The IT Mistakes Indiana Schools Keep Making

1. Treating student data like it's not regulated

Most school administrators know FERPA exists. Far fewer have built their IT infrastructure around it. Common gaps: student PII in shared Google Drive folders, parent contact info in spreadsheets emailed to staff, grade and discipline records on personal teacher laptops without encryption.

FERPA isn't HIPAA-strict, but it has real teeth. Practical baseline: encrypt every device that touches student data, segment student-facing systems from administrative systems, document who has access to what, and audit it annually.

2. BYOD without governance

Students bring personal devices. Teachers use personal laptops at home. Parents send their kids to school with whatever Chromebook was on sale. The mistake isn't allowing this — it's allowing it without policy or boundary. Common findings:

• Personal devices joining the staff Wi-Fi with no network segmentation
• Teacher personal laptops accessing school file shares without encryption requirements
• No mobile device management on devices that handle school email
• Student devices able to reach administrative systems they should never see

The fix isn't banning BYOD. It's segmenting it.

3. The summer onboarding fire drill

Every August, schools onboard new staff in a frantic two-week sprint. Email accounts created, group memberships assigned, software installed, devices issued. Most schools we audit don't have an onboarding checklist — let alone an automated workflow. The result: gaps. Some new teachers don't get critical access until October. Some get over-privileged access that nobody removes when their role changes.

Schools we onboard typically save 20-40 hours per summer just by automating the repeatable parts of the August onboarding sprint. The other benefit: documented offboarding when teachers leave.

4. Cybersecurity awareness training that doesn't reach teachers

Schools are heavily targeted for phishing — the FBI specifically warns about K-12 ransomware. Teachers are typically the entry point. Yet most schools we audit either don't run security awareness training, or run a single online course at the start of the year that nobody actually completes.

Real awareness programs include simulated phishing campaigns (with real consequences for repeated failures), monthly micro-trainings, and quarterly reviews. The cost is small. The risk reduction is large.

5. End-of-life everything

Schools run on a budget. Equipment that "still works" stays in service well past its support end-of-life. We see Windows 10 machines that should have been replaced. We see Server 2016 environments. We see network gear that hasn't received a firmware update in years. None of these are running because anyone thinks they should — they're running because the budget conversation hasn't happened.

The right answer isn't "spend more." It's a multi-year refresh plan that levels the spend across years. We help schools build these plans every spring for summer execution.

6. No backup-of-the-backup

Most schools have backups. Many of them have backups that have never been tested. Some have backups that are stored on the same network as the primary data — which means a ransomware event that hits the primary also hits the backup.

The minimum bar: backups stored offsite, immutable (cannot be modified by ransomware even with admin credentials), and tested at least quarterly.

7. Treating the IT person as a teacher's assistant

The single most common pattern we see: schools where the entire IT function is one stretched-thin person who's also coaching JV soccer, running the AV club, and being asked to fix everyone's printer. They're amazing. They're also one resignation away from chaos.

The fix is either making that role a real, dedicated position with proper backup — or partnering with an MSP to fill the gaps. Either is fine. The status quo isn't.

How we help

We support schools across Central Indiana with both fully-managed and co-managed IT. Our K-12 case study covers what real school IT looks like done well. Free assessment if you want a serious read on where your school actually stands.