Skip to content

Author: Eileen Belastock, CETL

Eileen Belastock, CETL, is an educational leader who is fueled by the belief that learning anytime/anywhere is critical for both students and educators.

Throughout her career in corporate and educational settings, Eileen Belastock has encouraged and supported adult and student learners to challenge themselves to find their passions, grow as lifelong learners and transform education for future generations. Through her articles in online publications such as Tech & Learning, eSchoolNews, Edtech Magazine, and EducationNext, Eileen Belastock spotlights highly innovative educators and administrators working to ensure digital equity, student data privacy, and safety in school districts.

Eileen can be reached at

K-12 Cybersecurity in 2023: Ransomware, AI, and Increased Threats

Originally Published: Tech Learning 

Well into 2023, it is disheartening to know that K-12 institutions continue to be one of the primary targets of cybersecurity attacks. Cyberattacks such as DDoS, phishing, data breaches, password attacks, man-in-middle attack, and malware on school districts have resulted in monetary losses, the need for additional recovery resources, and loss of instruction time.


While all types of cyberattacks are increasing in districts, for the first time, ransomware incidents were the most frequently disclosed incident type in 2022, with percentages rising from 12% in 2020 to 62% in 2022, according to the Emsisoft 2022 report(opens in new tab). School districts hit by ransomware in 2022 represented 1,981 schools, almost double the number of K-12 schools potentially compromised in 2021. In addition, ransomware groups successfully exfiltrated data from U.S. schools at a rate of two-thirds in 2022, up from half that number in 2021. 

“We must ensure that our K-12 schools are better prepared to confront a complex threat environment,” says Jen Easterly, Director of CISA(opens in new tab), the U.S. Cybersecurity and Infrastructure Security Agency, which is partnering with K-12 to bolster security. “As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are working to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children.”

Ransomware Attacks on the Rise 

Ransomware has the potential to access and exploit the sensitive data in K-12 institutions, including student records and other personally identifiable information, financial aid and transaction data, and healthcare information. As such, districts are continually at high risk. For example, bad actors recently released health records for about 2,000 current and former LAUSD students, publishing it on the dark web. 

With the increase in classroom technology and personal digital data, district leaders and IT professionals need to acknowledge that ransomware will continue to be an evolving cybersecurity threat. It is typically seen as easy big money for many bad actors, as they understand that districts are more willing to pay a ransom than undertake a long recovery process with educational and administrative consequences. 

Currently, many districts don’t have significant resources or budgets focused on cybersecurity, with an estimated less than 2% of operating budget allocated for staffing, training, and software. The State of EdTech District Leadership 2022(opens in new tab) highlights that more than half of the IT professionals (52%) said their schools lack adequate staffing to support and protect teachers, while 77% of districts reported not having a full-time employee dedicated to network security. 

In addition, often unintentional, and non-malicious human errors are the top reason for school cyber attacks. Focusing on daily operations, staff and teachers are too quick to respond to phishing attempts, suspicious links, and unsecured access networks. With easily hacked passwords, unsecured devices, and software available with one click, accessing user data is an easy lift for hackers.

Cybersecurity Help and Resources 

Cybersecurity will keep edtech leaders up at night; however, many resources and organizations support the work done in school districts through educational programs, policies and initiatives, and training. Two organizations committed to cybersecurity and education are CoSN(opens in new tab) and the National Cryptologic Foundation(opens in new tab)

As a premier membership organization designed to meet the needs of K-12 education technology leaders, CoSN supports cybersecurity initiatives in many school districts. At the federal level, they are campaigning along with other organizations for FCC to expand E-rate eligibility for basic firewalls to include all current firewalls and related features without requiring cost allocations. 

CoSN recently released the Blaschke Report(opens in new tab), a cybersecurity primer for any K-12 school district. This report identifies five actions a school system IT staff might take to defend IT infrastructure better, including: 

  • Training
  • Technical expertise 
  • Network security 
  • Sustainability plans 
  • Leadership buy-in and funding 

Keith Krueger, CEO of CoSN, recommends that along with the actions in the report, K-12 organizations take a district-wide approach to cybersecurity by focusing on user education, increasing internal human capacity, and understanding what is at risk regarding cyberattacks. 

The National Cryptologic Foundation focuses on a community approach to reach youth with vital cybersecurity concepts and tools. They provide the education community various resources including cybersecurity curriculum guidelines and the Outsmart Cybersecurity Collection, which guides students to build their foundation of data care principles and practices. Also available are interactive cybersecurity games and podcasts that provide expert advice. They also partner with Teach Cyber(opens in new tab) to offer pathways for students to explore careers in cybersecurity. 

“You don’t have to have a background in cybersecurity to teach our youth and provide future opportunities in the cybersecurity space,” says Dr. Alisha Jordan, Director of Education for the National Cryptologic Foundation. She recommends that any educator interested in learning more should sign up for an account and newsletter on their website(opens in new tab).

What’s Ahead in Cybersecurity 

With the avenues of attack growing, districts cannot rely on outdated methods to stay secure. The 2022 CiSA report(opens in new tab) recommends that districts explore several strategies to  meet the increased demands of the cyber risk landscape, including: 

  • Making all employees part of the district’s security defense
  • Keeping patches up-to-date  
  • Restricting unnecessary access 
  • Implementing multi-factor authentication 
  • Following industry best practices 

Educators also need to stay abreast of cybersecurity trends. For example, cybercriminal gangs and sophisticated advanced persistent threat (APT) groups(opens in new tab) are actively recruiting AI and ML specialists who design malware that can evade current-generation threat-detection systems. While developing these AI capabilities is a lengthy process,  they already can facilitate easy and undetectable network access with malware-free intrusions and valid credentials.

In addition, cyber criminals have tapped into the highly popular ChatGPT AI to refine malware, personalize phishing emails, and finely tune computations to steal highly sought access credentials. On the plus side, we are seeing some noteworthy cybersecurity developments. Leading cybersecurity vendors such as AWS, Google, and Microsoft are prioritizing investment in AI and ML research and development in response to increasingly complex threats. 

