Skip to content
Contact us

Cybersecurity Protocols for Educational Institutions

Picture of William Tygart

Cybersecurity is paramount for all organizations in today's digital world, and educational institutions are no exception. Schools and colleges store a treasure trove of sensitive data, including personal information of students and staff, financial records, and valuable academic research. This makes them prime targets for cybercriminals seeking to exploit vulnerabilities for financial gain or to cause operational disruption. The increasing reliance on technology in education, with online learning platforms, student information systems, and administrative networks, further amplifies the potential risks1. In fact, data breaches at educational institutions cost close to $4 million on average in 2023, not to mention the less quantifiable reputational damage and theft of data and ideas2.

This report delves into the cybersecurity landscape for educational institutions, examining the prevalent threats, relevant data privacy regulations, and best practices for safeguarding critical information and systems. It also explores cybersecurity awareness training programs to empower staff and students to become active participants in maintaining a secure digital environment.

Current Cybersecurity Threats Targeting Schools and Colleges

Educational institutions face a diverse range of cyber threats, with malware and phishing attacks being the most common3. These attacks can compromise sensitive data, disrupt operations, and lead to significant financial losses. In 2023, known ransomware attacks against K-12 and higher education increased by 105%, surging from 129 in 2022 to 2654. Some of the key threats include:

  • Ransomware: This is malicious software that encrypts files and demands a ransom for their release. Ransomware attacks have become increasingly prevalent, impacting a large number of schools and universities3. In 2023, 79% of higher education providers and 80% of lower education providers were hit by ransomware5. The average cost of downtime from a ransomware attack is estimated at $548,185 per day6. For example, the University of California, San Francisco paid $1.14 million in ransom after a NetWalker ransomware attack in 2020. The attack disrupted research operations and compromised sensitive data.
  • Malware: This is a broad term encompassing various malicious software, including viruses, worms, Trojans, and spyware. Malware can steal data, disrupt systems, and provide attackers with unauthorized access to networks7. In 2022, malware attacks in the education sector grew by 157%7. A common example is the Emotet malware, which spreads through phishing emails and can steal login credentials, financial data, and other sensitive information.
  • Phishing: This involves deceptive attempts to trick individuals into revealing sensitive information, such as login credentials or financial data, through fraudulent emails, websites, or messages3. Phishing attacks often serve as an entry point for other cyber threats, such as ransomware or malware. For instance, attackers might send phishing emails impersonating school officials or IT staff, requesting users to click on malicious links or provide their login credentials.
  • Data Breaches: This involves unauthorized access to sensitive data, resulting in the exposure of personal information, financial records, or academic research. Data breaches can have severe consequences, including identity theft, financial losses, and reputational damage8. In 2021, a data breach at the University of California, Los Angeles exposed the personal information of over 30,000 students and employees.
  • Denial-of-Service (DoS) Attacks: These are attacks that overwhelm a network or system with traffic, making it unavailable to legitimate users. DoS attacks can disrupt online learning, administrative functions, and communication systems1. For example, a DoS attack could target a school's website or learning management system, preventing students and staff from accessing essential resources.
  • Meeting Invasions: This involves malicious actors gaining unauthorized access to online classes or meetings, disrupting sessions, and potentially exposing students and staff to harmful content8. During the COVID-19 pandemic, there were numerous reports of "Zoom bombing" incidents, where unauthorized individuals disrupted online classes with inappropriate behavior or offensive material.

Cybersecurity Risks and Challenges in Educational Institutions

While the threats to educational institutions are significant, implementing effective cybersecurity measures can be challenging. Schools and colleges often face unique obstacles that hinder their ability to protect their data and systems:

  • Budget Constraints: Many educational institutions, especially K-12 schools, operate with limited budgets, making it difficult to invest in robust cybersecurity infrastructure and personnel.
  • Limited IT Resources: Schools may lack dedicated IT staff with the expertise to manage complex cybersecurity systems and respond to sophisticated cyberattacks.
  • User Education and Awareness: A significant challenge is ensuring that all users, including students, staff, and faculty, are aware of cybersecurity threats and best practices. Human error remains a leading cause of security breaches.
  • Evolving Threat Landscape: Cyber threats are constantly evolving, with attackers developing new techniques and exploiting emerging vulnerabilities. This requires educational institutions to stay informed and adapt their security measures accordingly.

