This article was originally published in EdTech Magazine on 5.4.23 by Rebecca Torchia, web editor for EdTech: Focus on K-12.
As the federal government rolls out recommendations for stronger cybersecurity, K–12 budgets struggle to support upgrades
“[Third-party data breaches are] the No. 1 threat vector today, not the traditional old network, and yet there’s no funding for it.”
– David Waugh, CRO, ManagedMethods
The recent government attention on K–12 cybersecurity has, in many ways, benefited school districts by raising awareness of security threats. However, schools can’t take action to meet the government’s recommendations without funding. They don’t have the budgets to implement the cybersecurity solutions the Cybersecurity and Infrastructure Security Agency deemed necessary.
“One of terms you see a lot is ‘unfunded mandate,’” says Jim Siegl, a senior technologist for the Future of Privacy Forum. “Regulation gets passed, and there aren’t any additional resources for schools to hire a privacy officer or someone to manage cybersecurity measures.”
In some cases, state governments are providing financial resources to help schools meet cybersecurity requirements, Siegl says. “Utah has done a pretty good job in terms of providing funds for complying with the privacy laws that they pass for schools, but that’s certainly an exception.”
K–12 schools are facing significant threats when it comes to third-party risk. Districts need to…