AI may also be a game changer for districts against cyber-attacks, with its potential to help build automated security systems, support natural language processing, refine face detection, and be a part of predictive threat-detection systems. 

While not a substitute for committed experienced IT personnel, robust infrastructures, and knowledgeable users, AI technology will soon be able to help districts fight the good fight regarding cybersecurity.

Keeping Bad Actors Out of K–12’s IP Surveillance System

Originally Published:EdTech Magazine

K–12 districts are investing a larger portion of their budgets in new security technologies to create safer environments for their school communities.

A 2020 study conducted by Omdia on behalf of the Security Industry Association showed the market for physical security equipment in K–12 and higher education was $716 million in 2020. The K–12 sector accounted for about 56 percent of that amount.

IP Cameras Have Benefits and Drawbacks

Before the introduction of IP video surveillance cameras in schools, physical and digital security were typically separate. Now, however, technology is intertwined with every aspect of school security.

As school districts upgrade their video security systems, some are moving away from closed-circuit TV cameras to more robust IP security systems. These network cameras have far more capabilities than traditional CCTV cameras, using network devices to integrate access control, communications, mass notifications, door locks and security cameras.

Unfortunately, along with the benefits of accessibility and ease of use, these highly sophisticated network video systems come with the constant threat of cyberattacks.

Click the banner to discover resources from CDW to help protect your district from cyberattacks.

IP cameras are not dissimilar from other network devices exposed to attack scenarios. As districts transition to IP security systems, they face the same data breach risks. The systems are highly vulnerable and easy to hack, and they present a considerable surface area cybercriminals can use to access a district’s network.

In addition to common threats — malware, ransomware, distributed denial of service, man-in-the-middle and brute-force attacks — video cameras are susceptible to third-party eavesdropping. As recently as May 2021, Eastern Hancock County Community School Corp. in Indiana suffered a cyberattack on its camera system, resulting in a day of lost instruction.

Best Practices for Securing IP Cameras

Fortunately for Eastern Hancock Schools, no personally identifiable information was stored on its network, and thanks to regular backups, no data was lost from the attack. Yet, this remains an example of why district CTOs and data security officers must address the vulnerabilities of their IP security cameras. The goal is to prevent unauthorized access to the system that could compromise other devices in the network.

Here are several security strategies schools can implement to prevent or mitigate attacks on their IP camera systems:

Proactive steps include partnering with an Internet of Things solution provider to discover every IoT device connected to a district’s network and assess each device’s security risk. Districts should also invest in technology that integrates IoT security into a broader solution that protects the data center, network, mobile devices, endpoints and cloud assets.

Best practices for managing staff email passwords, guarding against phishing, protecting student data privacy and restricting access to school and district networks need to extend to IP cameras. Like other vulnerable access points, IT departments must enable multifactor authentication, limit access by IP address and create a video client account to reduce the risk of compromising the device administrator password.

Penetration tests are used by many districts to evaluate network security. These simulated attacks are often carried out by trusted third parties authorized by districts to attempt a breach of their systems. However, IP cameras are often overlooked as vulnerabilities. Schools should ensure that pen tests are performed on these IP devices, using the same tools, techniques, and processes attackers would use to pinpoint weaknesses in the security system.

Software updates and patches must be installed, whether the district uses CCTV, IP cameras or a hybrid approach. Access to the latest software can prevent security holes within the camera systems. Most cloud-based IP systems automatically push out updates and patches. However, for on-premises storage, IT must be sure to choose a product that requires scheduled updates and patches.

Video data storage must be secured, either on-premises or in the cloud, to avoid data loss in the event of a breach. The cloud is ideal for backing up sensitive information saved on local servers. One of the cloud’s security advantages over on-premises servers and infrastructure is its ability to segment storage away from user workstations, where most attacks enter.

LEARN MORE: What is Backup as a Service, and how can it protect K–12 districts?

The principle of least privilege limits a users’ access to what is required to do their jobs. Users are granted permission to read, write or execute only those files or resources specific to their work. This applies to network and IP camera system access as well.

Strengthen the Digital Security Chain with Collaboration

CTOs and data security officers understand the critical need to secure all elements of the digital chain: data, infrastructure, devices, endpoints, applications and identity. IP cameras include all of these elements and represent a potential gateway to cybersecurity breaches.

CTO Marlo Gaddis and her team at the Wake County Public School System in North Carolina work with security, maintenance and operations staff to manage a security chain for the district’s digital resources, data center and network systems.

“By collaborating as a group, we are making sure that we have best practices all the way around to guarantee the safety of our school community,” Gaddis says.

Virtual Learning: 3 Strategies for Student Success

Originally Published:

The pandemic turned the brick-and-mortar model of teaching and learning on its head. Before March 2020, credit recovery, remediation, and advanced coursework were the main reasons for virtual learning in K-12. However, when schools shifted to emergency remote learning, students and educators experienced teaching and learning in which video conferencing, online assessments, virtual tutoring sessions, and online classrooms became the new normal.

Although districts have since returned to in-person learning, virtual learning options continue to grow, with hybrid options proving to be effective in certain situations. According to a recent whitepaper from Edmentum “There has never been a more critical time to explore the role virtual learning can play in educating our children. Districts are grappling with a student mental health crisis, learning loss spread unevenly within and across schools, and unprecedented burnout among teachers – all while feeling the pressure to prepare students for a rapidly changing and uncertain future.”

While technology is critical to supporting students in any learning environment, the optimal solution for student success in a virtual learning environment should include three key components: 

  1. Establishing a community of learners.

  2. Implementing high-quality virtual pedagogy.

  3. Ensuring equity for all students.

1. Virtual Learning: Establishing a Community of Learners 

Relationships matter in education. “Our brains have evolved to thrive in communities and relationships. As a result, the ‘social brain’ is a powerful learning mechanism where students thrive academically, socially, and emotionally,” says Dr. Melina Uncapher, lead program director at the Advanced Education Research and Development Fund.

A key component to engaging students’ social brains in a hybrid or virtual learning environment is creating a community of learners that includes teachers, mentors, and parents/guardians. Teachers developing deep relationships with their students create powerful learning experiences and opportunities for students to engage and connect to their learning. Mentorship programs pair a student with an adult who can monitor progress, resolve issues, and support the student’s emotional and educational needs.

Family support is critical in virtual learning. According to one study(opens in new tab) of remote learning during the COVID-19 pandemic, many parents/guardians reported that they were given the opportunity to better understand their child’s learning style, needs, or curriculum. After all, they are responsible for the at-home learning environment and need to work with teachers to set goals and reinforce concepts.

2. Implementing High-Quality Virtual Pedagogy 

“Teaching effectively in virtual environments is different,” says Liz Lee, director of online learning at the International Society for Technology in Education (ISTE). Some instructional strategies transfer to online learning, such as discussions, small group work, self-directed learning, and collaboration; however, teaching in virtual classrooms has nuances. For example, effective online pedagogy emphasizes student-centered learning and engages active learning activities.

While well-designed technology is a critical enabler of hybrid and virtual learning, high-quality online instruction and a well-designed curriculum are crucial to students’ success in virtual programs. Therefore, virtual schools should focus on targeted professional development for educators aligned with the four online teaching competencies to ensure that online instruction is not just replicating in-person instruction. These include: amplified communication skills; strong time management skills; focused planning time; and the ability to adapt content and instruction to meet the needs of students with learning difficulties.

In addition, a well-designed curriculum that fosters student learning and interaction by aligning objectives, assessments, and instructional strategies is just as critical to virtual pedagogy.

3. Ensuring Equity for All Students 

Flexibility, reduced distractions, exploration of interest, and personalized learning have been significant reasons why many students and families have chosen hybrid or virtual learning as their educational choice. This population includes students with disabilities, historically marginalized students, and students disenfranchised by the brick-and-mortar style of education. Virtual learning programs understand this and support all students through systems and practices that ensure all students have access to their learning, engage with the content, and thrive in an online environment.

Virtual learning programs should consider three key equity areas: technology, academic and mental wellness, and accessibility. First, students should have easy access to virtual learning experiences, including sufficient bandwidth and a device capable of supporting online learning. Second, digital learning coaches, support staff, and families must understand the needs and struggles of each student to ensure that the student is engaged and connected to their learning. Lastly, providing accessibility tools allows students to focus on learning and levels the playing field to access their education.

As virtual programs and schools continue to grow, it is essential to remember that it takes a team who is committed to their students, understands their needs and personalities, and takes the time to develop high-quality programs.

According to Holly Brzycki (CAOLA), “It is critical for successful district virtual programs to have a person who oversees the program, identifies opportunities to improve communication with and supports parents and other stakeholders, and ensures that students and educators have the resources they require to be successful.”

CoSN 2022 Student Home Connectivity Study

Changing the Language to Build a Culture to Support Transformational Leadership

Originally Published:

As defined in Simply Psychology(opens in new tab), “Transformational leadership inspires positive changes in those led and invests in the success of every member involved in the process.” Nowhere is this more critical than in the post-pandemic educational environment. With a focus on student-centered learning and personalized professional growth, educational leaders must reevaluate their leadership systems to inspire, support, and collaborate to transform learning and innovation. 

Quintin Shepherd, Superintendent at Victoria ISD in Texas, and Sarah Williamson’s recently released book, (opens in new tab)The Secret to Transformational Leadership(opens in new tab), recognizes the ‘lone wolf’ leader as a thing of the past. Instead, leadership is an influence relationship between leaders and followers who intend fundamental changes that reflect their mutual purpose. Therefore, educational leaders need to have a growth mindset and follow another path of leadership skills that results in high achievement and academic success in schools.  

Competency vs. Compassionate Language

Competencies are a person’s knowledge, skills, abilities, and talents that allow them to complete the responsibilities of a specific job successfully. However,  simply communicating competency may not be enough to inspire success.

“Competency-based language of leadership is like a suit that doesn’t quite fit right anymore,” writes Shepherd. “It works and gets the job done, but you know it is not as good as it could be. Leaders want to tackle the critical and challenging topics facing them every day, but competent language gets in the way of having the conversations that matter.” 

According to Shepherd and Williamson, following another path of skills requires leaders to move away from competency language to the more collaborative language of compassion. This mindset shift will result in better performance and visibility into what the school community expects of its leaders. Choosing to use compassionate language prompts leaders to think differently about how they evaluate their efforts. Compassionate leadership’s transparent and shared purpose or vision includes positively valuing differences, frequent face-to-face contact, continuous commitment to equality and inclusion, clear roles, and a strong team. It embraces the digital world we live in, the generational difference in the school community, and the need to accomplish organizational goals and bring people together around ideas. 


This new language inspires and empowers at the same time. It can unite the school community regarding complex issues that impact students and staff. “It focuses equally on great questions over satisfactory answers, embraces the unknown, and wrestles it into manageable,” writes Shepherd.   

Building Relationships 

To master the new language of leadership, leaders must pivot their thinking from focusing on individuals to concentrating on interactions between individuals. This pivot requires constructive de-polarization that brings people together around purposes and relationships and does not divide based on ideas or ideology. 

The relationships between leaders and active followers should be based on influence and, therefore, multi-directional with more than one follower and typically more than one leader. Leaders and followers purposely desire specific changes, and these changes must be substantive and transforming. Through non-coercive influence relationships, compassionate leaders and the school community can develop objectives that reflect their ideals and mutual intentions. 

Communication Framework 

Shepherd and Williamson identify a four-part communication framework of why, who, how, and what embedded in the shift to compassionate language and transformational leadership.  

Communicating the “why” is mission-critical for the work’s success, as the words of a leader will fall flat without meaning, and the innovation’s success will be in jeopardy. 

Communicating the “who” of the work builds unconditional faith and an ability to connect with the emotions of others. Investing in training resources and processes is non-negotiable, so leaders must have the compassion to treat others as professionals in their work. Shepherd says that if leaders intend to embrace compassionate leadership to the fullest, they must immerse themselves fully in the work and dreams of others.  