Data Privacy Regulations Relevant to Educational Institutions

Educational institutions must comply with various data privacy regulations that govern the collection, use, and disclosure of student and staff information. These regulations often overlap and can be complex to navigate, creating challenges for schools and colleges in ensuring compliance9. Some of the key regulations include:

  • Family Educational Rights and Privacy Act (FERPA): A federal law that protects the privacy of student education records. FERPA grants parents and eligible students the right to access, review, and request amendments to their education records. It also restricts the disclosure of personally identifiable information from education records without consent9.
  • General Data Protection Regulation (GDPR): A comprehensive data protection law in the European Union that applies to organizations processing the personal data of individuals in the EU, regardless of the organization's location. GDPR has significant implications for educational institutions with students or staff in the EU, requiring them to implement robust data protection measures and obtain consent for data processing10.
  • Children's Online Privacy Protection Act (COPPA): A federal law that protects the online privacy of children under 13. COPPA requires websites and online services to obtain parental consent before collecting, using, or disclosing personal information from children11.
  • State-Specific Privacy Laws: Many states have enacted their own student data privacy laws, adding another layer of complexity to compliance. For example, the Texas Student Privacy Act restricts the collection and sharing of student data, limiting it to what is necessary for educational purposes. Schools must get explicit consent from parents and students before sharing data with third-party vendors and must implement strong security measures to protect student data10. The California Consumer Privacy Act (CCPA) and the Student Online Personal Information Protection Act (SOPIPA) in California are other examples of state laws that provide additional protections beyond FERPA14.

Best Practices for Cybersecurity in Educational Settings

Implementing robust cybersecurity measures is crucial for protecting sensitive data and ensuring the continuity of operations in educational institutions. A multi-layered security approach, combining various measures, is essential to create a strong defense against cyber threats15. Some of the best practices include:

Data Encryption

  • Encrypt sensitive data: Encrypting sensitive data, both in transit and at rest, is essential to protect it from unauthorized access15. This includes student and staff personal information, financial records, and academic research.
  • Use strong encryption algorithms: Employ strong encryption algorithms and protocols, such as AES (Advanced Encryption Standard) and TLS (Transport Layer Security), to ensure the confidentiality and integrity of data18.
  • Protect encryption keys: Securely manage and protect encryption keys to prevent unauthorized access19.

Multi-Factor Authentication (MFA)

  • Implement MFA: MFA adds an extra layer of security by requiring users to provide multiple forms of authentication, such as a password and a unique code sent to their phone or email16. This makes it significantly more difficult for attackers to gain unauthorized access, even if they obtain login credentials.
  • Choose appropriate MFA methods: Select MFA methods that are user-friendly and suitable for the educational environment21. Options include authenticator apps, SMS codes, and biometric authentication.
  • Educate users about MFA: Provide clear instructions and training to staff and students on how to use MFA effectively22.

Network Security

  • Secure Wi-Fi networks: Use strong encryption protocols, such as WPA2 or WPA3, to secure Wi-Fi networks and prevent unauthorized access17.
  • Implement firewalls: Firewalls act as a barrier between the internal network and external threats, blocking unauthorized access and preventing malicious traffic23.
  • Regularly update and patch systems: Keep all software, operating systems, and network devices up to date with the latest security patches to address known vulnerabilities20.
  • Monitor network activity: Implement network monitoring tools to detect suspicious activity and potential security breaches17.
  • Control user access: Establish strong user access policies and implement access controls to limit access to sensitive information based on user roles and permissions17. This includes preventing simultaneous login sessions and restricting password sharing to prevent unauthorized access24.
  • Utilize VPNs: Providing a VPN service to staff, especially in remote learning environments, can mitigate risks by establishing a secure, encrypted connection on top of the local network. This allows users to safely access school resources without worrying about hackers intercepting their traffic and stealing sensitive information25.

Cybersecurity Awareness Training Programs

Cybersecurity awareness training is essential for empowering staff and students to become active participants in maintaining a secure digital environment. Effective training programs should cover topics such as:

  • Phishing and Social Engineering: Recognizing and avoiding phishing emails, suspicious links, and social engineering tactics26. This includes being aware of common phishing techniques, such as impersonation and creating a sense of urgency, and learning how to verify the legitimacy of emails and websites.
  • Password Security: Creating strong passwords, using password managers, and avoiding password reuse26. Training should emphasize the importance of password complexity, length, and uniqueness, and encourage the use of password managers to securely store and manage passwords.
  • Data Protection: Handling sensitive data responsibly, understanding data privacy regulations, and reporting potential data breaches26. This includes knowing how to identify sensitive data, understanding the requirements of FERPA and other relevant regulations, and knowing how to report suspected data breaches or security incidents.
  • Device Security: Securing personal devices, such as laptops and smartphones, with strong passwords and updated software26. Training should cover best practices for device security, such as enabling strong passwords or biometrics, installing security software, and keeping software updated.
  • Physical Security of Devices and Data: Emphasize the importance of physical security measures, such as locking devices when not in use, storing devices securely, and being mindful of who has physical access to sensitive information26.
  • Incident Response and Reporting Security Incidents: Training should include clear procedures for reporting security incidents, such as phishing attempts, malware infections, or suspected data breaches26. This ensures that incidents are addressed promptly and effectively to minimize potential damage.
  • Safe Internet Use: Practicing safe browsing habits, avoiding suspicious websites, and being cautious about sharing personal information online27. This includes being aware of online scams, understanding the risks of using public Wi-Fi, and being mindful of the information shared on social media and other online platforms.
  • Emerging Trends: Training should also cover emerging trends in cybersecurity, such as the increasing use of AI in threat detection and prevention 26 and the adoption of passwordless authentication methods like biometrics and security keys26.

Examples of Cybersecurity Awareness Training Programs

Several organizations offer cybersecurity awareness training programs for educational institutions, including:

  • KnowBe4: Provides a comprehensive security awareness training platform with interactive modules, simulated phishing attacks, and educational resources28.
  • ESET: Offers a free basic cybersecurity awareness training course covering topics such as phishing, malware, and social engineering30.
  • Federal Virtual Training Environment (FedVTE): Managed by the Cybersecurity and Infrastructure Security Agency (CISA), FedVTE provides free online cybersecurity training courses for various audiences, including students and staff in educational institutions30. It also offers certification prep courses on topics such as Ethical Hacking, Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP)31.
  • CISA Cybersecurity Awareness Program: A national public awareness effort aimed at increasing understanding of cyber threats and empowering individuals to be safer online32. This program emphasizes that cybersecurity is a shared responsibility and encourages everyone to take proactive steps to protect themselves and their organizations.

Case Studies of Cybersecurity Incidents in Educational Institutions

Examining real-world case studies of cybersecurity incidents in educational institutions provides valuable insights into the potential consequences of cyberattacks and the importance of proactive security measures. These case studies demonstrate that educational institutions are vulnerable to a wide range of attacks, with varying impacts and lessons learned.

  • Ransomware Attack on Finalsite: A ransomware attack on Finalsite, a web-hosting service provider for the education sector, resulted in websites for approximately 5,000 schools and colleges going offline33. While the attack did not compromise school data, it highlighted the potential for disruption and the need for robust cybersecurity measures, including regular backups and incident response plans.
  • Data Breach at Multiple E-learning Platforms: In 2020, unprotected databases belonging to several e-learning platforms were discovered, exposing the personal information of one million users34. This incident emphasized the importance of data encryption, secure data storage practices, and regular security audits to identify and address vulnerabilities.
  • Zoom Bombing Incidents: Several schools reported incidents of "Zoom bombing," where unauthorized individuals disrupted online classes with inappropriate behavior or harmful content34. This highlighted the need for secure online meeting protocols, such as using strong passwords, enabling waiting rooms, and educating users about appropriate online behavior.
  • Ransomware Attack on the University of California, San Francisco: In 2020, the University of California, San Francisco was hit by a NetWalker ransomware attack that disrupted research operations and compromised sensitive data. The university paid $1.14 million in ransom to regain access to its systems. This case study highlights the severe financial and operational impact of ransomware attacks and the difficult decisions institutions face in responding to such incidents.
  • Data Breach at the University of California, Los Angeles: In 2021, a data breach at the University of California, Los Angeles exposed the personal information of over 30,000 students and employees. This incident underscores the importance of strong access controls, regular security assessments, and employee training to prevent unauthorized access to sensitive data.

