K-12 Cybersecurity Insider | 12/1/2025 edition
A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.
Mark Your Calendar
12/9 - AI Cyber Espionage Campaign Briefing - featuring CISO, Anthropic (member-only)
12/11 - Monthly Cross-Sector Threat Briefing (member-only)
12/17 - K12 SIX Monthly Membership Meeting (member-only)
In the News
Pre-Thanksgiving Cyber Incident Closes NC School District
Attacked over the weekend prior to Thanksgiving, Jackson County (NC) Public Schools closed their district for holiday break early to facilitate remediation and recovery. In so doing, IT staff cancelled vacations and worked overtime to shut down their entire network, including internet, Wi-Fi, phones, camera/door access systems, and all other network services. While the incident was more severe than originally believed, at this time district officials do not believe any sensitive data is at risk. Rather, they believe they were affected by a DDoS attack - for which they were not even the intended target.
US Policy Response to K-12 Cyber Incidents Lagging
While some K-12 edtech experts are downright pessimistic about the lessons we’ve learned and changes we’ve implemented to shore up K-12 cybersecurity post-PowerSchool cyber incident, strikingly our neighbors to the north are taking a different approach. Case in point: a blog post entitled “Use of edtech in schools: Children should not have to swap their privacy for an education” by Patricia Kosseim, Information and Privacy Commissioner of Ontario, which details several streams of work happening in Canada. For K-12 cybersecurity advocates, there is much to like in her description of actions and recommendations. Meanwhile, in the US, what focus there is remains on penalizing PowerSchool for yesterday’s behavior instead of taking the steps necessary to preventing future incidents. Make it make sense.
Hacking + Folklore = Hacklore (and it’s not good, folks)
Don’t believe everything you read. Turns out that a lot of cybersecurity advice being peddled to everyday users is actually…wrong. Bob Lord, who may be remembered for his time at CISA spearheading their Secure by Design initiative (alongside Lauren Zabierek and Jack Cable), is the force behind a new site, entitled ‘Stop Hacklore!’ Importantly, the site not only debunks unhelpful security advice but calls out specific security practices that actually work, like installing security patches, MFA, long passphrases, and password managers. Don’t trust, Bob? Nearly a hundred other prominent CISOs have endorsed the effort so far.
4th Annual National K-12 Cybersecurity Leadership Conference (Feb 2026)
Hosted by the K12 Security Information eXchange (K12 SIX), the 2026 National K-12 Cybersecurity Leadership Conference is a unique event designed to identify and share solutions and best practices to better defend the K-12 education sector from emerging cybersecurity threats, such as ransomware and data breaches. The fourth annual conference will be held February 24-26, 2026 in Albuquerque, New Mexico. Named a “top K-12 conference to attend in 2026” by K-12 Dive.
Members Get More
The K12 Security Information eXchange (K12 SIX) operates as the independent, non-profit information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Founded in 2020, organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.