Cybersecurity refers to the protection of networks, devices, and data from unauthorized or unintended access or illegal use. The same bad actors that target enterprises also look for vulnerabilities in local school districts.
The district has adopted a cybersecurity plan to secure district cyberinfrastructure against cyberattacks and other cybersecurity incidents, determine cybersecurity risk, and implement mitigation planning. The district cybersecurity plan address steps the district may take to prevent, mitigate, resolve, or recover from cybersecurity issues and incidents.
All local governments, including school districts, must annually identify for cybersecurity training those trustees and employees who have access to district computer systems or databases and who use a computer to perform at least 25 percent of required duties. The only district employee required to complete annual cybersecurity training is the district’s cybersecurity coordinator. Other district employees required to complete the cybersecurity training must complete the training as determined by the district, in consultation with the district’s cybersecurity coordinator. Training must be DIR certified and may be selected by the board for employees and trustees. Trustees are not excluded from the requirement; therefore, the conservative approach is to train all identified trustees on an annual basis. Tex. Educ. Code § 11.175(g); Tex. Gov’t Code § 2054.5191(a-1), (b); see also Tex. Gov’t Code § 2054.003(9) (including school district under the definition of local government).