Cybersecurity Insurance Options for Educational Institutions

Cybersecurity insurance can help educational institutions mitigate the financial risks associated with cyberattacks. It can cover costs related to data breach response, legal expenses, public relations, and recovery efforts35. However, there is growing concern about the affordability of cyber insurance for educational institutions, as premiums rise and security investments increase37. This might force schools to reconsider their reliance on cyber insurance and explore alternative risk management strategies.

Types of Cyber Insurance Coverage

Cyber insurance policies typically cover a range of cyber incidents and exposures, including: 38

  • Data breaches: Costs associated with investigating and responding to data breaches, notifying affected individuals, providing credit monitoring services, and legal expenses.
  • Cyber theft and extortion: Losses resulting from cyber theft, including fraudulent funds transfers, and extortion attempts, such as ransomware attacks.
  • Ransomware attacks: Coverage for ransom payments, data recovery costs, and business interruption losses resulting from ransomware attacks.
  • Phishing attacks: Costs associated with responding to phishing attacks, including investigating the incident, mitigating damage, and providing user education.
  • Network outages: Coverage for business interruption losses and data recovery costs resulting from network outages caused by cyberattacks.
  • Other incidents: Cyber insurance may also cover costs related to replacing hardware and software, lawsuits and legal costs, public relations expenses, and forensic analysis35.

It's important to note that cyber insurance companies have become more selective in recent years, requiring schools to meet stricter security standards to qualify for coverage36. This often involves implementing multi-factor authentication, data encryption, regular security assessments, and employee training programs.

Government Initiatives and Support for Cybersecurity in Education

Recognizing the growing cyber threats to educational institutions, several government agencies provide resources and support to help schools and colleges improve their cybersecurity posture.

  • Cybersecurity and Infrastructure Security Agency (CISA): CISA offers various resources, including guidance on cybersecurity best practices, vulnerability assessments, and incident response assistance39. CISA also released the "Protecting Our Future" report, which provides recommendations and resources to help K-12 schools address cybersecurity risks39.
  • Federal Communications Commission (FCC): The FCC has a $200 million cybersecurity pilot program to support cybersecurity services and equipment for eligible schools and libraries41. This program aims to help schools and libraries improve their network security and protect sensitive data.
  • National Security Agency (NSA): The NSA manages the National Centers of Academic Excellence in Cybersecurity (NCAE-C) program, which designates institutions that meet cybersecurity education standards42. This program promotes cybersecurity education and research in higher education institutions.
  • Department of Education: The Department of Education offers grants and programs to support cybersecurity education and technological upgrades in educational institutions43. This includes funding for community colleges to enhance their cybersecurity programs and infrastructure.
  • State and Local Cybersecurity Grant Program (SLCGP): The Department of Homeland Security provides funding to state, local, and territorial governments, including school districts, to address cybersecurity risks44. This program helps schools implement cybersecurity plans, improve their security infrastructure, and respond to cyber threats.
  • White House Initiatives: In 2024, the White House hosted the first K-12 cybersecurity summit and launched a government coordinating council to address cybersecurity in schools45. These initiatives demonstrate the government's commitment to supporting cybersecurity efforts in the education sector.

Conclusion

Cybersecurity is an ongoing and evolving challenge for educational institutions. The increasing reliance on technology, the growing sophistication of cyberattacks, and the complexity of data privacy regulations require a comprehensive and proactive approach to security. Educational institutions must prioritize cybersecurity by implementing robust security measures, promoting user awareness, and staying informed about the latest threats and best practices.

Key takeaways for educational institutions include:

  • Understand the threat landscape: Be aware of the diverse range of cyber threats targeting schools and colleges, including ransomware, malware, phishing, data breaches, and denial-of-service attacks.
  • Prioritize data protection: Implement strong data encryption, access controls, and secure data storage practices to protect sensitive student and staff information.
  • Enhance network security: Secure Wi-Fi networks, implement firewalls, regularly update systems, monitor network activity, and control user access to prevent unauthorized access and malicious activity.
  • Empower users through awareness training: Provide comprehensive cybersecurity awareness training to staff and students, covering topics such as phishing, password security, data protection, device security, and safe internet use.
  • Explore cyber insurance options: Consider cyber insurance to mitigate the financial risks associated with cyberattacks, but be aware of rising premiums and stricter requirements.
  • Leverage government resources: Utilize the resources and support provided by government agencies, such as CISA, FCC, NSA, and the Department of Education, to improve cybersecurity posture.

