Language Translation
  Close Menu



Defend Against Cybersecurity Threats to Your K-12 School with Four Simple Action Steps

Monday, October 24, 2022

Blog topics: 

Cyberattacks and online threats are an increasingly significant and widespread problem for K-12 schools and districts. A growing dependence on technology for learning, the presence of sensitive student data, and increasingly complex and deceptive cyber criminals have made the K-12 community particularly vulnerable over the past several years. Impacts from such attacks can affect a school’s financial security, educational obligations, and ability to provide a safe, secure environment for students and staff.

Cybersecurity Awareness Month, recognized each October by the Cybersecurity and Infrastructure Security Agency, the National Cybersecurity Alliance, and other organizations throughout the country, provides an important opportunity for the K-12 community to become more educated, empowered, and equipped to take action against cyber threats. This year’s campaign theme – “See Yourself in Cyber” – illustrates that while cybersecurity may seem like a complex issue, everyone can play a role in staying safe online.

For students, teachers, and staff, taking action can mean enabling basic cyber hygiene practices. School communities can get started with these four simple steps:

  1. Enable Multi-Factor Authentication: Multi-factor authentication (MFA) is a layered approach to securing online accounts that requires users to provide two or more authenticators to verify their identity. Enabling MFA can make users significantly less likely to get hacked.
  2. Use Strong Passwords: Passwords are the most common means of authentication. Create passwords that are long, unique, and randomly generated, and use a password manager to generate and store passwords across multiple accounts.
  3. Recognize and Report Phishing: Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. Reduce the risk of phishing attempts by ‘thinking before you click,’ enabling strong spam filters, and training staff to recognize and report suspicious activity.
  4. Update Your Software: Outdated software can contain vulnerabilities that can be exploited by threat actors. Install updates on school devices as soon as possible and/or enable automatic updates to protect your systems.

Learn more about these action steps with this cybersecurity infographic from This one-page overview can be printed and shared to help promote cybersecurity best practices within your school, and to encourage all members of the K-12 community to ‘see themselves in cyber.’

Visit to access additional cybersecurity resources and guidance and follow @SchoolSafetyGov on Twitter for other timely school safety updates. Disclaimer  ​​​​​​
The U.S. Department of Homeland Security (DHS), U.S. Department of Education (ED), U.S. Department of Justice (DOJ), and U.S. Department of Health and Human Services (HHS) do not endorse any individual, enterprise, product, or service. DHS, ED, DOJ, and HHS do not mandate or prescribe practices, models, or other activities described in this communication. DHS, ED, DOJ, and HHS do not control or guarantee the accuracy, relevance, timeliness, or completeness of any information outside of those respective Departments, and the opinions expressed in any of these materials do not necessarily reflect the positions or policies of DHS, ED, DOJ, and HHS.