Communicating the “how” means enthusiastically embracing innovative ideas. By doing so, districts reduce the cost of failure while increasing the value of innovation, resulting in a powerful paradigm shift in the school culture.  

Communicating the “what” is key as improvement cannot exist in a vacuum. Compassionate transformational leaders share the “what” of the work with deep compassion. 


Shepherd highlights that leaders need to understand their thought processes and disrupt any competency-based language that falls into the “good” or “bad” continuum. His advice to leaders traveling down the path of transformational leadership is to embrace compassionate language by connecting more deeply with their current climate and community. Immersing in the crowd-sourcing of decisions and optimizing digital strategies will create shared spaces for everyone to have their voices heard.  


“Our Biggest Nightmare Is Here”

Originally Published: 

On the night of September 2, 2019, Assistant Superintendent for Compliance and Information Systems Bhargav Vyas received a system-failure warning for Monroe-Woodbury Central School District in Central Valley, New York. With his team, he chose to shut down the district’s entire computer network. Then, at 7:30 the next morning, he got a call from one of his leading techs, who was bringing the domain controllers back up after the previous night’s shutdown.

“Our biggest nightmare is here,” the tech said.

That was when Vyas knew a cybersecurity attack was happening.

Of the 17 industries studied by information-security company SecurityScorecard, the education sector ranked as the least secure in 2018, with the highest vulnerabilities present in application security, endpoint security, and keeping software up to date. Online learning, which has increased gradually over the past decade and significantly since March 2020, has only exacerbated the possibility of exposing staff and student data to unauthorized parties.

Though these attacks affected only a small fraction of the overall number of schools and districts in the U.S., the frequency may increase as more lucrative targets, like corporations and banks, mount a better defense. According to the Consortium for School Networking’s 2019 K–12 IT Leadership Survey Report, rather “than focusing on corporate targets, which are devoting increased resources to cyber defenses,” hackers are turning to “more vulnerable sectors such as school districts, universities, and nonprofits.”

School districts’ networks are the perfect target for cybercriminals because they house a large amount of personal data but exist in a milieu not necessarily attuned to the threat of attack. While hackers’ individual motivations run the gamut, most of the attacks on school districts have been tied to cybercriminals looking for low-risk, high-return financial payoffs—which embattled district decisionmakers are willing to provide if it means keeping student and staff information private.

How Cyberattacks Happen: Phishing and Distributed Denial-of-Service Attacks

According to the Consortium for School Networking, more than 90 percent of cyberattacks in schools start with phishing campaigns, which include “spear phishing” and business-email compromise attacks. Spear phishing is characterized by a focus on specific individuals or groups within a larger organization; these attacks usually get a user to reveal personal information or install malicious software, or malware, on their computer. In a business-email compromise attack, cybercriminals impersonate a trusted party, usually a senior executive, to obtain payments or financial information. In a school-district context, business-email compromise is sometimes known as “Superintendent Fraud.”

Phishing attacks have become more sophisticated and difficult to detect. During the 2019–2020 school year, the San Felipe Del Rio Consolidated Independent School District was hit by a business-email compromise attack. A news release from the U.S. Attorney’s Office in the Western District of Texas explained how the attack worked: The school district’s comptroller received phishing emails from cybercriminals posing as officials at the financial institution to which the district makes bond payments. Three of those bond payments were then diverted to the swindlers’ financial account, which cost the district more than $2 million, according to the release.

Schools and districts can also fall victim to distributed denial-of-service attacks, as the Boston Globe reported Boston-area districts Mansfield, Medfield, and Norton did during the 2020–2021 school year. In this type of attack, a targeted flood of internet traffic disrupts network availability by overwhelming the system and surrounding infrastructure. As a result, users are prevented from accessing payroll platforms, student schedules, and email applications, all of which are necessary to conduct the day-to-day operations of the school.

This disruption can be just as beneficial for cybercriminals as it is for students, who may want classes cancelled or a break from remote learning. In September 2020, a series of DDoS attacks targeting the Miami-Dade County Public Schools were traced to the IP address of a 16-year-old student at South Miami Senior High School, according to a news release from the school district.

In addition to the complete paralysis of a school system, most criminal DDoS attacks have a second purpose: to breach data and expose confidential or protected information that can be viewed, shared, and used as ransom.


While school networks are offline during a DDoS attack, hackers use malicious software to encrypt districts’ data. Districts are then forced to pay hackers a ransom to regain access to their data—hence the term “ransomware.” As of August 2021, ransomware attacks have disrupted 58 education organizations and school districts in the U.S., including 830 individual schools, according to Politico. These attacks sometimes have devastating consequences: In March 2021, the Miami Herald reported that Broward County Public Schools could not pay a $40 million ransom, and 26,000 stolen files, which included student and staff Social Security numbers, addresses, and birthdates, were published online.

Most school districts lack strong security protocols because they have small IT teams and significant budgetary constraints, so it may seem from the outside that education organizations are not making cybersecurity a priority. This assessment, however, does not reflect the progress being made in districts across the country.

Thwarted Ransomware Attacks: Case Studies

Monroe-Woodbury Central School District

Back to Monroe-Woodbury Central School District. As soon as the IT team knew an attack was underway, they notified Superintendent Elise Rodriguez and the other assistant superintendents. Rodriguez informed the board of education, and then the public relations director and communications team contacted the business office, the district attorney, and the insurance company. Within an hour, the district had an incident response team working with Vyas to contain the attack, assess the damage, and develop a mitigation plan. The cybercriminals had just started targeting the district’s servers when the storage area network shut down, so, luckily, they had nowhere to go to do more damage.

Once the team determined that they had stopped the ransomware, the district focused on restoring weeks’ and months’ worth of data from offline and cloud-based backup systems. It took the district a couple of days to build up a Microsoft infrastructure, but by the end of the first week, 70 percent of mobile devices were up and running. At the end of the second week, all systems were up and running, and Wi-Fi was brought back online for 3,000 student and staff devices and computers.