By taking these steps, educational institutions can create a safer and more secure digital learning environment for students and staff, protect sensitive data, and maintain operational continuity in the face of evolving cyber threats.

Works cited

  1. Cybersecurity - SchoolSafety.gov, accessed January 12, 2025, https://www.schoolsafety.gov/cybersecurity
  2. Cyber Attack Protection for Schools & Universities - BofA Securities, accessed January 12, 2025, https://business.bofa.com/en-us/content/cyber-attack-protection-for-universities.html
  3. What Cybersecurity Threats Does The Education Sector Face? - Forbes, accessed January 12, 2025, https://www.forbes.com/councils/forbestechcouncil/2024/03/11/what-cybersecurity-threats-does-the-education-sector-face/
  4. Cyberattacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine, accessed January 12, 2025, https://edtechmagazine.com/higher/article/2024/03/cyberattacks-higher-ed-rose-dramatically-last-year-report-shows
  5. The importance of cybersecurity in education | NordLayer Blog, accessed January 12, 2025, https://nordlayer.com/blog/cybersecurity-challenges-in-education/
  6. Schools, colleges faced record-breaking year of ransomware attacks in 2023 - K-12 Dive, accessed January 12, 2025, https://www.k12dive.com/news/how-many-ransomware-attacks-schools-2023-comparitech/725753/
  7. Top 5 cybersecurity threats to schools - PDQ, accessed January 12, 2025, https://www.pdq.com/blog/cybersecurity-threats-to-schools/
  8. Cybersecurity Preparedness for Schools and Institutions of Higher Education, accessed January 12, 2025, https://rems.ed.gov/Cyber
  9. Privacy Considerations in Higher Education Online Learning: Applicable Laws, accessed January 12, 2025, https://www.newamerica.org/oti/reports/privacy-considerations-higher-education-online-learning/applicable-laws/
  10. Your Company's Complete Guide To Student Data Privacy Laws - Usercentrics, accessed January 12, 2025, https://usercentrics.com/knowledge-hub/student-data-privacy-laws/
  11. Federal Laws that protect student data | Achievement First, accessed January 12, 2025, https://www.achievementfirst.org/how-we-work/data-privacy-and-security/federal-laws-that-protect-student-data/
  12. FERPA Laws and What Educators Need to Know About Data Collection - Cognito Forms, accessed January 12, 2025, https://www.cognitoforms.com/blog/517/ferpa-laws-and-what-educators-need-to-know-about-data-collection
  13. FERPA Compliance: Protecting Student Data through Encryption - Virtru, accessed January 12, 2025, https://www.virtru.com/blog/compliance/ferpa/schools
  14. Student Data Privacy Regulations Across the U.S.: A Look at How Minnesota, California and Others Handle Privacy - Instructure, accessed January 12, 2025, https://www.instructure.com/resources/blog/student-data-privacy-regulations-across-us-look-how-minnesota-california-and-others
  15. 7 Best Practices for Student Data Security and Privacy Compliance | Innovare, accessed January 12, 2025, https://innovaresip.com/resources/blog/student-data-privacy-best-practices/
  16. Multi-Factor Authentication Solution for Schools - Clever, accessed January 12, 2025, https://www.clever.com/products/clever-mfa
  17. Enhancing Network Security in Education: Best Practices for Schools - Digital BackOffice, accessed January 12, 2025, https://www.digitalbackoffice.com/enhancing-network-security-in-education-best-practices-for-schools/
  18. Data Encryption in Education - Apricorn, accessed January 12, 2025, https://apricorn.com/data-encryption-in-education/
  19. Encrypting data: best practices for security - Prey Project, accessed January 12, 2025, https://preyproject.com/blog/data-encryption-101
  20. 10 best practices for higher education data security - Watermark Insights, accessed January 12, 2025, https://www.watermarkinsights.com/resources/blog/10-best-practices-for-higher-education-data-security/
  21. Multi-factor Authentication Deployment in Higher Education - BIO-key, accessed January 12, 2025, https://www.bio-key.com/multi-factor-authentication/multi-factor-authentication-deployment-in-higher-education/
  22. Instructional Technology / Multi-Factor Authentication (MFA) - Alachua County Public Schools, accessed January 12, 2025, https://fl02219191.schoolwires.net/Page/30682
