Cyber Hygiene for the New School Year

As your district welcomes students and staff back to campus, remember that cybercriminals often take advantage of new accounts, devices, and users flooding the network. In fact, cyberattacks targeting K–12 schools surge at the end of summer and the beginning of the school year, according to the 2025 Internet Security Report.

Key Cyber Hygiene Practices

Use this opportunity to reinforce districtwide cyber hygiene practices that protect sensitive data and daily operations.

• Require Password Resets: Enforce annual password updates for all users according to your district’s policy.
• Verify Multi-Factor Authentication (MFA): Confirm MFA is enabled for staff access to critical systems.
• Train for Phishing Awareness: Host quick refreshers or simulations to help staff spot red flags.
• Audit System Access: Remove inactive accounts—especially for former employees or contractors.
• Check Endpoint Protections: Confirm antivirus, firewall, and mobile device security are current and deployed.
• Review Vendor Access: Limit third-party access to necessary systems and data.
• Level Up Your Plan and Policies: Review your cybersecurity policies against the Texas Department of Information Resources guidance for public entities and ensure cyber incident response plans are updated in compliance with Texas Education Code §37.108.

Fostering a Cybersecurity Culture

The new school year is the perfect time to create a culture in which employees understand that cybersecurity is a shared responsibility. Empower your team to protect the district’s digital assets through awareness, vigilance, and leadership