Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. Why K–12 schools need cybersecurity plans

      Articles

    Article

    Why K–12 schools need cybersecurity plans

    July 8, 2024

    LinkedInX (Twitter)EmailCopy URL

    By Jason Kravitz, Jenny Holmes and Jennifer Jovcevski

    Educational institutions that prioritize cybersecurity risk management can navigate mounting threats to their data security more easily.

    As K–12 schools increasingly rely on technology to drive their daily operations, a robust cybersecurity risk management framework is more important than ever. From distance learning and interactive classrooms to online assignment dashboards, educational spaces are moving online, introducing a myriad of challenges. Cybersecurity risk management is crucial to schools’ ability to operate effectively — regardless of whether the school is public, nonpublic, private, or independent.

    Why cybercriminals target schools

    While most K–12 institutions prioritize physical security measures, cybersecurity for schools frequently lags behind. Schools with insufficient IT resources and cybersecurity capacity are vulnerable to ransomware attacks and other types of attempted cybercrime — and threat actors know this.

    Although educational institutions have the capacity to move fast to create multitudes of accounts for new students, parent volunteers, and other stakeholders, they rarely have the same speed and agility when it comes to navigating cyberattacks. Schools are, on average, significantly slower to recover than organizations in other industries: 40% took a week, 26% took more than a month, 21% took one to three months, and 5% rebounded in three to six months.

    Many schools lack proper cybersecurity protection plans, infrastructure, and training, and because of this, they are often easier to exploit in ransomware attacks. Ransomware severely impacts operations and causes monetary losses due to the downtime and resources needed to recover from incidents.

    What are the consequences of cyberattacks on schools?

    When schools fall prey to cyberattacks, negative media coverage and diminished public trust often follow. Schools that can’t adequately safeguard their operations could risk losing state funding and compromising longer-term charter renewals or reauthorizations.

    Several states have specific laws designed to protect personally identifiable information and other sensitive data. Exposure of personally identifiable information may subject students, parents, administrators, faculty, and staff to an increased risk of identity theft, and faculty, staff, and job candidates could be vulnerable to extortion threats from leaks of sensitive background-check data.

    Schools can also incur significant financial costs stemming from regulatory investigations, as well as fines and class-action litigation settlements or judgments. The resources required to help recover from an incident could also divert from resources intended for faculty pay raises and general services.

    How can schools reduce cybersecurity risks?

    New digital threats arise every day, but schools can plan to stay one step ahead by taking a proactive approach to protecting sensitive data. A well-defined cybersecurity strategy includes both prevention planning and a cybersecurity incident response plan.

    Prevention planning

    A well-crafted prevention plan is the first line of defense against a multitude of cybersecurity risks. Executing preventive measures can drastically reduce the likelihood of unauthorized access to information, data loss, and operational disruptions.

    Prevention plans commonly include action items such as:

    • Identifying and categorizing sensitive information
    • Monitoring for potential cyber risks and vulnerabilities
    • Preparing or revising legally compliant, proactive mitigation programs, incident response plans, school security and technology policies, and data breach policies
    • Developing awareness and training programs for schools and employees (as required by most state laws)

    Incident Response

    Educational institutions also need a cybersecurity incident response plan that outlines how to rapidly identify and contain threats to operational continuity, satisfy legal obligations, and safeguard their reputations.

    Incident response plans often involve:

    • Managing incident response, including engaging forensic investigators
    • Assessing whether sensitive data has been compromised and, if required or recommended, guiding the associated notification process
    • Engaging with local, state, federal, and international law enforcement on cybersecurity matters
    • Notifying all stakeholders, including students, parents, faculty, and others whose data may have been compromised, and coordinating post-incident support to those affected

    Be prepared

    Adopting a proactive approach can help educational institutions safeguard their data and protected information, and minimize the impact on your operations if an attack occurs. Nixon Peabody’s Cybersecurity & Privacy and Private, Independent, and Charter School teams help schools protect their employees, students, operations, and information by navigating regulatory, preparedness, incident response, disclosure, investigation, and litigation needs.

    For more information on the content of this alert, please contact your Nixon Peabody attorney 

    Practices

    Cybersecurity & Privacy

    Industries

    Private, Independent & Charter Schools

    Insights And Happenings

    • Alert

      New York enacts protective measures for minors’ mental health and privacy rights

      July 11, 2024
    • Alert

      Portions of OCR's bulletin on online tracking technologies deemed unlawful

      July 3, 2024
    • Alert

      FTC amends and broadens Health Breach Notification Rule

      May 22, 2024
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved