Skip to main content
K-12 & Higher Education Cybersecurity Training

Cybersecurity training built for educators in the post-LAUSD era.

After Los Angeles Unified School District (Vice Society ransomware, 500GB exfiltrated), Minneapolis Public Schools (Medusa, 92GB of student records publicly leaked), and San Diego Unified (500,000 accounts compromised), the CISA + FBI + MS-ISAC issued a joint advisory naming K-12 among the most-targeted sectors in the U.S. Live expert training that addresses payroll phishing, student impersonation scams, and ransomware response for IT and district leadership. Direct Calendly booking. From $150.

Book Executive Session → $150 — Personal Session
500GB LAUSD data exfiltrated by Vice Society
#3 K-12 ranked by ransomware attack volume (MS-ISAC)
92GB Minneapolis student records leaked publicly
Why Education Is a Prime Target

Student PII, lean IT teams, and institutional pressure to pay — the ransomware economics of K-12.

School districts hold exceptional volumes of sensitive data: student Social Security numbers, Special Education records (some of the most legally-protected data in federal law), medical records, disciplinary histories, financial aid information, and family contact details. A single district breach can expose records on thousands of minors — data that remains exploitable for decades.

The economics favor attackers. Underfunded IT departments — often one or two staff managing hundreds of devices and dozens of legacy systems — face the same threat actors targeting enterprise networks with a fraction of the security budget. The pressure to restore operations quickly (to avoid disrupting student learning) means districts are more likely to pay ransoms than similarly-sized private organizations.

The LAUSD breach illustrated the full attack chain. Vice Society gained initial access through a compromised staff credential, moved laterally across the network for months, exfiltrated 500GB of sensitive data including contractor financials, health and disciplinary records, and Social Security numbers, and then deployed ransomware. The initial compromise was a phishing email.

Minneapolis Public Schools demonstrated what happens when a district refuses to pay a $1M ransom: Medusa publicly posted 92GB of files including student records, staff HR data, and district financial documents. Both outcomes — paying and not paying — are catastrophic. The only winning play is preventing the initial access.

  • Los Angeles Unified School District (Sep 2022) Vice Society ransomware. 500GB exfiltrated including contractor SSNs, disciplinary and health records, and financial data. Second-largest school district in the U.S. CISA + FBI joint advisory issued. District refused to pay.
  • Minneapolis Public Schools (Feb–Mar 2023) Medusa ransomware. 92GB of student records, HR data, and financial documents publicly leaked after district refused $1M ransom. Data included students' educational records, abuse allegations, and Special Education files.
  • Prince George's County Public Schools, MD (2020) Ransomware attack during remote learning transition. Approximately 4,500 staff and student accounts compromised. Disrupted virtual instruction for thousands of students. Attackers exploited pandemic-era rapid cloud adoption.
  • San Diego Unified School District (Nov 2018) Phishing campaign compromised staff accounts over 11 months before detection. 500,000 student and staff records exposed including SSNs, medical information, and passwords. Ongoing notification process under California law.

The CISA + FBI + MS-ISAC joint K-12 advisory identified phishing of staff credentials as the #1 initial access vector across all documented K-12 ransomware incidents. Every breach above began with a compromised staff account — not a zero-day vulnerability.

Training Modules

3 drills built for the K-12 threat landscape.

Not generic awareness videos. Scenarios drawn from the actual attack patterns documented in CISA's K-12 advisories — payroll and HR phishing, student and parent impersonation, and ransomware response for school leadership. These are the attacks that hit LAUSD, Minneapolis, and San Diego.

Drill 01
📧

Staff Payroll & HR Phishing Simulation

The most common initial access vector in K-12 breaches: a phishing email targeting a district employee with payroll rerouting, IT credential reset requests, or fake HR portals. Staff members who handle financial processes, HR functions, or IT accounts are the highest-risk targets. This drill trains the staff who are most likely to be targeted — and the verification behaviors that stop the attack before it reaches the network.

  • Payroll redirect phishing — patterns used in school district attacks
  • Fake IT helpdesk credential reset emails — what they look like
  • HR portal impersonation (benefits enrollment, direct deposit changes)
  • Sender verification: how to confirm a legitimate internal request
  • Reporting path when a staff member receives a suspicious email
Drill 02
🎓

Student & Parent Gift Card and Impersonation Scams

A pattern unique to the education sector: attackers impersonate district superintendents, principals, or administrators to request urgent gift card purchases from staff, target students with fake scholarship offers, or spoof parent communications to extract information or payments. School staff are particularly vulnerable because of the strong authority culture in educational institutions — a request that appears to come from the superintendent triggers compliance rather than skepticism.

  • Superintendent gift card scam pattern — how it's executed and why staff comply
  • Fake scholarship and financial aid phishing targeting students
  • Parent portal spoofing — credential theft via fake login pages
  • Authority-based social engineering in educational contexts
  • Verification protocol for out-of-band financial requests
Drill 03
🏫

Ransomware Tabletop: IT + Superintendent + Board Communications

When ransomware hits a school district, the decisions made in the first 60 minutes determine the outcome. Do you shut down the network? How do you notify the school board? What do you tell parents? What are your FERPA notification obligations? This tabletop exercise walks your IT director, superintendent, and board through the actual LAUSD and Minneapolis scenarios — with communications templates and decision trees your leadership team has never encountered in a training before.

  • Ransomware triage: what to isolate, what to preserve for forensics
  • Board notification: what to say, when to say it, what not to say
  • Parent and community communications — incident disclosure protocol
  • FERPA breach notification timelines and ED obligations
  • Cyber insurance claim activation — first 24-hour checklist

FERPA, CIPA, COPPA, and cyber insurance carriers all require documented security awareness training.

