Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register nowarrow_forward

menu

Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register now

arrow_forward

language

Products

arrow_drop_down

Solutions

arrow_drop_down

Resources

arrow_drop_down

Diligent AI

Request a demo

Governance

Risk

Compliance

Audit

Diligent Boards

Automate meeting prep, secure sensitive data and give directors the clarity to make the best decisions.

BoardEffect

Secure, flexible board management software for nonprofits and higher education.

Community

Increase transparency, streamline governance and empower your school board or local government.

Diligent Market Intelligence

On-demand access to exclusive shareholder activism, executive compensation and ESG data.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Role

Use Cases

Company Type

Industries

General Counsel

Safeguard your organization with centralized oversight of governance, risk and compliance.

Corporate Secretary

Run governance flawlessly with AI tools that eliminate busywork and ensure audit-readiness.

Executive Assistant

Streamline board prep, communications and approvals with AI workflows for seamless meetings.

C-Suite

Accelerate decisions and inspire confidence with AI-powered reporting and real-time risk intelligence.

Directors & Trustees

Prepare faster, mitigate risk and make smarter decisions with purpose-built board tools.

Risk Manager

See enterprise risk in real time, act decisively, and deliver AI-powered insights.

Information Security

Unify IT risk, compliance and cyber oversight in one secure platform.

Compliance Officer

Turn regulatory obligations into clear, actionable metrics — proving compliance and ROI.

Internal Auditor

Connect audit management, analytics and monitoring in a secure, AI-powered hub.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Content Library

Case Studies

Virtual Summits

Events

Resources Hub

Discover all of Diligent's insights in one place. Stay ahead of trends with expert perspectives, exclusive research and information you won't find anywhere else.

MEDIA TYPE

Blog Guides Videos Podcasts Content Toolkits Research & Reports

BY TOPIC

Governance Risk & Audit Compliance AI & Cyber Public Sector Diligent Institute

FEATURED

Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC

5 proven cybersecurity practices school boards should adopt

August 24, 2023

•

5 min read

cybersecurity practices school boards should adopt

Jennifer Rose Hale

Former Client Partner, Texas Association of School Boards

Share:

School districts have not been immune to the increase in cyberattacks seen across the globe and in every industry. In fact, schools have become particular targets for a variety of reasons, including the amount and nature of the data they secure, and the perceived lack of resources dedicated to IT.

Consider the recent attack on the Los Angeles Unified School District, the second largest in the United States, that was disclosed in early 2023. In addition to Social Security and driver's license numbers, the ransomware attack revealed 2,000 student assessments and included psychological evaluations, medications and abuse and trauma history — all published to the dark web.

In addition to the harm done to individuals whose information is exposed, these cybercrimes have real costs to school districts, tangible and intangible, from ransomware fees to the costs of reparative work and the drop in community confidence.

Ransomware attacks are just one of many types of cyberthreats. A factsheet on school-related cybersecurity from the Readiness and Emergency Management for Schools Technical Assistance Center outlines the types of threats districts face, including:

data breaches
distributed denial of service or DDoS attacks
spoofing and phishing
malware and scareware
unpatched or outdated software vulnerabilities
removable media

Preventing cybercrime falls on everyone in a school district — not just the IT team, but administrators, staff, students and especially the school board.

The role of the school board in ensuring cybersecurity

School boards have a significant role to play in ensuring district cybersecurity and deterring crime. As the governing body of the district, the board is responsible for setting students up for success. They do this by setting policies for the district, including policies relating to decision-making over technology resources, use of technology tools and more, in schools and district offices.

School boards also model good cybersecurity habits. By using modern, secure digital tools and considering security in every decision, board members lead by example.

Emphasizing security also has an efficiency benefit for the board. When district resources are secure, the board can spend more time on issues that directly impact student success and less time on remediating attacks or lapses in data security and governance.

5 cybersecurity best practices boards should undertake now

Don’t wait until cybercrime hits close to home. Consider these practices now to protect your district, its business and your students.

1. Set smart security policies

Responsible use of technology resources falls on everyone, but it’s on school leadership to ensure these policies are reasonable, clear and enforced. The National Center for Education Statistics defines these types of technology policies:

Acceptable-use (or appropriate-use) policies
Restrictions on access to student records
Technology security policies
Policies regarding acceptance of commercial advertising on school websites
Policies regarding acquisition, maintenance or disposal of school equipment or applications
Policies regarding acceptance of donated equipment and software
Policies regarding community or after-school access to school or district technology resources

These policies should be regularly reviewed to ensure they still meet district needs. For example, how recently was your district’s responsible-use policy updated?

Districts also need policies that dictate what to do after an attempted or successful data breach. Some states, such as Texas, mandate parental notification, while California recently passed a law requiring schools to report any cyberattack affecting 500 or more students or staff regardless of whether a data breach occurred.

2. Ensure strategic budgeting for technology

Quality IT resources are never cheap, but the security, efficiency and peace of mind they offer are invaluable to education leaders. Investing in IT security also saves the resources districts will have to spend after a breach or other crime. District boards should follow smart strategies for IT budgeting that account for the tension between tight budgets and education priorities.

3. Use secure resources for board business and communication

While open meetings laws already limit many forms of informal communication between board members, trustees should additionally ensure that the tools they use are up to date, secure and designed for governance purposes — avoiding texting, emails and other vulnerable channels.

4. Ensure the entire leadership team is using tools consistently

Beyond avoiding informal, consumer-based tools for communication, the board should self-police to set the expectation that all members use the most secure tools consistently. Take file-sharing, for example. The use of an insecure platform for sharing documents among the board, staff and other audiences can lead to sensitive data exposure and loss and make the district vulnerable to attacks.

5. Listen to IT recommendations

Just as boards should invest in quality technology resources, boards should invest in the staff that manage district IT security — and then listen to them. Staff responsible for maintaining the quality of the IT infrastructure need support from the board in the form of policies but also in supporting recommendations around password protocols, software updates and more.

The role of board management software in cybersecurity

Modern board management software is an important defense districts can employ against cyberattacks. These tools serve as a nexus for board business, administrative workflows and communication. A secure, regularly updated platform that encrypts digital records, such as Diligent Community, reduces risk of data exposure or loss.

Boards should look at platforms with these features:

Secure data hosting through a top-tier cloud provider
Ensured data availability through storage redundancies and recovery
Audits that encompass login history and application-level document-sharing audit trials available upon request
Robust access controls and in-app role-based security allowing different levels of privacy

Final tips for good cybersecurity

School boards and their districts are increasingly targeted by cybercriminals, but they aren’t alone in managing the risk. Boards can start to address issues by creating a cybersecurity framework for their districts.

Everyone in the district should care about good cybersecurity, and boards should expect no less in their technology partners. Diligent understands the concerns board members have around protecting their data, and Diligent Community is built to encrypt and secure school board business against cyber risk.