Tag: resilient

  • Resilient learning begins with Zero Trust and cyber preparedness

    Resilient learning begins with Zero Trust and cyber preparedness

    Key points:

    The U.K.’s Information Commissioner’s Office (ICO) recently warned of a surge in cyberattacks from “insider threats”–student hackers motivated by dares and challenges–leading to breaches across schools. While this trend is unfolding overseas, it underscores a risk that is just as real for the U.S. education sector. Every day, teachers and students here in the U.S. access enormous volumes of sensitive information, creating opportunities for both mistakes and deliberate misuse. These vulnerabilities are further amplified by resource constraints and the growing sophistication of cyberattacks.

    When schools fall victim to a cyberattack, the disruption extends far beyond academics. Students may also lose access to meals, safe spaces, and support services that families depend on every day. Cyberattacks are no longer isolated IT problems–they are operational risks that threaten entire communities.

    In today’s post-breach world, the challenge is not whether an attack will occur, but when. The risks are real. According to a recent study, desktops and laptops remain the most compromised devices (50 percent), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Once inside, most attacks spread laterally across networks to infect other devices. In over half of these cases (52 percent), attackers exploited unpatched systems to move laterally and escalate system privileges.

    That reality demands moving beyond traditional perimeter defenses to strategies that contain and minimize damage once a breach occurs. With the school year underway, districts must adopt strategies that proactively manage risk and minimize disruption. This starts with an “assume breach” mindset–accepting that prevention alone is not enough. From there, applying Zero Trust principles, clearly defining the ‘protect surface’ (i.e. identifying what needs protection), and reinforcing strong cyber hygiene become essential next steps. Together, these strategies create layered resilience, ensuring that even if attackers gain entry, their ability to move laterally and cause widespread harm is significantly reduced.

    Assume breach: Shifting from prevention to resilience

    Even in districts with limited staff and funding, schools can take important steps toward stronger security. The first step is adopting an assume breach mindset, which shifts the focus from preventing every attack to ensuring resilience when one occurs. This approach acknowledges that attackers may already have access to parts of the network and reframes the question from “How do we keep them out?” to “How do we contain them once they are in?” or “How do we minimize the damage once they are in?”

    An assume breach mindset emphasizes strengthening internal defenses so that breaches don’t become cyber disasters. It prioritizes safeguarding sensitive data, detecting anomalies quickly, and enabling rapid responses that keep classrooms open even during an active incident.

    Zero Trust and seatbelts: Both bracing for the worst

    Zero Trust builds directly on the assume breach mindset with its guiding principle of “never trust, always verify.” Unlike traditional security models that rely on perimeter defenses, Zero Trust continuously verifies every user, device, and connection, whether internal or external.

    Schools often function as open transit hubs, offering broad internet access to students and staff. In these environments, once malware finds its way in, it can spread quickly if unchecked. Perimeter-only defenses leave too many blind spots and do little to stop insider threats. Zero Trust closes those gaps by treating every request as potentially hostile and requiring ongoing verification at every step.

    A fundamental truth of Zero Trust is that cyberattacks will happen. That means building controls that don’t just alert us but act–before and during a network intrusion. The critical step is containment: limiting damage the moment a breach is successful.  

    Assume breach accepts that a breach will happen, and Zero Trust ensures it doesn’t become a disaster that shuts down operations. Like seatbelts in a car–prevention matters. Strong brakes are essential, but seatbelts and airbags minimize the harm when prevention fails. Zero Trust works the same way, containing threats and limiting damage so that even if an attacker gets in, they can’t turn an incident into a full-scale disaster.

    Zero Trust does not require an overnight overhaul. Schools can start by defining their protect surface – the vital data, systems, and operations that matter most. This typically includes Social Security numbers, financial data, and administrative services that keep classrooms functioning. By securing this protect surface first, districts reduce the complexity of Zero Trust implementation, allowing them to focus their limited resources on where they are needed most.

    With this approach, Zero Trust policies can be layered gradually across systems, making adoption realistic for districts of any size. Instead of treating it as a massive, one-time overhaul, IT leaders can approach Zero Trust as an ongoing journey–a process of steadily improving security and resilience over time. By tightening access controls, verifying every connection, and isolating threats early, schools can contain incidents before they escalate, all without rebuilding their entire network in one sweep.  

    Cyber awareness starts in the classroom

    Technology alone isn’t enough. Because some insider threats stem from student curiosity or misuse, cyber awareness must start in classrooms. Integrating security education into the learning environment ensures students and staff understand their role in protecting sensitive information. Training should cover phishing awareness, strong password practices, the use of multifactor authentication (MFA), and the importance of keeping systems patched.

    Building cyber awareness does not require costly programs. Short, recurring training sessions for students and staff keep security top of mind and help build a culture of vigilance that reduces both accidental and intentional insider threats.

