Ohio K-12 Schools Deploy TechGuard Platform to Fight Surging Cyber Threats

Schools across Ohio, like many nationwide, face a relentless wave of cyberattacks. Criminals target student records, staff data, and vulnerable systems, exploiting limited defenses with phishing scams and ransomware. The stakes are high: a single breach can disrupt learning, expose sensitive information, and erode trust. Ohio’s latest response, announced on May 2, 2025, aims to equip K-12 schools with tools to fight back.

The state’s new initiative, led by Governor Mike DeWine alongside CyberOhio, the Department of Education and Workforce, and the Management Council of the Ohio Education Computer Network, centers on TechGuard. This platform offers tailored cybersecurity training and simulated attacks to prepare educators, administrators, and even students to spot and stop digital threats. The move reflects a broader recognition that schools, often seen as soft targets, need robust, proactive defenses.

TechGuard, now available to all Ohio K-12 schools, provides over 1,300 learning modules customized for different roles, from teachers to cafeteria staff. Users face simulated phishing emails, malware attempts, and ransomware scenarios, learning to recognize red flags through interactive exercises. Assessments track progress, offering feedback to ensure staff gain practical skills. The platform’s design emphasizes real-world applicability, aiming to reduce human error, a common entry point for cyberattacks.

The program’s rollout builds on Ohio’s existing cybersecurity framework. The state’s 16 Information Technology Centers, which support school districts, will integrate TechGuard into their operations. This coordinated approach ensures schools, regardless of size or resources, can access training. Geoff Andrews, CEO of the Management Council, highlighted the platform’s flexibility, noting it adapts to the unique needs of each school community.

Nationwide, schools face growing cyber risks. Between July 2023 and December 2024, 82 percent of K-12 organizations reported security incidents, with ransomware attacks surging 69 percent year-over-year. Phishing remains the top threat, with a near-certain chance of email-based attacks in the next 12 to 18 months. High-profile breaches, like the PowerSchool incident exposing 62 million student records, reveal gaps in vendor management and staff training.

Ohio’s schools are no exception. Limited budgets, uneven privacy practices, and reliance on third-party tech vendors create vulnerabilities. Only 48 percent of districts maintain formal data retention policies, and many lack real-time monitoring. These weaknesses make schools prime targets for attackers who exploit academic calendars, timing attacks around exams or enrollment periods for maximum disruption.

Ohio’s initiative emerges amid a national debate over how best to protect schools. Some policymakers advocate for state-led solutions, emphasizing local control and private-sector partnerships. They argue that flexible, targeted programs like TechGuard, paired with grants, allow districts to address unique needs without heavy-handed federal rules. Others push for stronger federal involvement, citing the need for standardized frameworks, mandatory reporting, and equitable funding to support under-resourced schools.

Both sides agree on the urgency. Federal programs, like the FCC’s $200 million cybersecurity pilot for schools, offer resources, while states like Alabama, Indiana, and Maryland have passed laws mandating training and assessments. Ohio’s approach, blending statewide coordination with local implementation, seeks a middle ground, leveraging CyberOhio’s expertise and the Ohio Cyber Range Institute for advanced training.

Evidence suggests cybersecurity training can make a difference. Organizations with regular programs see up to 70 percent fewer security incidents, and trained users are 30 percent less likely to click phishing links. Yet, effectiveness hinges on consistency. Without quarterly refreshers, skills fade within four months. Ohio’s TechGuard incorporates best practices, like role-based modules and simulated attacks, to reinforce learning over time.

Still, challenges remain. Nationwide, 45 percent of employees receive no cybersecurity training, and only 52 percent of organizations run phishing simulations. For schools, where staff juggle multiple roles, finding time for training can be tough. Ohio’s program addresses this by embedding training into existing workflows, but its success will depend on widespread adoption and sustained commitment.

Ohio’s TechGuard initiative marks a significant step toward securing K-12 schools, building on a decade of state-led cybersecurity efforts. By equipping educators and students with practical skills, the program aims to create a culture of vigilance. Its integration with CyberOhio’s broader framework, including the Ohio Education Computer Network’s robust email filtering, strengthens the state’s defenses against an evolving threat landscape.

The road ahead requires balance. Schools must navigate tight budgets, complex vendor relationships, and competing priorities while fostering resilience. Ohio’s proactive stance offers a model for other states, but the fight against cyberattacks demands ongoing investment, collaboration, and adaptability. For students, educators, and communities, the payoff is clear: safer schools and a stronger foundation for learning.