FERPA (Family Educational Rights and Privacy Act) requires districts to protect student education records and implement administrative safeguards — including staff training. CIPA (Children's Internet Protection Act) mandates internet safety education. COPPA (Children's Online Privacy Protection Act) governs data collection on children under 13. New York's Education Law 2-d and California's SOPIPA impose additional breach notification and data minimization obligations on districts and their vendors. Beyond federal and state mandates, cyber insurance carriers increasingly require documented annual security awareness training as a condition of coverage — and scrutinize it heavily after a claim. Sessions with SecurEveryone provide the training records and curriculum documentation your district needs for compliance audits, insurance renewals, and state reporting.

View Compliance Training Programs →
📋

Free: Incident Response Plan Template for School Districts

A 12-section IR plan template built for K-12 and higher ed — covering ransomware triage, FERPA notification obligations, board communications, cyber insurance claim activation, and vendor incident coordination. Adapted from the documented LAUSD and Minneapolis response frameworks.

Download the Free IR Plan Template →
Pricing

Book directly. No procurement delay required.

All three tiers include payroll phishing awareness, student impersonation recognition, and FERPA training documentation. Pick the tier that fits your district or institution.

Personal
$150
60-minute 1:1 session
  • Staff payroll phishing defense
  • Impersonation scam awareness
  • FERPA security awareness training record
  • Personal security assessment
  • 24/7 emergency session access (+$100)
Book Personal — $150
Executive
$390
90-minute leadership briefing
  • Ransomware IR tabletop for district leadership
  • K-12 threat landscape and CISA advisory review
  • FERPA/CIPA/COPPA compliance documentation framework
  • Board communication and notification protocol
  • Cyber insurance readiness assessment
  • Priority emergency support (+$100)
Book Executive — $390
Business
$900
2-hour team webinar · unlimited users
  • All 3 K-12 training drills for your full staff
  • Payroll phishing simulation for all employees
  • Student/parent impersonation awareness
  • Ransomware IR tabletop for IT + leadership
  • FERPA training documentation for compliance
  • Post-session written incident response summary
Book Business — $900 flat
Common Questions

Questions about education sector training.

Does SecurEveryone provide FERPA-compliant training documentation?

Yes. Every session includes a training completion record that documents session date, topics covered, attendee roster (Business tier), and trainer credentials. This record satisfies the administrative safeguard requirements under FERPA, supports CIPA compliance documentation, and meets the annual training documentation requirements most cyber insurance carriers now mandate. We've provided these records to school districts for their state-required annual security assessments and insurance renewal applications.

What are a district's obligations under FERPA after a breach?

FERPA itself does not specify a breach notification timeline, but districts must notify affected families if education records have been improperly disclosed. The Department of Education (ED) has issued guidance requiring timely notification — generally interpreted as "without unreasonable delay." Additionally, most states have their own student data privacy breach notification laws with explicit timelines. New York's Education Law 2-d requires notification to affected parents and guardians and to the state Education Department within a reasonable timeframe. California's Student Online Personal Information Protection Act (SOPIPA) imposes additional requirements on districts and vendors. Our ransomware tabletop drill covers FERPA notification obligations, state-specific timelines, and the board reporting sequence in detail.

Can you train over summer break when staff are available?

Yes — and summer is ideal. The Business tier (unlimited users at $900 flat) is well-suited for all-staff professional development sessions during summer in-service days. We schedule sessions to align with your district's pre-school year preparation calendar, provide the recording for staff who can't attend the live session, and deliver training documentation in time for your fall compliance reporting. Many districts run the ransomware tabletop as a leadership session before summer and the full staff phishing training on the first in-service day of fall. Book the Executive tier first, then upgrade to Business for the all-staff session.

Do cyber insurance carriers require annual training documentation?

Yes — and the requirements have tightened significantly since 2022. Most major cyber insurance carriers now require documented annual security awareness training as a condition of coverage. Carriers that have updated their K-12 underwriting guidelines since the LAUSD and Minneapolis breaches typically require evidence of staff phishing training, incident response planning, and MFA enforcement. Our sessions provide the documentation your district needs at renewal. If you've had a claim denied or a policy non-renewed due to training gaps, we can expedite scheduling and documentation delivery within 48 hours.

How do you handle training for board members who aren't tech-savvy?

The Executive tier is specifically designed for this. Board members need to understand their governance role in a cyber incident — what decisions fall to the board, what to disclose publicly and when, and how to ask the right oversight questions of district IT staff — without needing technical depth. Our board briefing covers the LAUSD and Minneapolis scenarios from the governance perspective: what the board should have known, what questions to ask before an incident, and what the board's communication obligations are to parents and the community during an active incident. No technical background required.

Can you train on higher education threats, not just K-12?

Yes. Higher education has a distinct threat profile: research IP theft (including nation-state targeting of federally-funded research), credential stuffing attacks exploiting single sign-on systems, student financial aid and refund fraud, and distributed IT environments across dozens of departments and research units. We customize the training to your institution's profile — community college, regional university, or R1 research institution. The compliance landscape differs too: FERPA applies across all higher ed, HIPAA applies to university health systems, and federal research grants carry their own cybersecurity requirements (NIST 800-171, CMMC for DoD-funded research). Book the Executive tier and describe your institution — we'll confirm the curriculum before scheduling.

Ready to train your school district or institution?

After LAUSD, Minneapolis, and San Diego, the CISA + FBI + MS-ISAC advisory is clear: K-12 is a high-value target, and the entry point is always a staff member. Book a session and get your team trained before the next phishing campaign arrives in your district's inbox.

$150 — Personal Session Book Executive Session → $900 — Business (Unlimited Users)