ETHS leaders present comprehensive cybersecurity defense plan to school board

The Evanston Township High School District 202 Board convened on April 7, 2025, to discuss critical updates regarding cybersecurity measures within the district. The meeting featured presentations from Chief Technology Officer Mike Corcoran and Network Services Manager Jeff Oldhouse, who outlined the district's ongoing efforts to enhance its cybersecurity defense plan.

Corcoran opened the discussion by emphasizing the increasing reliance on IT services within the district and the associated vulnerabilities. He noted recent high-profile data breaches in the education sector, highlighting the importance of robust cybersecurity measures to protect sensitive student information. Corcoran mentioned that three years ago, he tasked Oldhouse with developing a new student information system to bolster data security.

The presentation detailed the connection between cybersecurity and the district's core goals, particularly student well-being and fiscal accountability. Corcoran explained that a secure digital environment is essential for fostering a safe learning atmosphere, which in turn supports students' emotional and social growth.

Oldhouse provided an overview of common cyber threats faced by educational institutions, including phishing, malware, and ransomware attacks. He reported that K-12 schools experienced a significant increase in ransomware incidents, with the education sector being the most targeted industry in recent years. The statistics revealed that in 2023, public education institutions paid an average ransom of $7.5 million due to successful attacks.

To combat these threats, the district has implemented a layered defense strategy. Oldhouse outlined various security controls, including email security measures, internal network monitoring, and external firewall protections. He emphasized the importance of multi-factor authentication for staff accessing sensitive data and detailed the district's backup and recovery protocols to ensure data integrity.

The meeting concluded with a discussion on phishing controls, where Oldhouse explained the district's proactive approach to training staff on recognizing phishing attempts. This includes simulated phishing campaigns to test staff awareness and reinforce cybersecurity practices.

Overall, the board meeting underscored the district's commitment to enhancing cybersecurity measures to protect student data and maintain a secure educational environment. The administration plans to continue investing in technology and security infrastructure to address the evolving landscape of cyber threats.