  23. Best Practices to Enhance Campus Safety and Security in 2024 - Edular, accessed January 12, 2025, https://klassapps.com/best-practices-to-enhance-campus-safety-and-security-in-2024/
  24. Acing network security in universities, colleges and schools - IS Decisions, accessed January 12, 2025, https://www.isdecisions.com/en/blog/it-security/network-security-in-universities-colleges-and-schools
  25. Network Security for Schools: Tools, Tips, And Best Practices - ManagedMethods, accessed January 12, 2025, https://managedmethods.com/blog/network-security-for-schools/
  26. 13 Top Cyber Security Awareness Training Topics You Should Cover - Aztech IT, accessed January 12, 2025, https://www.aztechit.co.uk/blog/cyber-security-awareness-training-topics
  27. Cybersecurity Awareness training, accessed January 12, 2025, https://learnsecurity.amazon.com/
  28. 27 Best Security Awareness Training Software Tools In 2025 - Guardey, accessed January 12, 2025, https://www.guardey.com/security-awareness-training-software/
  29. Get Cyber Smart - Student Cybersecurity Awareness Training - GSU Technology, accessed January 12, 2025, https://technology.gsu.edu/technology-services/cybersecurity/cybersmart/
  30. 8 Best Cybersecurity Training Courses for Professionals - Sprinto, accessed January 12, 2025, https://sprinto.com/blog/cybersecurity-training/
  31. Cybersecurity Training & Exercises - CISA, accessed January 12, 2025, https://www.cisa.gov/cybersecurity-training-exercises
  32. CISA Cybersecurity Awareness Program, accessed January 12, 2025, https://www.cisa.gov/resources-tools/programs/cisa-cybersecurity-awareness-program
  33. Cyber Attacks Against Schools and Colleges | Arctic Wolf, accessed January 12, 2025, https://arcticwolf.com/resources/blog/cyber-attacks-against-schools-and-colleges/
  34. Case Studies on Online Learning Platforms Cyberattacks – Cybersecurity Training for Teachers - for Open Textbook Publishing, accessed January 12, 2025, https://opentextbooks.colvee.org/cybersecuritytrainingteachers/chapter/case-studies-on-online-learning-platforms-cyberattacks/
  35. Lowering Cyber Insurance Premiums in the Education Industry | UpGuard, accessed January 12, 2025, https://www.upguard.com/blog/lowering-cyber-insurance-premiums-education
  36. How to navigate the rising cost of cyber insurance for schools - K-12 Dive, accessed January 12, 2025, https://www.k12dive.com/news/k-12-cyber-insurance-costs-rising-ransomware/729011/
  37. Should Higher Education Be Worried About the Future of Cyber Insurance?, accessed January 12, 2025, https://edtechmagazine.com/higher/article/2023/06/should-higher-education-be-worried-about-future-cyber-insurance
  38. Cyber Liability Insurance | Independent School Management | Advancing School Leadership—Enriching The Student Experience, accessed January 12, 2025, https://isminc.com/insurance/property-and-casualty/cyber-liability
  39. Cybersecurity for K-12 Education - CISA, accessed January 12, 2025, https://www.cisa.gov/K12Cybersecurity
  40. Educational Institutions | Cybersecurity and Infrastructure Security Agency CISA, accessed January 12, 2025, https://www.cisa.gov/audiences/educational-institutions
  41. FCC Adopts $200M Cybersecurity Pilot Program for Schools & Libraries, accessed January 12, 2025, https://www.fcc.gov/document/fcc-adopts-200m-cybersecurity-pilot-program-schools-libraries-0
  42. National Centers of Academic Excellence in Cybersecurity, accessed January 12, 2025, https://www.nsa.gov/Academics/Centers-of-Academic-Excellence/
  43. Pilot Program for Cybersecurity Education Technological Upgrades for Community Colleges, accessed January 12, 2025, https://www.ed.gov/grants-and-programs/grants-higher-education/improvement-postsecondary-education/pilot-program-for-cybersecurity-education-technological-upgrades-for-community-colleges
  44. A Superintendent's Guide to Federal Cybersecurity Grants - PowerSchool, accessed January 12, 2025, https://www.powerschool.com/blog/a-superintendents-guide-to-federal-cybersecurity-grants/
  45. A New Federal Taskforce Targets Cybersecurity in Schools - Education Week, accessed January 12, 2025, https://www.edweek.org/technology/a-new-federal-taskforce-targets-cybersecurity-in-schools/2024/03