It looked like a typical email: a note from a former student asking a teacher for help with a Spanish assignment.

But “the teacher opened it and clicked on the link, and we had a malware infection spreading across our machines,” recalls Keith Bockwoldt, CIO at Hinsdale Township High School District 86 in Illinois. 

This happened in early 2019, just two months after Bockwoldt joined the district’s technology services department. He’d hardly had time to get to know his colleagues, he says, and here he was, “playing whack-a-mole,” doing everything possible to crush malware called Emotet.

It was “polymorphic, so every time we’d try to delete it, it would just recreate itself,” says Bockwoldt, who heads a 13-person department.

Bockwoldt is one of a growing number of K–12 IT professionals who say the time is ripe to revamp their cybersecurity practices. 

Overall, more than two-thirds of school district educational technology leaders say data privacy and security are more important than ever, according to a recent national survey by the Consortium for School Networking. That’s true for more than 100 percent of those in districts with at least 50,000 students. They’re driven by reports of ransomware and phishing attacks that have cost some districts hundreds of thousands of dollars, but they’re also focused on complying with state and federal data privacy laws requiring schools to safeguard student records. 

“I think what we’re seeing today is better awareness of what their responsibilities are,” CoSN Project Director Linnette Attai says. Protecting student data has always been a priority for school systems, she notes, but “now, with all the tech that’s in K–12 classrooms, we’re starting to see districts upping their game.”