Before we know it, schools will be open again. As educators prepare to welcome their students in a few short weeks, it’s the right time to take stock of the institution’s “cyber-readiness,” or how well-prepared a school is to protect itself against cyber threats.
Ed Tech Magazine, which focuses on K-12 schools, reports that there are still a number of schools without formal cybersecurity plans in place, despite the increased cyber risks that schools face. Part of the hesitancy at the secondary and even college level may have to do with budgetary concerns. But, it shouldn’t be a question of whether a school can afford to have a strong and workable plan in place; schools really can’t afford not to have one. Cybersecurity for schools is essential in today's connected world.
Developing a school cybersecurity plan involves a few key elements.
- Conduct a detailed inventory of all software and hardware assets, so that the school knows specifically what it is that needs to be protected. One result of Covid-19 is the sharp increase in online learning, and accordingly many schools added components that they had previously not used or under-utilized. Schools have tablets, laptops and other devices used to make learning remotely a viable option. As the threat of Covid-19 fades, these devices will be found more and more on the campus or in the school. There is also an increase in such items as video walls and other audio-visual technology that has become part of the school. Taking an inventory of all this equipment may seem like a daunting task, but it is an important first step in a cybersecurity plan. Each device is a point of access and must be part of an overall cybersecurity plan.
- Partner with a cybersecurity expert or Managed Services Provider to undertake a vulnerability test of the school’s infrastructure. A professional will attempt to hack into the network to determine where the weaknesses are, and recommend the appropriate “fixes”, which includes the proper training of personnel (as described below).
- Every school cybersecurity plan should include robust, ongoing cyber security training of staff and all personnel to be able to recognize and avoid the usual phishing scams and other ways that hackers gain access to a system as well as how to properly utilize personal devices (Bring Your Own Device - BYOD) on the school network.
- Most statistics show that human error is responsible for around 90% of all intrusions into a network. Not only should there be faculty training, but this should also be carried over to the student level - whether that’s in the form of a workshop, class at the secondary level, or even a course for college credit.
- InfoSec Resources advises separating student networks from administrative/faculty networks as an added precaution, as well as being certain to use the updated patches so that the system is always using the most updated and supported software.
- The S. Department of Education recommends identifying key staff responsible for maintaining data security and also seeing that computing resources are not available to unauthorized users.
- Have an incident response plan in place in the event of a breach. This should include the individual or individuals who work with the internal IT or external IT support and determine when the threat has been remedied and network activities can resume. And there are external considerations as well. Who is the spokesperson for the school? Be certain that all communications about the incident – to the community, students, parents, board members and other stakeholders – come from that single source. In that way, you won’t have conflicting stories appearing in the community at a time when you don’t need them.
- The best advice that any educational institution can follow is to partner with a Managed Services Provider who can guide the school through the many steps which go into having and maintaining a secure cyber environment.
Beyond what the institution must do to provide proper school cybersecurity, there are also steps that students should be aware of.
Lansing Community College offers guidelines for students. The school advises students to be cautious in protecting personal information and accounts, being savvy on social media, and by practicing good privacy habits. Their recommendations include:
- Be aware for browser pop-ups and random unwanted sites, and the importance of performing anti-virus scans regularly and changing passwords frequently.
- Don’t share log-in access with friends or classmates.
- Watch for phishing emails and do not open attachments that you do not recognize
- Be very careful in sharing personal information in exchange for free products or services.
- If you purchase a used device, such as a tablet, use professional software to wipe the device clean, or reset the device back to factory defaults.
- Avoid public Wi-Fi networks if possible. Don’t share personal information. Often you can use a hotspot on a smartphone for a less public connection.
Unfortunately, it is not only the students who engage in learning activities at the start of a new school year. “School’s never out” for cybercriminals, who are always devising new ways to hack into systems and steal information. It’s a serious business with serious consequences for its victims. Whether you run a school or simply attend one, we can help answer your questions about how to protect your information. Please contact us here or give us a call at (888) 357-4277.