Creating A Comprehensive Cybersecurity Plan For Schools

Cybersecurity plan
(Image credit: Getty Images)

Shad McGaha, Chief Technology Office for Belton ISD in Texas, has a simple principle that guides the work that he and his technology staff do in the district. 

“Anything affecting education in our classrooms takes top priority,” he says. This mantra served as McGaha’s north star as he implemented a district-wide cybersecurity plan that includes regular staff training and more secure storage solutions. For this and other efforts, McGaha was recently honored with an Innovative CTO Award as part of Tech & Learning’s Innovative Leader Awards during the Regional Leadership Summit in Baltimore.

McGaha was drawn to education due to a longtime love of working with kids. “From my early days as a camp counselor to volunteering at Sunday school, I found joy in helping young minds grow,” he says. “During college, I landed a job at the afterschool program in my local YMCA, where I continued to learn and contribute. While I knew teaching wasn’t my calling, I discovered another passion: technology. Computers, networks, and electronics fascinated me. So, I pursued a degree in Business Computer Information Systems. After graduating, my first role was as a desktop technician at a local school. Over time, I climbed the ladder.” 

He adds, “What brings me the greatest fulfillment is knowing that our daily work directly impacts the teachers and students in our district.” 

Below McGaha shares the strategies that have made Belton ISD’s district-wide cybersecurity plan so successful. 

Building a Comprehensive Cybersecurity Plan for Schools: Phishing Awareness Campaigns and Staff Training 

A headshot of Shad McGaha he is wearing a dress shirt and tie.

(Image credit: Shad McGaha)

One of McGaha's first initiatives focused on threat identification. “We implemented regular phishing awareness campaigns to educate all staff members about recognizing and avoiding phishing attempts,” McGaha says. “Additionally, comprehensive training sessions were conducted to enhance their cybersecurity awareness.” 

Rather than being one and done, these efforts are ongoing. “We prioritize continuous education and training by conducting workshops, webinars, and awareness campaigns for staff, students, and parents,” he says. “Robust password policies encourage strong, unique passwords and multifactor authentication. Regularly applying security patches keeps our systems up-to-date.” 

Staffing Study, Incident Response Plan, and More 

Early in the process, McGaha conducted a thorough staffing study to assess the adequacy of the current network staff. “This analysis helped identify any gaps or areas for improvement in our cybersecurity team,” he says. 

He then collaborated with that team to develop a detailed incident response plan that outlines clear procedures for handling security incidents promptly and effectively. He also looked beyond the district for additional support.

“We engaged a consultant who worked closely with us to create a comprehensive cybersecurity plan. This plan addresses risk management, threat mitigation, and proactive measures,” McGaha says. 

Secure Data Storage

McGaha and his team recognized the need to replace outdated backup hardware and software. “As part of our upgrade, we invested in Dell hardware, known for its reliability and performance,” he says. “Our choice for backup software fell on Rubrik, a robust solution that offers efficient data protection and management. Rubrik not only streamlines backups but also provides seamless integration with cloud storage.”

This integrated approach adds an extra layer of protection. “By combining these upgrades, we’ve significantly bolstered our storage system’s security, ensuring data integrity and availability,” he says. 

Data Privacy Agreement Standardization 

Data privacy is increasingly important given how many learning apps are used. McGaha’s cybersecurity plan recognizes this. 

“We established a standard data privacy agreement for all software used within our district. This ensures that privacy and data protection are prioritized consistently across applications and platforms,” he says. 

In addition, the district established a software vetting committee responsible for examining any new software proposed for use within the district. “This process ensures that only secure and reliable tools are adopted,” McGaha says. 

More On This Vetting Process for New Tools 

The process of vetting new technology is comprehensive. “First, we conduct a needs assessment to understand specific educational goals and challenges,” McGaha says. “Next, we meticulously research and evaluate potential solutions, considering factors like functionality, ease of use, and support. Security and data privacy are top priorities, ensuring compliance with relevant regulations.” 

Once a tool passes through this phase, the district pilots the technology with features, gathering feedback on usability and impact. “Finally, we carefully weigh the costs and benefits, assessing the technology’s long-term viability,” McGaha says. “Establishing a feedback loop ensures continuous improvement, enhancing teaching and learning experiences.” 

Erik Ofgang

Erik Ofgang is Tech & Learning's senior staff writer. A journalist, author and educator, his work has appeared in the Washington Post, The Atlantic, and Associated Press. He currently teaches at Western Connecticut State University’s MFA program. While a staff writer at Connecticut Magazine he won a Society of Professional Journalism Award for his education reporting. He is interested in how humans learn and how technology can make that more effective.