entering classrooms, knowing how to assess their safety and reliability is essential. But what does safe and trustworthy edtech actually look like?

You don’t need legal credentials or a cybersecurity certification to answer that question. You simply need to know what to look for–and what questions to ask. Here are five green flags that can guide your decisions and boost confidence in the tools you bring into your classrooms.
1. Clear and transparent privacy policies
A strong privacy policy should be more than a formality; it should serve as a clear window into how a tool handles data. The best ones lay out exactly what information is collected, why it’s needed, how it’s used, and who it’s shared with, in plain, straightforward language.

You shouldn’t need legal training to make sense of it. Look for policies that avoid vague, catch-all phrases and instead offer specific details, like a list of subprocessors, third-party services involved, or direct contact information for the vendor’s privacy officer. If you can’t quickly understand how student data is being handled, or if the vendor seems evasive when you ask, that’s cause for concern.
1. Separation between student and adult data
Student data is highly personal, extremely sensitive, and must be treated with extra care. Strong vendors explicitly separate student data from educator, administrator, and parent data in their systems, policies, and user experiences.

Ask how student data is accessed internally and what safeguards are in place. Does the vendor have different privacy policies for students versus adults? If they’ve engineered that distinction into their platform, it’s a sign they’ve thought deeply about your responsibilities under FERPA and COPPA.
1. Third-party audits and certifications
Trust, but verify. Look for tools that have been independently evaluated through certifications like the Common Sense Privacy Seal, iKeepSafe, or the 1EdTech Trusted App program. These external audits validate that privacy claims and company practices are tested against meaningful standards and backed up by third-party validation.

Alignment with broader security frameworks like NIST Cybersecurity Framework (CSF), ISO 27001, or SOC 2 can add another layer of assurance, especially in states where district policies lean heavily on these benchmarks. These technical frameworks should complement radical transparency. The most trustworthy vendors combine certification with transparency: They’ll show you exactly what they collect, how they store it, and how they protect it. That openness–and a willingness to be held accountable–is the real marker of a privacy-first partner.
1. Long-term commitment to security and privacy
Cybersecurity shouldn’t be a one-and-done checklist. It’s a continual practice. Ask vendors how they approach ongoing risks: Do they conduct regular penetration testing? Is a formal incident response plan in place? How are teams trained on phishing threats and secure coding?

If they follow a framework like the NIST CSF, that’s great. But also dig into how they apply it: What’s their track record for patching vulnerabilities or communicating breaches? A real commitment shows up in action, not just alignment.
1. Data minimization and purpose limitations
Trustworthy technology tools collect only what’s essential–and vendors can explain why they need it. If you ask, “Why do you collect this data point?” they should have a direct answer that ties back to functionality, not future marketing.

Look for platforms that commit to never repurposing student data for behavioral ad targeting. Also, ask about deletion protocols: Can data be purged quickly and completely if requested? If not, it’s time to ask why.

Laying the groundwork for a safer school year

Cybersecurity doesn’t require a 10-person IT team or a massive budget. Every district, no matter the size, can take meaningful, manageable steps to reduce risk, establish guardrails, and build trust.

Simple, actionable steps go a long way: Choose tools that are transparent about data use, use trusted frameworks and certifications as guideposts, and make cybersecurity training a regular part of staff development. Even small efforts , like a five-minute refresher on phishing during back-to-school sessions, can have an outsized impact on your district’s overall security posture.

For schools operating without deep resources or internal expertise, this work is especially urgent–and entirely possible. It just requires knowing where to start.

Ben Johnson, Prodigy Education

Ben Johnson is Prodigy Education‘s Chief Technology Officer. He has been with the company since 2016, where he began his career as Engineering Manager. Today, Ben oversees the engineering and cybersecurity teams at Prodigy, and is a strong advocate for safe and responsible edtech.

Latest posts by eSchool Media Contributors (see all)
Source link
August 1, 2025
How a Republican Plan to Cut Universal Free School Meals Could Affect 12 Million Students – The 74

Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter

Every school in Kentucky’s LaRue County provides free breakfast and lunch to any student who wants it.

It’s been that way for a decade, ever since the federal government launched a program allowing LaRue County Schools, and thousands of other districts nationwide, to skip the paperwork asking how much families earn.

In these communities, lots of kids already receive other kinds of assistance for low-income families. Federal officials saw a way to make the subsidized meals program more efficient: Cover meal costs based on how many children are in similar assistance programs, rather than verify every family’s income.

But LaRue County Schools won’t be able to do that anymore if sweeping changes to social programs proposed by congressional Republicans become law. GOP lawmakers say they want to ensure only eligible families get help and that taxpayer dollars are reserved for the neediest students, so that federal subsidies for school meals remain sustainable. But by one estimate, the Republicans’ plan would affect nearly a quarter of the students in the nation’s public schools.

Research has found that universal free school meals can boost school attendance, increase test scores, and decrease suspensions, likely because it eliminates the stigma students often associate with the free meals. Taking them away from students on a large scale could also have downstream effects on everything from families’ household budgets to local unemployment.

