IT director warns of rising cyber threats as board presses for a clear plan and resources
April 09, 2024 | Canyons School District, School Boards, Utah
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
The district’s information‑technology director, Scott Momes, told the board on April 9 that the district is preparing a large migration of finance and student systems from Skyward to the newer Cumulative platform and outlined ongoing cybersecurity and Chromebook efforts.
Momes said the system migration will affect payroll, purchasing and student records and called it "a massive, massive project" that the district expects to go live about a year from now for the financial pieces and by summer 2026 for student systems. He also described parental tools in the district’s technology portal that allow parents to change filter settings and receive alerts for searches that indicate self‑harm or harm to others.
The meeting included a sustained discussion about a recent state law related to .gov/.edu domains. Momes and board members discussed the technical and cost implications; staff said districts across Utah were not yet migrating but that the law requires migration once domains are authorized statewide.
Cybersecurity drew significant attention. Momes reviewed technical steps the district has taken—pen‑testing, NESSUS scans, adoption of multifactor authentication for critical accounts and an available password manager—and urged continued investment. He warned the board that the district does not now have a dedicated cyber‑security or a dedicated data‑privacy staff member, and that work is spread across IT, ISD and legal. “We do not have a dedicated cyber security nor do we have a dedicated data privacy staff,” he said.
Board members asked administration to put forward a concrete proposal outlining staffing, costs and a timeline for strengthening security; Superintendent Dr. Robbins said administration would return with recommendations. The district also confirmed it holds cyber‑security insurance through a state co‑op but said premiums and coverage limits have changed as more incidents occur nationally.
Next steps: administration will return with a concrete proposal on dedicated cybersecurity resources and a cost estimate for any recommended domain or infrastructure changes, including an analysis of the .gov option and transition costs.
Momes said the system migration will affect payroll, purchasing and student records and called it "a massive, massive project" that the district expects to go live about a year from now for the financial pieces and by summer 2026 for student systems. He also described parental tools in the district’s technology portal that allow parents to change filter settings and receive alerts for searches that indicate self‑harm or harm to others.
The meeting included a sustained discussion about a recent state law related to .gov/.edu domains. Momes and board members discussed the technical and cost implications; staff said districts across Utah were not yet migrating but that the law requires migration once domains are authorized statewide.
Cybersecurity drew significant attention. Momes reviewed technical steps the district has taken—pen‑testing, NESSUS scans, adoption of multifactor authentication for critical accounts and an available password manager—and urged continued investment. He warned the board that the district does not now have a dedicated cyber‑security or a dedicated data‑privacy staff member, and that work is spread across IT, ISD and legal. “We do not have a dedicated cyber security nor do we have a dedicated data privacy staff,” he said.
Board members asked administration to put forward a concrete proposal outlining staffing, costs and a timeline for strengthening security; Superintendent Dr. Robbins said administration would return with recommendations. The district also confirmed it holds cyber‑security insurance through a state co‑op but said premiums and coverage limits have changed as more incidents occur nationally.
Next steps: administration will return with a concrete proposal on dedicated cybersecurity resources and a cost estimate for any recommended domain or infrastructure changes, including an analysis of the .gov option and transition costs.
View the Full Meeting & All Its Details
This article offers just a summary. Unlock complete video, transcripts, and insights as a Founder Member.
✓
Watch full, unedited meeting videos
✓
Search every word spoken in unlimited transcripts
✓
AI summaries & real-time alerts (all government levels)
✓
Permanent access to expanding government content
30-day money-back guarantee
