With cybersecurity a top concern of K-12 technology leaders, it’s critical to stay informed about the latest threats, current challenges, and best practices. Hearing insights and advice from K-12 experts who focus on leading cybersecurity efforts to best protect student, staff, and school data is a major step districts can take to bolster their data security practices.
In this Q&A with Keith Krueger, CEO of the Consortium for School Networking (CoSN), and Mishka McCowan, PowerSchool Chief Information Security Officer, learn about top and emerging cybersecurity threats, what you can do to protect data, and insights you can use to prepare their organizations and communities to prevent cybersecurity threats.
Krueger’s organization, CoSN, is a nonprofit organization that serves as the voice of K-12 school system technology leaders in North America. CoSN’s mission is empowering educational leaders to leverage technology to realize engaging learning environments. The organization offers tools and resources that provide insight into how risk can be further reduced in ways that help technology leaders contribute to their schools’ primary goals of teaching and learning.
Question 1: How have K–12 cybersecurity and data privacy challenges evolved over the past 3–5 years?
Keith Krueger:
“In just a few years, cybersecurity has gone from an IT issue to a top concern for district leaders. Attacks have become more frequent and sophisticated. What used to be basic phishing is now full-scale ransomware that can shut down entire districts. At the same time, schools are using more digital tools and cloud-based systems, which means there’s more student, staff, and organizational data to protect. But many districts don’t have the training or resources to keep up. That’s why strong planning and support are more important than ever.”
“In just a few years, cybersecurity has gone from an IT issue to a top concern for district leaders.” -Keith Krueger
Mishka McCowan:
“From a vendor’s perspective, the threats facing schools have gotten more targeted and complex. Hackers know where schools are vulnerable—like outdated systems, limited IT staff, and third-party tools that all connect. A single breach can now ripple across everything. That’s why we prioritize secure-by-design for all our software, real-time alerts, and better visibility into data systems—so schools can stay focused on personalizing learning and helping students succeed, not just keeping the lights on.”
Question 2: What are the biggest barriers preventing school districts from improving their cybersecurity posture today—funding, staffing, training, or something else?
Keith Krueger:
“It’s all of the above—but funding is definitely a significant hurdle. E-rate has helped with broadband, but it hasn’t kept up with the cybersecurity needs schools face today. Most districts can’t afford full-time cybersecurity staff or consistent training. And because E-rate doesn’t fully cover cybersecurity tools or services, schools are left patching things together. We need updated policies and better support so districts aren’t stuck fighting modern threats with outdated resources. CoSN provides resources on our E-rate program advocacy and policy work, as well as other critical issues at national and state levels, on our Advocacy and Policy page. ”
Mishka McCowan:
“Staffing is one of the biggest challenges schools and districts face. Most districts don’t have a full-time cybersecurity expert, and some don’t have even one. Even when tools are available, staff are stretched too thin to use them effectively. Schools are expected to manage enterprise-level security on tight budgets, and that’s just not realistic. That’s why we’re focused on offering secure, easy-to-use tools and managed services that help fill the gap—without needing a full security team.”
Question 3: How can district leaders talk to school boards and communities about the importance (and cost) of cybersecurity in a way that leads to meaningful investment?
Keith Krueger:
“District leaders should frame cybersecurity as a student safety issue—not just an IT concern. Just like we invest in physical security like secure entrances or cameras, we need to protect student data and learning time. When boards hear about cybersecurity in terms of risk and impact—not just tech—they understand it’s about continuity, trust, and financial protection. Real-world examples of breaches can help make the case for stronger, proactive investment across the whole district.
“Other efforts anyone can do is to use this simple form on our website to send a letter to your members of Congress to urge them to restore funding for crucial cybersecurity investments.”
Mishka McCowan:
“Talk about cybersecurity in terms of risk and resilience. What would it cost if systems went down for a week or if student data got leaked? Use real examples to show how breaches disrupt learning and operations, and how prevention costs far less than cleanup. It helps to frame cybersecurity like digital insurance: it protects what matters most. When boards see it as essential to keeping schools running, not just an IT line item, it becomes a smart, necessary investment.”
Question 4: What’s one K–12 cybersecurity myth you’d like to debunk for educators leaders?
Keith Krueger:
“There’s a myth that small districts aren’t targets. But smaller schools, charter schools, and districts actually get hit often because attackers assume they’re easier to breach. Cybercriminals go after the vulnerable, not just the high-value. Every district, no matter the size, needs a solid cybersecurity strategy and partners who can help put it in place securely. Size shouldn’t determine how protected your schools and students are.”
Mishka McCowan:
“Cybersecurity isn’t just an IT issue—it’s a leadership, policy, and culture issue too. Everyone in a school, from the superintendent and classroom teachers to students and parents, plays a part. It’s not just about firewalls; it’s about everyday choices people make. A single click can open the door to a breach, or stop one in its tracks. That’s why building a culture of awareness and shared responsibility is just as important as having the right tech tools in place.”
Question 5: Why do you feel it’s important for CoSN to partner with edtech companies like PowerSchool—and how does that benefit schools and districts?
Keith Krueger:
“Partnerships with edtech companies or providers help bridge the gap between policy and practice. We’re stronger when we work together—bringing real-world insights to district leaders and making sure the tools being built actually meet their needs. Whether it’s around cybersecurity, data privacy, or interoperability, these collaborations help us push for smarter policies and better outcomes for students. It’s all about turning shared goals into real progress.”
Mishka McCowan:
“Partnerships with groups like CoSN help ensure we’re building edtech tools that aren’t just innovative—they’re practical, secure, and aligned with what districts actually need. It’s a two-way street: we bring our technical expertise, and we listen to educators and leaders on the ground. CoSN’s policy insights and close work with K-12 districts help shape solutions that truly make a difference where it matters most—in classrooms and communities. PowerSchool signed CISA’s K-12 Education Technology Secure by Design Pledge, and adheres to compliance initiative and regulations like the Family Educational Rights and Privacy Act Regulations (FERPA), General Data Protection Regulation (GDPR), Children’s Online Privacy Protection Act, Breach Laws, Data Residency Laws, Digital Million Copywrite Act (DMCA), and the Sarbanes-Oxley Act.”
Keys to cybersecurity success: clear policies and trusted partners
As cybersecurity threats grow more advanced, schools of every size need strong strategies, clear policies, and trusted partners. This conversation with CoSN and PowerSchool leaders shows how collaboration between education leaders and edtech experts is key to staying ahead.
CoSN and PowerSchool believe firmly that safely collecting and managing student data is essential to student success in the digital classroom.
By framing cybersecurity as a student safety and operational priority, we can build a culture of shared responsibility—and ensure every district has the tools and support to protect what matters most.
Published on June 10th, 2025
CoSN is grateful for this conversation with PowerSchool.
CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.