Stephanie Utley, the LaRue County district’s director of child nutrition, said that inevitably, fewer kids would eat school meals, either because their families no longer qualify for free breakfast and lunch or because they cannot produce documents to verify their income.

When fewer kids eat school meals, it’s harder for districts to cover their costs. To save money, Utley would likely swap higher-quality foods for cheaper ones, she said.

Apples and beef from local farms would go. The high school would serve fewer salads — they’d be too labor-intensive to prep. And a popular chicken breast sandwich would become a ground chicken patty.

Utley may have to lay off staff, too, she said, which would hurt the rural community’s economy.

“We’re the biggest restaurant in town,” she said. “It would be a nightmare.”

GOP school meals proposals would impact states

Republican lawmakers are considering a trio of proposals to help offset tax cuts sought by President Donald Trump that would be “devastating” to children and schools, said Erin Hysom, the senior child nutrition policy analyst for the nonprofit Food Research & Action Center.

One proposal would dramatically increase the share of students who need to be enrolled in aid programs — such as the Supplemental Nutrition Assistance Program and Temporary Assistance for Needy Families — for schools to be eligible to serve free meals to all kids through the Community Eligibility Provision.

Right now, schools need to show 25% of students are enrolled in those kinds of assistance programs to participate in community eligibility. The House Republican proposal would raise the share to 60% — higher than the threshold has ever been. That would kick more than 24,000 schools off of community eligibility, and some 12 million students would no longer automatically qualify for free meals, Hysom’s organization estimated.

Essentially, only communities where nearly every child qualifies for free or reduced-price lunch could serve free meals to all kids.

“They’ve really moved the needle to the upper echelon of poverty,” Hysom said. “You couldn’t get any higher than that.”

Another proposal would require all families who don’t automatically qualify for free school meals through programs like SNAP to submit documents to verify their income with their application. That would burden families and schools with time-consuming added paperwork. Schools could end up cutting staff who serve food and work on school menus to hire more people to process applications.

Together, those changes would save $12 billion over 10 years, according to the list of proposals circulated by U.S. Rep. Jodey Arrington, the Republican chair of the House budget committee.

A third proposal would change how families qualify for SNAP and likely make over 1 million students no longer automatically eligible for free school meals. That would increase the paperwork burden even more.

All of that would make it more costly for states with universal free school meals to run their programs, because they rely heavily on federal reimbursement. Some states were already weighing whether they could afford to keep up free meals for all.

These three proposals are part of a process known as budget reconciliation that GOP lawmakers are using to make long-term changes to federal spending and revenue. As of Wednesday, Congress was considering a separate, stopgap budget that would keep funding essentially flat for the Agriculture Department, which pays for the school meal program, through the end of September.

School staff and child nutrition advocates are taking the House’s budget reconciliation proposals seriously. The Trump administration has already cut a $1 billion Agriculture Department program that helped schools buy food from local producers.

Free school meal cutbacks would have ripple effects

If fewer kids have access to free meals at school, more families would likely struggle to afford groceries at home. Many families who don’t qualify for free meals struggle to pay for food. This school year, a family of four qualified for free school meals if they made under $40,560 a year.

When schools eliminated free school meals for all following the pandemic, there was a surge in unpaid school meal debt, an issue school staff say will only intensify if these proposals go through.

Right now, schools typically have to verify the family’s income for 3% of their applications. If schools had to check income for every application, the burden would be enormous, school staff and child nutrition advocates said.

Many families who eke out a living working multiple jobs would have a hard time gathering up all the required documents to show how much they earn. Though children can participate in the school meals program regardless of their immigration status, undocumented parents may be afraid to hand over personal documents when Trump is threatening mass deportations.

“Eligible children are going to fall through the cracks,” Hysom said.

Many schools are already facing financial pressures from higher-than-usual food and labor costs, a 2024 survey of nearly 1,400 school nutrition directors showed. On top of that, schools are navigating new and stricter requirements for how much salt and sugar can be in food served by schools.

Schools have to buy most of their food from American sources, but if Trump puts certain tariffs in place for the long term, that could create new financial constraints.

“Cost is absolutely a concern,” said Diane Pratt-Heavner, a spokesperson for the School Nutrition Association, which represents school nutrition directors and conducted the survey. “When avocados or tomatoes from Mexico become much more expensive, that will cause an increase in demand for domestic produce, and an increase in price, as well.”

Shannon Gleave, the president of the School Nutrition Association, understands the need to make sure the school meal program runs as it should.

In Arizona’s Glendale Elementary School District, where Gleave is the director of food and nutrition, kids can speed through the lunch line because everyone qualifies for free meals. But staff scan student ID badges to make sure each kid only takes one meal, and that children with dietary restrictions get the right food.

Upping the verification requirements a little could work, she said. But verifying 100% of applications “is not an efficient use of time.”

“There is no way my existing staff could do that now,” she said. “You have to figure out a way to be good stewards of resources, but also look at the amount of administrative burden that it’s going to entail.”

This story was originally published by Chalkbeat. Chalkbeat is a nonprofit news site covering educational change in public schools. Sign up for their newsletters at ckbe.at/newsletters.

Get stories like these delivered straight to your inbox. Sign up for The 74 Newsletter

Source link

March 14, 2025