Cybersecurity best practices for K-12 schools

We’re sharing a K-12 Cybersecurity Guidebook with best practices to help school IT administrators prepare to return to school safely.

Aug 10, 2023 3 min read

John Solomon, VP, ChromeOS

The importance of cybersecurity tools for schools

Educational institutions are top targets for cyberattacks, with bad actors looking to exploit schools for their own profit. Forty-six percent of schools who have yet to be targeted believe they’ll eventually be attacked.

Google is committed to helping schools keep data secure and digital learning environments safe. When learners are at school, they use Google for Education, an education technology solution that integrates Google Workspace for Education core services - that are ad free - like Google Classroom, Docs, Slides, and Gmail and devices like Chromebooks, which are designed to provide safer digital learning environments, all managed at scale by education administrators, and have never had a reported ransomware attack.

“While advanced and automated technologies are essential elements of an effective anti-ransomware defense, stopping hands-on attackers also requires human monitoring and intervention by skilled professionals… We strongly recommend all organizations build up their human expertise in the face of the ongoing ransomware threat.”

Sophos: The State of Ransomware in Education 2021

Our cybersecurity guidebook for schools

The K-12 Cybersecurity Guidebook provides guidance and best practices for school IT administrators on setting up and configuring hardware and software in K-12 institutions to strengthen cybersecurity. It includes both general best practices, as well as specific guidance for Google for Education tools, like Chromebooks and Google Workspace for Education. We’re sharing some of those below:

  • Using secure authentication to keep sensitive information safe, protect emails, files and other content, and prevent unauthorized users from accessing education systems. Single Sign On (SSO), password managers and two-step verification are built into our product offering to help keep users safe online.

  • Applying appropriate security settings to keep your users, data and environment safe. While Google products are built secure by default, it is critical that admins also properly utilize and configure networks and systems to ensure security. Chromebooks have over 600 policies that admins can apply in Google Admin console to manage user access to apps and services. Google Workspace for Education provides the Advanced Protection Program (APP), which gives additional protection against targeted attacks, among many other security and privacy policies available to IT admins.

  • Updating and upgrading systems to ensure users are protected from the latest threats and ransomware attacks. Many schools and school districts, such as the Fairfield-Suisun school district in California, have switched over to Google tools due to their strong security and privacy protections. No ransomware attack has ever been reported on any ChromeOS device, as of August 2023.

  • Using real-time alerting and monitoring systems to increase security posture and mitigate potential issues quickly. Google Workspace for Education administrators can use reports and audit logs (including the alert center) to identify security risks, analyze service usage, diagnose configuration problems, and keep students safe.

  • Training teachers, staff and students on how to use devices and productivity tools safely, how to recognize threats, and on best practices for file and data sharing. Many teachers and families have leveraged programs like Be Internet Awesome to teach kids the skills they need to stay safe and be responsible online, along with resources and features for digital wellbeing.

The K-12 Cybersecurity Guidebook aims to help protect schools' infrastructure, and help school officials and teachers securely use technology in their classrooms as they head back to school. We will continue to meet with educators and administrators around the country to learn about their cybersecurity challenges and identify ways Google can help.