Staff Training Gaps Highlighted

Schools are adding more classroom and security technology than many staff are trained to use. Federal and state guidance now puts training alongside tools like multi-factor authentication and backups as a basic control, not an extra. (ed.gov) (cisa.gov) The U.S. Department of Education said last month that school districts are experiencing an average of five cyber incidents a week. Its guidance points districts to training resources as part of cybersecurity risk mitigation for daily school operations. (ed.gov) The Cybersecurity and Infrastructure Security Agency’s January 2023 K-12 report tells school leaders to start with six steps: multi-factor authentication, patching, tested backups, limiting common attack paths, incident response plans, and “a training and awareness campaign at all levels.” The same report says schools adopted new networked systems rapidly during the pandemic, which widened exposure to mistakes and attacks. (cisa.gov) District technology leaders say the workload keeps growing. CoSN’s 2024 State of EdTech District Leadership Report said 99% of districts are taking steps to improve cybersecurity, while district tech teams are also absorbing systems such as heating, phone, and physical security that now run on school networks. (cosn.org) CoSN’s staffing guidance says cybersecurity in K-12 is not a job for one specialist alone. It calls for focused cyber roles where possible, cyber duties in existing technology jobs, outside managed services, and a “culture of cybersecurity” across the whole school system. (cosn.org) That pressure lands on districts as attacks keep getting costlier. A CoSN policy report published in January 2025 said 491 ransomware attacks hit 8,054 schools and colleges from 2018 through 2023, with average downtime of 12.6 days and average ransom demands just under $1.4 million per incident. (cosn.org) Teacher training follows the same pattern. The Department of Education’s professional development page, updated February 26, 2026, says teacher development is core support work, and a widely cited Learning Policy Institute review found effective professional development is sustained, collaborative, classroom-linked, and tied to specific curriculum and instruction. (ed.gov) (eric.ed.gov) Some states are now paying for both the tools and the implementation help. The Texas Education Agency said its K-12 Cybersecurity Initiative, launched in 2023, received another $42 million for fiscal years 2026 and 2027 and pairs funded controls with regional practitioners who help school systems put them in place. (tea.texas.gov) The throughline is simple: schools can buy software in a budget cycle, but safe use depends on repeated practice by teachers, technicians, and administrators. In K-12, the gap between adoption and training is now showing up as weak implementation in classrooms and preventable risk on school networks. (cisa.gov) (cosn.org)