Next Steps for Cybersecurity for the Summer 

The Wisconsin Department of Public Instruction, in following NNT’s CIS Controls, has been sharing some best practices and resources throughout the year to help develop and execute cybersecurity prevention plans. It is important to revisit school and district policies annually, as cybersecurity threats are real and costly.

Earlier this year, NPR reported a cyberattack on Albuquerque Public Schools compromising its student information database and locking teachers out of attendance, emergency contact information, and who is approved to pick up students after school. The superintendent was forced to cancel two days of classes for around 75,000 students.

In Illinois, a small private college, already facing economic challenges due to the pandemic, was hit by a cyberattack in December making most systems inoperable that help with fundraising and enrollment, according to Inside Higher Ed. It took until March to return to full operations, but it was too late. Low enrollment is forcing the school to close at the end of this school year after 157 years of serving students.

As we approach summer, it is a perfect time to revisit your school or district’s cybersecurity plans and make the necessary updates to protect your students, staff, and parents. Remember, it is not about if there is a cybersecurity incident in the school or district, but when. As a review, make sure to take inventory of all assets and determine who will manage those assets. Back up all data, ideally off site in a separate location. Have an access control management system in place to create, assign, manage, and revoke access to all accounts for assets and software. Part of the plan should also include putting defenses in place to prevent or control threats like phishing or malware and process for data recovery. Once you have a plan in place, develop a network and security awareness training program for all employees appropriate to their line of work. Make sure security measures are in place when working with third party service providers. And finally, create and be ready to implement an incident response plan.

It is impossible for protections to be effective all the time, but with policies, procedures, and communications in place it will allow a school or district to quickly respond to an attack and minimize any damage. For more information, please contact Ed Snow with the DPI’s Instructional Technology Services Team or visit for resources and cyber/data announcements.

By Ed Snow, WI Department of Public Instruction