Vyas reflected that it “was strategic on our part—not from the ransomware perspective, but a resources perspective—that we had an updated disaster recovery plan that identified the location of our data in all systems, as well as a robust redundancy system. This strategic move mitigated any further damage and communication.”

Prior to the attack, the district had also gotten an assessment of their network from the National Institute of Science and Technology. In January and March 2019, the IT team used the audit recommendations to “plug the holes,” which, in hindsight, could have been a factor in mitigating the effects of the cyberattack.

The IT team tried to learn from the attack. Though they had no proof, they believed that allowing personal devices to connect to the school network may have been a factor in the attack. The district therefore changed its policies: Only school devices were allowed to access the network, and guest networks were eliminated.

Rodriguez established scenario-based cybersecurity training, because “security is not just a technology concern; it’s a district concern.” Vyas continues to educate the school community, including the school board, about the latest trends in cybersecurity because, as he puts it, “people forget.”

Haverhill Public Schools

The attack on Haverhill Public Schools in Haverhill, Massachusetts, started shortly after midnight on Wednesday, April 7, 2021. By 2:30 in the morning, Director of Technology Doug Russell and Systems/ Network Engineer Don Preston had been alerted of system failures. They realized that this was more than just a standard system alert, and the team immediately shut down the network that connected all 15 district schools.

As soon as Russell and his team understood the extent of the attack, they notified Superintendent Margaret Marotta. Marotta then informed the Haverhill Public Schools School Committee and other critical stakeholders. She became the central communications person, thus enabling the IT team to focus on mitigating the problem. Within a few hours, the district had implemented its crisis-recovery plan and connected with its IT consulting company, which joined with local police, state police, the FBI, the Department of Homeland Security, and the Multi-State Information Sharing and Analysis Center, an organization that helps local, state, and tribal governments with cybersecurity-incident response and remediation, to assess the situation. After a few hours of evaluating the network, the Haverhill team determined that 140 of the 13,000 district endpoint devices had been infected with the ransomware. Much of the virus had been funneled into the districts’ virtual server environment, and most of those virtual servers had then detected the infection and shut down—exactly as they had been designed to do.

Authentication and rostering servers were up and running by six o’clock in the evening on the day of the attack. Five days after the incident, the internet had been restored in all 15 buildings, with 98 percent of the systems fully functioning. The email system took two and half weeks longer to be fully restored.

“One of the things that saved us was the transition to laptops for staff during the pandemic,” Russell said. Most staff members’ computers were not on the district network when the attack happened.

Russell added that another helpful mitigating factor was “a change that we made a couple of years ago” to “our whole virtual environment,” which meant there was no clear path for the ransomware to follow. Also, the cyberattack did not impact district financial records because the payroll system was hosted by the City of Haverhill on a completely different network. Finally, Russell explained that moving many systems to cloud hosting made the attack less severe than it would have been if the district had hosted all of those systems internally.

The Multi-State Information Sharing and Analysis Center’s investigation of the attack is ongoing, and the district has yet to confirm if any personal data was compromised. The team at Haverhill Public Schools did learn that they needed to upgrade existing systems and backup options, though. Before the attack, they had data snapshots, and the district operated with two different systems running at the same time. “So even though everything was still being snapshot and backed up, we realized that some of those systems, if they were to shut down, or if they would have been infected the wrong way, wouldn’t have gotten the last couple snapshots that we needed to recover,” Russell said.

Working with an IT consultant and the district crisis response team, as well as Marotta’s support and additional funding from the Haverhill School Committee, Russell and his team determined the need to increase redundancy and upgrade their anti-malware software and anti-ransomware software.

“I feel like if that would have been running, or something would have been running better, it probably would have stopped it even sooner, and we would have had fewer servers to restore,” reflected Russell.

What Can Districts Do?

Cybersecurity training

According to the October 2020 IBM Education Ransomware Study, which involved interviews with 1,000 educators and 200 administrators, administrators were “20 percent more likely to receive cybersecurity training than educators” though they were “still unaware of critical information relevant to protecting their schools.” Eighty-three percent of administrators expressed confidence in their school’s ability to handle a cyberattack, for example, but more than 60 percent of them did not know if their school had a mitigation plan.

About 90 percent of the time, cyberattacks happen due to human error, said Haverhill’s Russell. The source of the Haverhill Public Schools attack was a phishing email, which allowed the hackers to access a virtual remote server. In the wake of the attack, the school community took action and recognized the need for more cybersecurity training and, specifically, for secure password protocols through standardized requirements, such as making sure passwords are a certain length or have special characters.

Back up, back up, back up

A robust backup system is the best protection against an attack, and the most effective backup systems are a) cloud-hosted or offline, b) not tied to a district’s domain, and c) inaccessible from the district network. The Monroe-Woodbury and Haverhill districts have used secure backup systems with redundancy for years, so when their virtual servers were attacked, they were assured the recovery of their data. Russell added that “a backup is vital” and that “if districts are not backing up correctly, they will never be able to recover” from an attack.

Cybersecurity insurance

In 2020, the average cost of a data breach was $3.79 million for districts and other education organizations in the U.S., according to IBM’s annual report on data-breach costs. When the Manor Independent School District, a small district in Texas, was compromised by a phishing scam in January 2020, CBS Austin reported that it cost the community $2.3 million.

Most insurance companies now offer cyber liability insurance to school districts, for an average of $1,600 a year, according to AdvisorSmith. Though the cost varies based on size and location, districts could end up saving millions by adding this insurance to their yearly operational budgets. In November 2019, when Port Neches-Groves Independent School District in Texas was hit by a ransomware attack, a cybersecurity insurance rider on their district policy covered the $35,000 ransom demand, reported KBMT news. The district ended up getting back access to their systems—at the relatively low cost of a $2,500 insurance deductible. Cybersecurity insurance often covers not just the cost of the ransom itself, but of IT experts to analyze the breach, a marketing firm to manage the district’s response, and lawyers to advise the best next steps, as well lost revenue. The insurance also provides credit monitoring for the students and staff whose records were exposed by the breach.

