It may sound scary, but it’s true: schools are increasingly being targeted by malicious cyber threats. To combat this, tech teams everywhere are taking preventative measures to secure high-level accounts and protect student data. Preparing for cybersecurity challenges, however, doesn’t have to be a daunting task.
1. Loss of learning time due to a cybersecurity event
Cybersecurity events have the potential to cut into crucial instructional time.
- Phishing attempts
- Class/meeting interruptions
- Vendor disruption
- Student-caused security event
- DDOS, DOS attacks
- Defacing of district websites and social media
2. Evolving insurance coverage requirements
More school districts have begun requiring specific insurance coverage in regard to cybersecurity.
- Multi-Factor Authentication (MFA, Two Factor, Dual Factor)
- Airgap backups
- Risk Assessments (Current and Roadmap)
- Incident Response Plans
- Disaster Recovery Plans
- Vulnerability management
- Naming a person responsible for security and privacy
- Security professional on staff or security service in use
3. Keeping up with risk and vulnerability management
Staying vigilant against cybersecurity threats means managing risks before they happen.
- Incomplete or missing asset inventories (Hardware, software, cloud/SaaS)
- Third-party maintenance systems
- SIS, HR/FIN, HVAC, Food Service, Transportation, etc.
- Multiple Operating Systems
- Many different apps in use
- Legacy systems
- Off-campus devices
- Bring Your Own Device (BYOD) Programs
4. Security culture, training, and awareness
- The perception security is an IT problem
- Infrequent training with limited time and resources
- User assumptions or misinformation about tech (MFA, 5G, etc.)
- Fear-based training
- Lack of personal connection
- Inaccessible tech speak, fear, and fatigue
5. Student privacy
- Complex landscape of unstructured and structured data
- Open sharing
- Unclear ownership
- Confusion over private vs. public data
- Unclear policies and procedures
- Changing rules based on student age and location
These cybersecurity challenges facing K–12 may be common, but that doesn’t mean you shouldn’t make a change. Moving forward, even with small changes, is defensible. Staying still in the face of potential security risks is not.
What You Can Do Now
- Implement MFA for all administrative accounts, then expand to staff accounts.
- Backup critical systems using the 3-2-1 method.
- Draft board-level and tech-level cybersecurity policies. Use this free template from SecurityStudio to get started.
- Begin a Learning Impact Analysis and create a Learning Continuity Plan.
- Conduct a risk and vulnerability assessment.
Learn more about cybersecurity from Ryan! Watch his cybersecurity presentation from CLON (ClassLink's customer conference). You can watch the video here if you attended CLON or register for on-demand access at classlink.com/clon.