Ahhh, summer! As we flip the calendar to July and another school year winds down it is a perfect time to close one chapter and begin planning for the upcoming year. As teachers and students head to the beaches and summer camps, IT managers will be hard at work planning and implementing new technologies for the next school year. K-12 IT leaders are tasked with the mission to equip our children and teachers with the skills and tools to sustain our fast-paced digital ecosystem. It is up to you, as security professionals, to create awareness and listen to the challenges and help those IT professionals execute a successful cybersecurity policy.
In a recent article in education weekly, it emphasized that "A good benchmark for k-12 institutes is to spend no less than 4% of their annual budget on IT security improvements and training, although more is always better”. It won’t be easy; schools must invest in protecting the sensitive data that they have access to with successful cybersecurity policies. Making changes and updates to specific security measures can be a challenge if faced with a hefty price tag and inexperienced staff working against budgets.
IT professionals in every K–12 school district likely struggle with one major security weakness, and believe it or not, it’s the students, faculty, and staff. With so many people being granted access to personal information to perform their jobs better, monitoring and training should provide students and staff with best practices related to proper cyber hygiene. Some examples of effective cybersecurity policies are enforcing strong password rules, white-listing and blacklisting domains, and setting up user permissions. Another issue to be aware of is hacking. Hackers can send malware and phishing emails that look legit. Make sure your organization is properly trained by turning to these 3 ways to help employees spot phishing attacks and report them.
Yes, training takes time but time wasted not properly training your staff equals money lost in data breaches.
How Can Schools Protect Themselves?
By auditing databases for compliance, establishing standards and cybersecurity policies, controlling user access, and using real-time database monitoring, schools can protect their critical data against breaches. School leaders must ensure that cybersecurity remains a vital part of technology on boarding and training for all students and staff. Keep everyone up to date to continue building awareness about potential threats.
Effects of a Security Breach
According to the k-12 Cyber incidents resource center, the most frequently experienced type of k-12 cyber incident reported during 2018 were data breaches. Here is a break down of the examples in the article:
- Unauthorized disclosures of data by current and former k-12 staff, primarily due to human error
- Unauthorized disclosures of data by vendors/partners
- Unauthorized access to data by k-12 students, often out of curiosity or a desire to modify school records
Based on the k-12 Cybersecurity Resource Center almost 10% of the reports were due to Denial of Service, 15% due to Phishing, 9% due to Ransomware and 46% were reported as unauthorized disclosure or breach.
According to EdTech magazine, the Department of Education announced it would strip any K–12 school district of Title IV funding if it did not adhere to “reasonable methods” to protect student data. Staff should prepare for this possibility by planning and testing recovery strategies well in advance since schools aren’t exempt from the risk of a cybersecurity attack.
The good news is school districts are making more significant strides by utilizing low-cost steps to ensure that their information is protected. All it takes is ensuring software security patches are up to date, implement a current password policy, and adequately train students, staff, and faculty.