Cybersecurity best practices for K-12 schools

Earlier this year, we joined private sector and government cybersecurity leaders at the White House for the “Back to School Safely: Cybersecurity for K-12 Schools” event. There, we shared a K-12 Cybersecurity Guidebook that includes best practices to help school IT administrators prepare to return to school safely.

For Cybersecurity Awareness Month, we’re sharing a few highlights from the guide — now available in more than 20 languages — plus other helpful resources. Admins can also sign up for our Safer Digital Learning event on October 25, where we’ll demo more of the guide’s security features and best practices to keep schools safe from cybersecurity threats.

The importance of cybersecurity tools for schools

Educational institutions are top targets for cyberattacks, with bad actors looking to exploit schools for their own profit. Forty-six percent of schools which have yet to be targeted believe they’ll eventually be attacked.

We’re committed to helping schools keep data secure and digital learning environments safe. Our education products, like Google Workspace for Education and Chromebooks, can improve schools’ cybersecurity and make it easy to implement the recommendations in our guidebook.

With Google Workspace for Education, admins can get a complete view into security with notifications, alerts and actions in the alert center. They can also manage access to tools with two-factor authentication, single sign-on and password management, set their own data rules and policies with data loss prevention.

Meanwhile, Chromebooks are highly secure, scalable and easy to use thanks to their built-in security features. In fact, there has never been a reported ransomware attack on any business, school or consumer ChromeOS device. And they help protect schools from evolving threats with 10 years of automatic software updates.

Our guidebook for schools

The K-12 Cybersecurity Guidebook includes cybersecurity best practices from leading experts at Google, plus specific recommendations about how to make the most of Chromebooks and Google Workspace for Education tools. Here are a few quick tips from the guidebook:

• Use secure authentication to keep sensitive information safe, protect emails, files and other content, and prevent unauthorized users from accessing education systems. Single Sign On (SSO), password managers and 2-step verification are built into our products to help keep users safe online.
• Apply appropriate security settings to keep users, data and environment safe. While Google products are built secure by default, it’s critical admins also properly use and configure networks and systems to ensure security. Chromebooks have more than 600 policies admins can apply in Google Admin console to manage user access to apps and services. And Google Workspace for Education provides the Advanced Protection Program (APP), which gives additional protection against targeted attacks, as well as many other security and privacy policies IT admins can put in place.
• Update and upgrade your systems to ensure users are protected from the latest threats. Upgrading to Chromebooks can increase security. As of August 2023, no ransomware attack has ever been reported on any ChromeOS device, ever. Many schools, such as the Fairfield-Suisun school district in California, have switched over to Google tools due to their strong security and privacy protections.
• Use real-time alerting and monitoring systems to increase your security posture and mitigate potential issues quickly. Google Workspace for Education administrators can use reports and audit logs (including the alert center) to identify security risks, analyze service usage, diagnose configuration problems and keep students safe.
• Train teachers, staff and students on how to use devices and productivity tools safely, how to recognize threats, and on best practices for file and data sharing. Teachers and families can take advantage of programs like Be Internet Awesome to teach kids the skills they need to stay safe and be responsible online, and to manage digital wellbeing.

In addition to the guide, check out our new one-pagers on cybersecurity and authentication, and find more information on our website and FAQs. And for parents and guardians looking for more information on the privacy and security of our tools for schools, read through the Guardian’s Guide.