Other best practices

Districts can reduce infections by filtering at the email gateway, maintaining updated antivirus and anti-malware software, and using a centrally managed antivirus solution. In addition, because some attacks are accidental, districts should apply the principle of data governance, or giving users access only to the data they need to do their jobs. It is also critical that districts maintain a robust asset-management system, retain and secure logs from network devices and local hosts, and baseline and analyze network activity to determine behavioral patterns. While districts may feel vulnerable and helpless in the wake of an attack, these proactive, rather than reactive, actions will determine the overall impact of a cybersecurity attack.

The Work of Many

Districts cannot fight off the hacker hordes alone. Though the ESSER fund provides billions of dollars to school districts for support in the wake of Covid-19, the money allocated to support broadband access, equipment purchases, and remote-learning infrastructure does not cover districts’ cybersecurity needs, such as upgraded firewalls. In June 2021, Senators Mark R. Warner and Susan Collins wrote a letter to Education Secretary Miguel Cardona advising the department to make Covid-19 relief funds available for cybersecurity resources. The letter also recommends that the U.S. Department of Education engage with school districts to increase awareness of the need for more robust cybersecurity measures.

On October 8, 2021, President Biden signed the K–12 Cybersecurity Act of 2021. This bill authorizes the Cybersecurity and Infrastructure Security Agency to study the specific risks impacting K–12 institutions, develop recommendations for cybersecurity guidelines, and create an online toolkit districts can use for implementation. Additionally, a bipartisan group of four House members introduced the Enhancing K–12 Cybersecurity Act in June 2021. This law would direct the Cybersecurity and Infrastructure Security Agency to create a cybersecurity information exchange, a K–12 incident reporting registry, and a $10 million, annual technology-improvement program. Organizations such as the Consortium for School Networking, State Educational Technology Directors Association, and National Association of State Chief Information Officers supported the bill.

When it comes to a cyberattack on a school district, it is no longer a matter of if but when. No longer does the danger zone start at the perimeters of district infrastructure and network. The danger zone now lies within the walls of school districts themselves. We must assume that, whether they are malicious or accidental, bad actors exist within our own systems.

Best Practices for Stopping Ransomware Attacks

Original Published:
EdTech Magazine

A vetted, strategic cybersecurity plan helped one school district successfully push back against cyberattackers.

The annual back-to-school superintendent conference day on Sept. 3, 2019, at New York’s Monroe-Woodbury Central School District should have been one of excitement and reconnection for staff and administrators. But that wasn’t the case for Bhargav Vyas, who serves as the district’s assistant superintendent for compliance and information systems as well as its data protection officer. Instead, the night before, his team got a system failure warning that caused them to start troubleshooting early in the morning.

It started at 7:30 a.m. When bringing up the domain controllers, one of the leading techs called and said, “Our biggest nightmare is here.” Vyas knew then that a cyberattack was underway.

Cybersecurity Incidents Spike During the Pandemic

According to “The State of K-12 Cybersecurity: 2020 Year in Review” from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, what happened at Monroe-Woodbury is becoming increasingly common. The 2020 calendar year saw a record-setting 408 publicly disclosed cybersecurity incidents. These attacks, which affected 377 school districts across 40 states, resulted in temporary school closures, millions of stolen taxpayer dollars and student data breaches linked to identity theft and credit card fraud.

Schools moving to remote and online learning environments in March 2020 only exacerbated the problem. With the rapid shift to remote learning putting more devices into students’ and teachers’ hands, a lack of cybersecurity training, and plenty of enticing free apps to download, cracks in schools’ cybersecurity were almost inevitable.

IBM’s Education Ransomware Study, released in October 2020, surveyed 1,000 K–12 and college educators and 200 K–12 and college administrators. It found that “while administrators are 20 percent more likely to receive cybersecurity training than educators, they are still unaware of critical information relevant to protecting their schools.”

Pre-Emptive Protocols Lead to Faster Recovery

When Monroe-Woodbury faced down its cyberattackers in 2019, it was ready. Well before the attack, the district had established both internal protocols and a disaster recovery plan.

As soon as the IT team became aware of the attack, it notified Superintendent Elsie Rodriguez and the other assistant superintendents. Once Rodriguez informed the Monroe-Woodbury board of education of the situation, the communications team and the public relations specialist contacted all key stakeholders, including the business office, the district attorney and the insurance company.

Within an hour, the district had an incident response team working with Vyas to contain the attack, assess the damage, and develop a mitigation plan. The attackers had just started targeting the servers when the storage area network was shut down, so there was nowhere to go to do more damage.

We had an updated disaster recovery plan that identified the location of our data in all systems, as well as a robust redundancy system. This strategic move mitigated any further damage and communication.”

Bhargav Vyas Assistant Superintendent for Compliance and Information Systems, Monroe-Woodbury Central School District

Once the IT team finished restoring data from the snapshots cleared by the incident response team, it took a few days to build up a Microsoft infrastructure. By the end of the first week, 70 percent of the district’s mobile devices were back up and running, including those for transportation services. At the end of the second week, the IT team had all systems up and was able to bring Wi-Fi back online to connect mobile devices for 3,000 students and staff.

Plug the Holes with Internal Security Lessons

Looking back, Vyas says, “it was strategic on the district’s part, not from the ransomware perspective but from a resources perspective, that we had an updated disaster recovery plan that identified the location of our data in all systems, as well as a robust redundancy system. This strategic move mitigated any further damage and communication.”

The district made another strategic move that may have hindered the attack. It signed up for a National Institute of Standards and Technology cybersecurity assessment that reviewed risks and threats to the district’s entire network.

Months before the attack, the IT team used the assessment’s recommendations to “plug the holes,” which, in hindsight, could have been a factor in a much more significant cyberattack. It was essential for the district’s IT team to build up goodwill and support, so staff and teachers were educated on cybersecurity and best practices for keeping their data safe. While not everyone understood the technology, they recognized the importance of cybersecurity and trusted the process.

