K-12 vendors are key components in all aspects of K-12 education. From operational needs such as attendance and payroll to learning applications for reading, science, and mathematics, vendors ensure school districts operate as efficiently and effectively as possible.

But K-12 vendors are also one of the greatest single sources of cybersecurity vulnerability for schools and districts. The U.S. Government Accountability Office asserted that “cyberattacks carried out directly against edtech vendors […] tend to have an especially severe impact on K-12 because they affect a large swath of students across multiple school districts at the same time.”

In fact, K12 SIX’s annual report asserted that 55 percent of reported school data breaches in 2021 were connected to incidents originating from district vendors.

How can you stay safe? Here are three ways you can better ensure your K-12 vendor selection leads to increased results rather than decreased cybersecurity.

1. Show Me Your Bona Fides

Is your vendor FERPA certified? The Family Educational Rights and Privacy Act is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

What about COPPA certification? The Children’s Online Privacy Protection Act places requirements on operators of websites or online services directed to children under 13 years of age, as well as requirements on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Related:
4 ways to avoid cybersecurity snake oil
How digital equity enhances cybersecurity in schools