Skip to content

IT Is the Glue that Holds K-12 Cybersecurity Together

Gaining real-time visibility into devices and software is the first step in protecting public schools


Student and staff data is at risk

Ransomware attacks are on the rise, and K-12 schools are a top target. The U.S. public school system employs more people — about 6.6 million — than any other industry in the country. Public school IT systems store a massive amount of personally identifiable information (PII), including names, home addresses, and social security numbers, for over 50 million students. Schools are attractive targets for cybercriminals because of their size, finances, and the wealth of PII they manage.

Given the proliferation of open-source software and free tools, combined with a massive market for buying stolen PII that can be used to open bank accounts or take out loans, cybercriminals are willing to pay $250 to $350 for a student’s personal data on the dark web.

With millions of students across the country using school-issued and personal laptops from on-campus or remotely, the number of endpoints has exploded, making it easier than ever for cybercriminals to disrupt learning, endangering both student and staff data. Even with heightened awareness, 44% of educational organizations were the victim of a ransomware attack between 2020 and 2021. Unlike hospitals or banks, which also house sensitive data, most K–12 schools have a fraction of the budget and staff to manage this risk, which is why attacks are rising — leaving students at risk.

Strengthening cybersecurity posture across K-12 schools

In February, the Cybersecurity and Infrastructure Security Agency (CISA) released its third edition of the CISA K-12 School Security Guide and School Security Assessment Tool (SSAT), which aims to help K-12 schools strengthen their security posture and protect against a range of targeted threats.

CISA’s Executive Assistant Director for Infrastructure Security, Dr. David Mussington, says that “the updated CISA K-12 School Security Guide and SSAT provide schools with critical new information, practical tools, and concrete steps they can implement immediately — and with minimal financial investment — to improve their physical security and better protect students, teachers and staff. This is part of [CISA’s] ongoing effort to make school safety and security information readily available for communities across the country.”

While the Guide focuses primarily on physical security, it also highlights technology that can be layered into the approach to keep students safe, including CCTV, automatic door and window locking mechanisms, and access control units. These solutions require IT operations and security administrators to weigh the benefits of added layers of protection with the increased workload of managing the technology and the risks that these services could be compromised. Takeover of CCTV opens the door to personal privacy concerns, as images and videos of students could be seized, and access control systems tied into the school’s IT systems and servers could be taken over. The bad news is that it takes just one unprotected endpoint or misconfigured account to let bad actors in, who can then move laterally to find other high-value data or assets to compromise. And without adequate staff or modern tools to locate these bad actors, or misconfigurations, it can be very difficult for districts to know when they’ve been compromised.

For K-12 schools, gaining control and confidence over cybersecurity posture is no longer just nice to have, it’s a requirement. But where to start?

The need for asset visibility

Schools, like every other organization, can’t protect what they can’t see. To determine the risk of attack, IT administrators first need real-time answers to some basic questions, including:

  • How many student and staff devices (desktops and laptops) do we have?
  • How many servers do we have?
  • Are all these devices up to date with system configurations and patching?
  • Do any of these devices hold personally identifiable information?

Many schools can’t answer these questions with confidence. They lack real-time visibility into their devices and software tools, which makes it more difficult to secure data and prevent learning disruptions.

Tanium provides crucial insight into IT assets, wherever they are — on school campus networks or virtual-learning settings. Tanium’s lightweight agent can distribute, manage, and report on patching across a school’s environment. Gaining visibility of both managed and unmanaged endpoints allows schools to consolidate costs and reclaim underutilized tools to improve efficiency, allowing security and operations staff to spend time on the things that really matter — students and the tools they need to be successful.

With Tanium, K-12 schools can also quickly locate and remove, if necessary, personally identifiable information across all endpoints. If cybersecurity threats are detected, Tanium can respond rapidly by identifying, investigating, quarantining and remediating incidents with access to real-time data and comprehensive control.

Learn more about how Tanium helps K-12 schools prevent learning disruptions, promote student data safety and prevent ransomware attacks at

Doug Thompson

Doug Thompson is Tanium’s Chief Education Architect. A conference speaker, podcast host, and storyteller, he architects solutions that keep our schools’ sensitive data secure.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.