Finally, the team placed great emphasis internally on implementing an electronic inventory and ensuring that record-keeping was accurate and secure. As a result, when reimaging all devices and computers after the cyberattack, the IT team knew the device location and count within 5 percent.

Training Ensures Everyone Stays Educated

After the attack, the Monroe-Woodbury IT team focused on lessons learned. The district changed its policies so that only school devices could access the network, and guest networks were eliminated. Noting that “security is not just a technology concern, it’s a district concern,” Superintendent Rodriguez established scenario-based cybersecurity tabletop training.

Critical stakeholders such as the disaster response team, IT department, business office, and support staff continue working together to ensure they’re well prepared for the future. Because people forget, Vyas continues to educate the school community, including the school board, about developments in cybersecurity. He adds that, even in a cyberattack or pandemic, with the right people on your team and a willingness to do what is best for students, you can work together to give technology back to the school community.

Digital Learning Annual Conference DLAC 2021: A Preview

Originally Published: 

Austin, Texas, is a place of eclectic music, beautiful lakes, superb Tex-Mex and BBQ restaurants, and on June 14-16, 2021, it will host the second annual Digital Learning Annual Conference (DLAC). 

This innovative conference will focus on online, hybrid, and blended strategies and solutions that best support the entire school community. Unlike other conferences, DLAC 2021 will not be a “sit and get” event. Instead, attendees will have opportunities to share their experiences, learn through collaboration, and network with colleagues in facilitated sessions and informal settings. The organizers believe that there is value in the hallway conversations outside the sessions and aim to maximize those opportunities while maintaining the benefits of more traditional conference programming. 

Understanding that not everyone will attend the conference in person, DLAC 2021 has thoughtfully created its conference in a flexible hybrid model, with onsite and online attendance options. The online option will occur in three segments: an online conference opening June 8; onsite sessions June 14-16 that offer online programming; and a final DLAC Encore online session on June 30. 

Session Types

DLAC 2021 guarantees that both their online and in-person sessions will be shorter, livelier, and more interactive than most conferences, “creating a high-energy gathering built on sharing and conversations.”  

Onsite DLAC includes contributed talks, workshops, panel discussions, debates, table talks, and PechaKucha talks. In addition, DLAC online presentations, discussions, and networking opportunities will include extensive break-out rooms to allow small group video discussions and text chat options.

Finally, live streaming several sessions from Austin will give online attendees a connection to the onsite conference with live moderators and real-time interaction. 


Focusing on topics relevant to the many districts seeking to create, expand, and improve digital learning, conference-goers will have the opportunity to attend sessions relevant to our new world of online schools and classrooms. Tracks will offer consecutive sessions that will provide attendees with planning and implementation strategies that support robust digital learning initiatives. 

For districts looking to create or expand their online and hybrid learning environments, the How to Start an Online School Track will dive into critical topics such as setting goals, operational and district policies, and how best to support online teachers. The twelve Online Teaching Track sessions will help the needs of both new and experienced online teachers with topics such as Building Community in the Online Classroom, Engaging Reluctant/Struggling Learners, and Synchronous vs. Asynchronous Strategies. Finally, the challenges of the hundreds of school districts expanding their use of blended learning in summer 2021 and school year 2021-22 will be addressed in The Blended Teaching Track, which will focus on creating customized learning pathways, understanding blended learning in the early grades, and, most importantly, designing engaging online learning experiences.  

Recognizing the challenges faced by rural school communities during the recent pandemic, DLAC 21 includes various online and blended learning sessions specifically for rural teachers and administrators. Sessions of interest include highlighting how a rural district addressed continuity of learning during the pandemic using various learning models, online tools, and digital content, and how to engage and provide equity for more than 150 square miles.

While in-person conferences are slow to come back, DLAC 2021 has found the secret sauce of connecting districts and educators across the country through their hybrid conference model.

When they launched DLAC in 2019, they said: “No technology has ever transformed education quickly, and we see no sign that technology is about to do so. But we see plenty of examples of dedicated school leaders, caring teachers, thoughtful providers, effective researchers, and respectful policymakers using technology to improve student opportunities and outcomes.

This commitment is reflected in DLAC’s focus on the needs of their community and providing professional development experiences that will ensure sustainable, effective, and engaging digital learning experiences for our students.  

ISTELive 21 Preview: Designing a New Learning Landscape

Originally Published:

With live, interactive, and immersive learning sessions, featured voices, playgrounds, poster sessions, and an expo hall, this virtual ISTE conference exemplifies that “the show must go on!”

For those of us still energized and inspired from attending the ISTE 2020 Reimaged Virtual Conference, we will have another opportunity to engage, experience, and connect at ISTELive 21 – Designing a New Learning Landscape, June 26-30, 2021. 

Again, ISTE is proven to create a virtual conference experience that models what educators across the country have implemented in their hybrid and remote classrooms – engaging, personalized, collaborative learning experiences. With live, interactive, and immersive learning sessions, featured voices, playgrounds, poster sessions, and an expo hall, this second virtual ISTE conference exemplifies that “the show must go on!” 

As an innovative and forward-thinking conference, instead of the usual keynote speakers, ISTELive 21 will highlight powerful voices with inspiring stories that impact education. During the five-day event, featured voices will include educators, thought leaders, and authors such as Brett Salak, Regina Gonzalez de Cossio, Patricia Brown, Dominic Caguioa, Alberto and Mario Herreaz, and Dr. Henry Turner. Critical topics such as inequity, anti-racism, global collaboration, and the pandemic’s impact on our students will be addressed by these experts, who will look to inspire us to lead change.  

No matter the roles of the attendees, they will be hard-pressed not to find sessions tailored to their challenges, areas of interest, and future initiatives. ISTE has crafted 39 professional development topics that include relevant and timely challenges such as online and blended classroom models, social-emotional programming, and student-driven game-based learning. In addition, unlike in-person conferences during which attendees must choose between sessions, the live recording, and media-rich on-demand sessions ensure that attendees can fully experience all that  ISTELive 21 offers during and after the conference.  