    Breaches are inevitable, but disasters are optional

    Breaches are inevitable. Disasters are not. The difference lies in preparation. For resource-strapped districts, stronger cybersecurity doesn’t require sweeping overhauls. It requires a shift in mindset:

    • Assume breach
    • Define the protect surface
    • Implement Zero Trust in phases
    • Instill cyber hygiene

    When schools take this approach, cyberattacks become manageable incidents. Classrooms remain open, students continue learning, and communities continue receiving the vital support schools provide – even in the face of disruption. Like seatbelts in a car, these measures won’t prevent every crash – but they ensure schools can continue to function even when prevention fails.

    Latest posts by eSchool Media Contributors (see all)

    Source link

  • Driving resilient, stable school budgets in times of uncertainty

    Driving resilient, stable school budgets in times of uncertainty

    A perfect storm of financial pressures, from declining enrollment to escalating economic uncertainty, are pushing K-12 school district budgets to their limits.

    To adapt, districts nationwide are embracing innovative strategies to shore up budget stability. From reducing facility operational costs to forging strong community partnerships, school district leaders can learn from these proven examples to safeguard their financial stability and maintain funding for critical student programs.

    Securing revenue, and finding new revenue streams

    The post-COVID recovery era has been especially challenging for the majority of school districts whose budgets are based on per-pupil enrollment or attendance. Fortunately, there are many examples of school districts that have successfully combatted budget shortfalls through community-driven student engagement, retention and attendance programs. And with shifting populations and school choice schemes on the rise, school districts are also growing more adept at differentiating themselves through strong communications programs and visible investments into modern facilities. These strategies impact budgets by attracting new residents and strengthening student retention. 

    More districts are also looking to partnerships with local utility companies like utility rebates, net-metering programs, and demand response incentives. These programs reward smart energy management (i.e. energy efficiency upgrades, on-site renewables, and strategic energy usage) by offering direct cash infusions and bill credits that can improve a school’s budget health.

    Richland County School District One in South Carolina, for example, was able to take advantage of a net-metering program with their local utility after installing nearly 9MW of rooftop solar across 15 campuses. These solar upgrades will save the district over $29 million in energy costs over the next 20 years, more than funding themselves while creating a new financial cash flow into the district’s budget. This project also enables new STEAM curriculum, engaging students in energy generation and conservation in hands-on learning labs.

    Eliminating cost volatility and avoiding unexpected expenses

    Most US school districts are grappling with a portfolio of facilities that are decades past their prime. Maintaining those aging facilities often becomes reactive rather than planned—leaving districts vulnerable to costly, disruptive emergencies. This cycle of crisis spending is unsustainable, driving up long-term costs. That’s one reason why, in their 2025 Infrastructure Report Card for America’s Schools, the ASCE calls to, “urge school districts to adopt life-cycle cost analysis principles in planning and design processes to evaluate the total cost of projects and achieve the lowest net present value cost, including life-cycle O&M, in addition to capital construction.”

    Outdated HVAC systems, leaky building envelopes and inefficient lighting also strain budgets by consuming massive amounts of energy. With energy price volatility on the rise, inefficient energy usage can present a threat to predictable budgeting, particularly for public schools already navigating tight financial constraints.

    School districts like Greene County Schools (GCS) in Tennessee are seeing big budget impacts from taking a proactive approach to facility and energy management. Facing a growing list of deferred maintenance projects, including more than 400 aging HVAC units, GCS turned to Schneider Electric to help design a comprehensive, long-term energy management strategy that allowed the district to reallocate savings toward deferred maintenance.

    Support top-line priorities by capturing O&M cost savings

    Operations and maintenance (O&M) represent the second-largest expenditure in most school districts, right after personnel. Unlike staffing, however, these costs can be reduced without sacrificing student outcomes. By investing in facility modernizations—like smart building controls, LED lighting, water conserving plumbing, and clean energy technologies—schools can dramatically lower their utility bills and maintenance costs. These savings, when captured strategically, can be diverted back into what matters most: academic programming, staffing, and student engagement. 

    Gilbert Public Schools (GPS) in Arizona discovered first-hand how energy improvements can be an excellent tool to achieve budget sustainability. GPS started by upgrading to high-efficiency LED lighting across the district’s gymnasiums, allowing them to turn a $257,000 initial investment into more than $1.2 million in lifecycle savings over the life of the project. Next, GPS made modernizations that reduced water usage and lowered maintenance costs, from which the district ultimately realized $12.9M in lifecycle savings.

    Finding budget stability in times of uncertainty

    Times are uncertain, but as these stories show, budget stability is still within reach. Through smart resource optimization and strong community partnerships, schools can safeguard funding for their top priorities.

    Visit Schneider Electric’s K-12 Education Hub for more inspiring success stories and insights into our budget stability solutions tailored for schools.

    Source link

  • Connect more: creating the conditions for a more resilient and sustainable HE sector in England

    Connect more: creating the conditions for a more resilient and sustainable HE sector in England

    Despite it being the season of cheer, higher education in England isn’t facing the merriest of Christmases.

