School districts throughout the United States suffer from notoriously poor information security. This is at a time when school district spending on technology is at an all-time high. Why is this? The public assumption that K through12 information security has kept pace with the rest of society is wrong. This talk will review doctoral research that found that understaffed and underfunded districts are either ignorant of the risks or simply choose to accept them, and there is no penalty for either. School leaders should be bound by the same expectations to secure their assets as leaders in other government agencies, and their leaders should be responsible for ensuring that students enter the world with a clean slate.