Myth 1: AI can fully automate cybersecurity in schools.
While AI can help detect and remediate unusual events, a human is needed to view each event in context and decide on next steps that align with district policy, according to Emily Dillard, director of instructional technology at Alexandria City Public Schools in Washington, D.C.
“You need to assess the impacts [of cybersecurity actions] on privacy, on discipline and also on learning,” Dillard said. “If you’re using AI for cybersecurity and something is flagged that shouldn’t be flagged, or it’s denying that service, then you’re potentially losing instructional time.”
Myth 2: Cloud vendors can handle all aspects of district data security and compliance.
Elizabeth Hoover, chief technology officer at Alexandria City Public Schools, said cloud vendors can help when it comes to data storage and management, but districts are ultimately responsible for the protection of sensitive staff and student information. She said school leaders must view such data as part of the district’s infrastructure and assign personnel to manage it specifically.
A recent CoSN report found that nearly three quarters of ed-tech leaders in the U.S. who oversee data privacy for their district don't have that task in their job description. Hoover said that “without defined roles, data risks multiply.”
Myth 3: It’s safe for teachers to freely choose which apps to use.
Allowing teachers to pick and choose which apps they use in class can lead to cybersecurity issues, because some apps don’t protect student data, according to Shaun Creighton, director of instructional technology for Chandler Unified School District in Arizona. He said that certain apps may not be compatible with the school network or curriculum standards, either.
To prevent such issues, Creighton said his district requires teachers to fill out a request form and receive approval before they can use a new app in their class. He added that it’s helpful to educate staff about the potential problems associated with bad apps, so they have more patience for the time it takes to vet their requests.
“Anybody have someone apply for an app on Friday and then call on Monday and ask why it’s not ready for use?” Creighton asked. “We’re trying to level-set a little bit and refine that, so that we can have the time we need to do the deep dives. Sometimes we have to reach out to vendors multiple times to get that clarification on 'what does that clause or this clause mean,' and that takes time.”
Myth 4: Student accounts aren’t a real cybersecurity risk for schools.
Student accounts are an underestimated cybersecurity concern, according to Devyn Lackner, marketing manager for Clever, a software company that offers login services for K-12 schools. She said 25 percent of school districts reported an increase in cyber attacks on student accounts in the company's "Cybersecure 2025 Report."
“These are just another component of the attack surface that should really be thoughtfully considered and protected,” Lackner said. “I think the starting point is education. We need to be extending our cybersecurity awareness and digital advocacy training on down to our students, because we need to be preparing them for the future they will be facing, and that they're a part of right now.”
Myth 5: MFA is too difficult to roll out to students.
In response to an uptick in cyber incidents associated with student accounts, Jeremy Sullivan, director of technology and innovation for North Kitsap Public Schools in Washington state, said his district chose to implement Clever MFA for all students, kindergarten through high school. He said the district has not had a single compromised student account since the program launched at the start of this school year.
Prior to using MFA, Sullivan said student accounts had a common username setup and formulaic passwords, which created phishing vulnerabilities and allowed students to guess their way into each other’s accounts. With Clever, he said, students switched to choosing two pictures instead of one password to verify their accounts.
To set up the student MFA program without burdening teachers, Sullivan said he and his team built slides for the first day of school and recorded video tutorials of an elementary and secondary student each putting MFA on their accounts.
“It was one of those things to try to make sure we could pre-emptively counter some of the resistance that we knew [lay] ahead,” he said. “These two kids did it the very first time with me just saying, ‘Click here. Choose two pictures.’”