    Notwithstanding the recent inflationary uplift to the undergraduate fee cap, the financial headwinds in higher education remain extremely challenging. Somehow, in the spring/summer of next year, the Secretary of State for Education is going to have to set out not only what the government expects from the sector in terms of meeting the core priority areas of access, quality and contribution to economic growth, but how it will deliver on its promise to put the sector on a long-term sustainable financial footing.

    The overall structure of the sector in terms of the total number of providers of higher education and their relationships to each other might arguably be considered a second-order question, subject to the specifics of the government’s plans. But thinking that way would be a mistake.

    The cusp of change

    There are real and present concerns right now about the short term financial stability of a number of providers, with the continued increased risk that a provider exits the market in an unplanned way through liquidation, making the continued absence of a regime for administering distressed providers ever more stark.

    But on a larger scale, if, as some believe, the sector is on the cusp of entering into a new phase of higher education, a much more connected and networked system, tied more closely into regional development agendas, and more oriented to the collective public value that higher education creates, then the thinking needs to start now about how to enable providers to take part in the strategic discussions and scenario plans that can help them to imagine that kind of future, and develop the skills to operate in the new ways that a different HE landscape could require. It is these discussions that need to inform the development of the HE strategy.

    The Office for Students (OfS) has signalled that it considers more structural collaboration to be likely as a response to financial challenge:

    Where necessary, providers will need to prepare for, and deliver in practice, the transformation needed to address the challenges they face. In some cases, this is likely to include looking externally for solutions to secure their financial future, including working with other organisations to reduce costs or identifying potential merger partners or other structural changes.

    Financial challenge may be the backdrop to some of this thinking; it should not be the sole rationale. Looking ahead, the sector would be planning change even if it were in good financial health: preparing for demographic shifts and the challenge of lifelong learning, the rise of AI, and the volatile context for international education and research. Strategic collaboration is rarely an end in itself – it’s nice to work together but ultimately there has to be a clear strategic rationale that two or more providers can realise greater value and hedge more readily against future risks, than each working individually.

    There’s no roadmap

    In the autumn of 2024, Wonkhe and Mills & Reeve convened a number of private and confidential conversations with heads of institution, stakeholders from the sector’s representative bodies, mission groups, and regional networks, Board chairs, and a lender to the sector. We wanted to test the sector’s appetite for structural change; in the first instance assessing providers’ appetite for stepping in to support another provider struggling, but also attitudes to merger and other forms of strategic collaboration short of full merger. Our report, Connect more: creating the conditions for a more resilient and sustainable higher education system in England sets out our full findings and recommendations.

    There is a startling dearth of law and policy around structural collaboration for HE; some issues such as the VAT rules on shared services, are well established, while others are more speculative. What would the regulatory approach be to a “federated” group of HE providers? What are merging providers’ legal responsibilities to students? What data and evidence might providers draw on to inform their planning?

    We found a very similar set of concerns, whether we were discussing a scenario in which a provider is approached by DfE or OfS to acquire another distressed provider, or the wider strategic possibilities afforded by structural collaboration.

    All felt strongly that the driving rationale behind any such structural change – which takes considerable time and effort to achieve – should be strategic, rather than purely financial. Heads of institution could readily imagine the possibilities for widening access to HE, protecting at-risk subjects; boosting research opportunities, and generally realising value through the pooling of expertise, infrastructure and procurement power. The regional devolution and regional economic growth agendas were widely considered to be valued enablers for realising the opportunities for a more networked approach.

    But the hurdles to overcome are also significant. Interviewees gave examples of failed collaboration attempts in other sectors and the negative cultural perceptions attached to measures like mergers. There was a nervousness about competition law and more specifically OfS’ attitude to structural change, the implications for key institutional performance metrics, and a general sense that no quarter would be given in accommodating a period of adjustment following significant structural change. The risks involved were very obvious and immediate, while the benefits were more speculative and would take time to realise.

    Creating conditions

    We have arrived at two broad conclusions: the first being that government and OfS, in tandem with other interested parties such as the Competition and Markets Authority could adopt a number of measures to reduce the risks for providers entering into discussions about strategic collaboration.

    This would not involve steering particular providers or taking a formal view about what forms of collaboration will best serve public policy ends, but would signal a broadly supportive and facilitative attitude on the part of government and the regulator. As one head of institution observed, a positive agenda around the sector’s collaborative activity would be much more galvanising than the continued focus on financial distress.

    The second is that institutions themselves may need to consider their approach to these challenges and think through whether they have the right mix of skills and knowledge within the executive team and on the Board to do scenario planning and strategic thinking around structural change.

    In the last decade, the goal for Boards has been all about making their institution stronger, and more competitive. While that core purpose hasn’t gone away, it could be time to temper it with a closer attention to the ways that working in a more collective way could help higher education prepare itself for whatever the future throws at it.

     

    This article is published in association with Mills & Reeve. View and download Connect more: creating the conditions for a more resilient and sustainable higher education system in England here.

    Source link