In this article, the authors address the importance of taking a proactive approach to securing a school's network. To do this, it is first required to know the system's specific vulnerabilities and what steps to take to reduce them. The formal process for doing this is known as an information security risk assessment, or a security audit. What follows is an overview, loosely based on the National Institute of Standards and Technology's Risk Management Guide for Information Technology Systems and other commonly accepted industry standards, of how to perform a basic audit for your school or district. This will: (1) Demonstrate due diligence by developing a security process that is consistent and objective; (2) Help the school or district make informed decisions about what preventive measures it needs and why; (3) Justify the up-front costs of security; and (4) Show the staff the importance of best security practices that they sometimes resist. A security checklist is included.