On June 10, 2019, Senate Bill 820 was signed into law by Governor Greg Abbott. This law requires that all Texas school districts adopt a cybersecurity policy.
The new law is in response to the rise in K-12 cybersecurity incidents.
According to a recent report from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, cybersecurity incidents rose by 18 percent in 2020. Among the incidents included data breaches, phishing attacks, ransomware, and denial-of-service attacks.
As part of the new cybersecurity policies, school districts must implement new security measures, designate a security coordinator, and devise a plan for reporting breaches of personally identifiable student data. Senate Bill 820 lays out the framework for each.
The primary purpose of Senate Bill 820 is to prompt school districts to implement new security measures designed to protect against cybersecurity attacks and breaches.
K-12 schools have prepared for many challenging threats over the years, including natural and biological hazards. New on their list of things to safeguard against are cybersecurity threats.
In addition to the provisions in Senate Bill 820, a separate piece of legislation requires state and local government employees to complete a certified cybersecurity training program once a year.
House Bill 3834 tasks the Texas Department of Information Resources (DIR) to certify at least five cybersecurity training programs that meet the prerequisites spelled out in HB 3834.
Appointing a security coordinator is an important provision within Senate Bill 820.
The security coordinator plays a crucial role in managing a K-12 school district’s cybersecurity policy. They are responsible for reporting any cyberattack against the school district’s cyberinfrastructure.
To meet Texas Education Agency guidelines for a reportable offense, cyberattacks must breach system security or compromise the personal information of students or staff.
Before Senate Bill 820 was signed into law, there was no reliable way for Texas policymakers and education administrators to determine the frequency and scope of cybersecurity attacks and data breaches among K-12 schools.
There are several steps K-12 school districts can take to protect against cyber threats. Likewise, there are ways to mitigate the effects of cyberattacks and promote a quicker recovery if protective measures fail.
Adopting a cybersecurity policy that identifies risks and provides a clear roadmap for handling them is a requirement of the new law.
Here are steps for effectively identifying cybersecurity threats:
Related Article
Planning Safe and Effective Technology Solutions for Your Schools
Data breaches that involve personally identifiable information about students must be reported immediately to the Texas Department of Information Resources (DIR).
School districts that need to report an urgent cybersecurity incident can call the Cybersecurity Incident Response and Assistance hotline at 877-347-2476.
CTSI has a cybersecurity training and solution platform that meets the requirements laid out in Senate Bill 820.
For the second consecutive year, CTSI's cybersecurity training program has been certified by the Texas Department of Information Resources, which means they recognize our training program as eligible to meet the requirements in both SB 820 and HB 3834.
K-12 school districts can rely on our continuous monitoring, security expertise, end-user training, and compliance support to fulfill all new law requirements.