Cybersecurity Resources for a Successful 2025-26 School Year

As schools kick off another year, a top concern for many administrators is cybersecurity. Schools are often targeted for cyber threats and attacks. Staying on top of current threats, new technologies and evolving regulations is vital to improving your school’s security posture. Implementing recommended security strategies and including your administrators, teachers, students, and parents are both key for an effective security plan.

Center for Internet Security

The Center for Internet Security reports that schools face several challenges that make them more vulnerable to cyberthreats:

• Valuable student and teacher data, which can include names, home addresses, and birthdays
• Outdated technology
• Lack of funding and resources
• Limited cybersecurity staff and awareness training for staff and students
• Decentralized data storage and management

CISA

The Cybersecurity & Infrastructure Security Agency (CISA) offers a report to help schools reduce their cyber risks. “Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity, provides school districts with several resources specifically for K-12 leaders and IT staff.

According to CISA, some of the best strategies you can implement at your school are:

Utilize multifactor authentication

MFA, or multifactor authentication, requires the user to verify who they are in more than one way. This prevents cybercriminals from hacking into an account with just login information. MFA typically consists of a one-time password, typically through your phone or email, to verify who you are, making it more challenging for hackers to access an account.

Prioritize patch management

Make sure to update software frequently and keep patching up to date. Missing crucial updates can create a security vulnerability for cybercriminals to exploit.

Perform and test backups

If your school is caught off guard by a ransomware attack, having a full backup of your data can protect you from having to pay the ransom.

Minimize exposure to common attacks

Schools can reduce their exposure to common attacks by ensuring that commonly exploited services like RDP (remote desktop protocol) and any unused services are disabled from outside the school’s network. Implementing a robust password policy for public services that are in use can also minimize risk.

Develop and exercise a cyber incident response plan

Having an incident response plan or a “plan of attack” for your school during a crisis can prevent further damage from occurring.

Create a training and awareness campaign at all levels

Prepare everyone at your school to protect their devices against these threats. Educate teachers, staff, administrators, and students (if given email access) about phishing schemes and provide anti-phishing software. You can routinely test these individuals and have them report any suspicious emails.

GenAI Threats

Generative AI or GenAI can be used by unskilled malicious actors to quickly create convincing phishing emails, voice messages, and deepfake videos to influence people into giving their credentials, sensitive information, and/or funds. AI generated content has spread rapidly on social media sites, in part because many users are unable to recognize that the images in question aren’t real.

“As GenAI improves, it will become more difficult to tell the difference between fake communications and communications from a real person,” said Quinn McCrary, OneNet cybersecurity technician. “It’s important to learn to recognize the quirks of modern AI generation and share this knowledge with staff, teachers, and students to protect your school.”

MS-ISAC

Another helpful organization is the Multi-State Information Sharing and Analysis Center, whose mission is to improve the overall cybersecurity posture of U.S. state, local, tribal, and territorial government organizations through coordination, collaboration, cooperation, and increased communication.

MS-ISAC offers members incident response and remediation support through a team of security experts. They also develop tactical, strategic, and operational intelligence and advisories that offer actionable information for improving cyber maturity.

MS-ISAC services include:

• 24/7 Security Operations Center
• Webinars on timely cybersecurity issues
• Annual cybersecurity self-assessments
• Cybersecurity advisories and notifications
• Secure portals for document sharing
• Cyber alert map
• Weekly top malicious domains/IP report

As cyber threats continue to evolve, we’ve learned the best defense is to prevent problems before they start. A cyber-secure school will foster a healthy environment for students to participate and learn. Using these resources will help make a bright and safe future for students across Oklahoma.

Learn more about cyber-safety at staysafeonline.org.

OneNet provides DDoS mitigation at no additional cost to our subscribers. Take advantage of the network benefits OneNet offers through our internet service suite.