Fourteen topic-based session lists curated by the ISTE Professional Learning Networks allow attendees access to high-quality presenters and learning experiences.

Not to be missed are the 80 international content sessions whose theme is “listen, learn, share and stay connected globally.”

Global change-makers such as Sandra Chow, Dr. Kelly Grogan, and Dr. Jessica Hale will present “Pathways to Tomorrow: Building Global Competencies through Intercultural Experiences” to expand perspectives on competencies for our students’ future. In the “Best tools for Global Collaboration” ISTE Global Collaboration, PLN leaders Margret Atkinson and Anne Mirtschin will explore tools that can help provide successful connections, interactive problem-solving, and professional networking and development in virtual environments.

If you are a district or school leader, it is worth the price of admission to attend the Leadership Exchange. This recently added pre-conference event brings together worldwide educational leaders such as Ken Shelton, Temple Lovelace, Kumar Garg, and Adina Sullivan-Marlow. The focus of the Exchange is to provide edtech leaders with collaborative opportunities to accelerate transformational practices and explore emerging models of post-pandemic learning.  

As we are closing the books on this school year and looking ahead with hope and possibilities for the upcoming school year, ISTELive 21 is the event that will highlight, support, and rejuvenate our commitment to our students. So, take advantage of the collaborative experiences, connect with colleagues doing the work, and end this year with renewed energy and enthusiasm for a new learning landscape of SY 2021.  

Leading Teaching and Learning in Today’s World

Originally Published:

The 2021 Driving K-12 Innovation report released by CoSN selected the most critical Hurdles (challenges), Accelerators (mega-trends), and Tech Enablers (tools) that school districts are facing with personalized learning, innovation, and digital equity. In a recent edWebinar, sponsored by ClassLink and co-hosted by CoSN and AASA, education leaders reflected on the challenges of the past year and the possibilities of the upcoming school year. 


According to the CoSN report, the standard definition of hurdles is a roadblock that forces schools to slow down, prepare themselves, and then make the leap. When asked about the hurdles that happened due to schools closing on March 13th, 2020, all four presenters agreed that broadband, not devices, challenged their districts to provide equitable access to learning no matter their districts’ geographic location or demographics. Dr. Carol Kelley, Superintendent of Oak Park Elementary District 97 (IL), stated, “We were not as prepared as we could have been to have made that shift in terms of our practices and pedagogy.” Director of Schools for Wilson County Schools (TN), Dr. Donna Wright’s hurdles included broadband issues and a tornado that hit the area two weeks before closing schools. “We were almost stunned into paralysis, which is a hurdle in itself, but then it became an urgency as far as what do we need to do next.”


As defined by the CoSN report, accelerators are megatrends that drive change. In Maury County Public Schools (TN), former Superintendent of Schools Dr. Chris Marczak said, “As we had to hit the brakes on many things, parents demanded that their children continue learning, which is understandable from a public K through 12 sectors. So, we had to think on our toes about what we would do throughout those next couple of months to hit the needs of our parents while still dealing with the hurdles.” In Wilson County, they focused on students by understanding them intimately and identifying their strengths before determining their needs. In Township High School District 214 (IL), where Dr. David Schuler is Superintendent, they doubled down on how to personalize the pathway for every child and enhance the student voice and student choice.

Tech Enablers  

A question put to all the presenters by Ann McMullan, Project Director of CoSN’s EmpowerED Superintendent Initiative, was, “Were there pieces of technology that you had in place already that enabled you to grease the wheels so that you could surmount the challenges that you were facing?”

Echoed by all four presenters, Dr. Schuler described how his district outfitted parking lots with internet and WiFi for students who could not access WiFi at home. His district also ensured that apartment complexes and mobile home parks could access WiFi with overnight placements of minibuses with hotspots. Dr. Wright’s district created a parent university that provided opportunities for parents to understand what their children would be experiencing and how they could support learning at home. Dr. Kelley stated her tech enablers included her amazing technology team that was instrumental in supporting technology during the transition to online learning. Finally, Dr. Marczak focused on the demand and need for a consistent and transparent parent community by launching a Facebook Live and Periscope blast to talk directly to parents and community members about what was going on in the schools. 

Looking Forward

Frankie Jackson, Independent K-12 Chief Technology Officer in Texas, highlighted the efforts by CoSN and the fact that all discussions by the advisory board regarding innovation in K-12 have happened over the last year. Personalization and digital collaborative environments identified in the fall of 2019 have accelerated due to the pandemic. When asked about which lens her district was looking through for the upcoming school year, Dr. Kelley reflected that tech enablers and system thinking would drive the following year. “The district is leveraging my departure as an opportunity to help the community come together to envision, build, and prioritize what they see as the future of learning,” Dr. Marczak stated. “We realized in the Department of Defense that we couldn’t go back to the way things were before March 13th of 2020. The world has changed. It is going to be different moving forward. So, we’ve worked hard on that cooperation around using tech to enable the work we’re doing moving ahead.”

Dr. Schuler said, “We’re excited about how we’re planning to accelerate the rate of learning for all of our students thinking through a school community lens. In addition, we are looking to bring in more supports through our ESSER dollars. The supports include providing more social work outreach to families and thinking through what trauma our students and staff may have experienced this year.” While at the same time, his district is also accelerating personalizing learning environments for every child to ensure that they have access to early college credit. Dr. Wright stated that it would have to be the accelerator because that is something that we stumbled into by accident. “With the virtual option that we built overnight, we were ready for remote and other small or short-term experiences.” Still, the virtual program has seen children thrive who failed in a brick-and-mortar classroom so that personalization became even more critical. McMullan concluded the presentation by stating, “What I see as an accelerator for all four of you is your incredible leadership. In the last year, we have learned that leadership does matter, and exemplary leadership and good leadership are what will drive this forward. The four of you are exemplars of the power of good leadership, which is an accelerator.

Copyright © 2022 Belastock Consulting- All Rights Reserved.