School leaders should build federal, state, and local partnerships as they redouble efforts to protect their systems from cyberattacks, Los Angeles Schools Superintendent Alberto Carvalho counseled in remarks at the recent K-12 cyber security summit at the White House.

Carvalho recounted how his district – second largest in the country – coped with a ransomware attack that exposed 2,000 student records at the start of the 2022-2023 school year and offered lessons learned from that experience.

The schools chief warned that “the vast majority” of penetrations occur “because somebody left the back door open” and urged districts to use such methods as multiple factor authentication, constant password updates, and tighter protocols related to data, according to the Los Angeles Daily News.

Last school year at least eight K-12 districts nationwide experienced significant cyberattacks, with four districts having to cancel classes and sensitive personal information on students and staff being exposed, according to a White House news release. The cybersecurity firm Emsisoft has tallied ransomware attacks on at least 48 districts this year – more than all of 2022.

U.S. Secretary of Education Miguel Cardona said his department is setting up a government coordinating council to keep education agencies and districts current on cyber security trends and threats. The department recently released three K-12 digital infrastructure briefs advising schools about how to strengthen security.

“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” Cardona said, as quoted in the Daily News.

Carvalho expressed enthusiasm for the federal initiatives and the prospect of “all parties rallying around policy, practice, information, knowledge, and financial support for cybersecurity.”

At the same time, he advised fellow school leaders to prepare for the worst.

“Have that Rolodex ready to call an individual who can help you manage a crisis, a situation that you yourself alone cannot manage,” the superintendent said, according to the K-12Dive website. “You do not have the tools or the intelligence federal agencies [have], and they can deliver big time very, very quickly.”

First Lady Jill Biden, herself a teacher, opened the event, telling participants, “If we want to safeguard our students’ futures, we must protect their personal data.”

In a conference call with reporters, Cindy Marten, deputy education secretary, stressed the key point of the summit.

“Schools must protect sensitive student data, prevent cyberattacks, and ensure that digital learning resources remain accessible and also secure,” said Marten, former superintendent in San Diego. “It’s crystal clear: we must take cyberattacks on our schools just as seriously as we take physical attacks on critical infrastructure.”