Over the past several months, there have been a number of cybersecurity incidents targeting K12 institutions that have sent a chill down the spines of smaller, less resourceful districts. Toward the start of the 2022-23 school year, Los Angeles Unified School District, the second-largest in the nation, was hit by a ransomware attack that disrupted their systems. Most recently, Minneapolis Public Schools uncovered personal student and staff data on the dark web. Unfortunately, this is a continuing trend.
“The secret is out: K12s are a target-rich and resource-poor sector,” said TJ Sayers, a cyber threat intelligence manager at the Center for Internet Security (CIS) in a previous interview with District Administration. “When it comes to ransomware operations, organizations with sensitive data and critical operations are key targets, as these two factors put significant pressure on victims to pay the ransom demand to restore operations and ensure their data isn’t exposed.”
For those smaller and more financially strapped school districts, significant security prevention strategies may be too out of reach. However, school administrators and IT leaders can use new self-assessment methods to effectively redesign and transform their cybersecurity initiative.
Three education technology leaders (ClassLink, ENA by Zayo and SecurityStudio) have come together to provide K12 schools with a “groundbreaking,” “free and easy-to-use” cybersecurity rubric designed to help schools assess their security policies and plan for continuous improvement. Additionally, they’re providing free training on how to use the rubric and a low-cost certification program for those who wish to become “Certified Cybersecurity Rubric Evaluators.”
According to a news release, the cost of hiring cybersecurity professionals has become a major burden for K12 schools, but this initiative aims to change that.
“This initiative will transform the way K12 schools approach cybersecurity,” said Berj Akian, co-founder of Cybersecurity Coalition for Education in a statement. “We are providing schools with the tools they need to assess and improve their cybersecurity practices, and we are doing it in a way that is affordable and accessible to all.”
For technology leaders wanting to self-evaluate their school’s cybersecurity environment, here’s what the process will look like:
- Learn how to use the Cybersecurity Rubric
- Use it to assess your institution’s cybersecurity strategies
- Become a Certified Cybersecurity Rubric Evaluator
- Use the findings to address your school’s cybersecurity weak points
“When you finish your assessment, you gain a complete picture of where your school stands with cybersecurity preparedness,” according to the Cybersecurity Rubric website. “Strengths and weaknesses are clear, and you know where you need to invest to improve.”