5 best practices for starting a successful cybersecurity program


How is your district protecting itself against data breaches, hackers, and other threats?

While there’s no question technology adoption creates powerful learning environments, it can also present significant security risks to teachers, staff, and students. According to Verizon’s 2017 Data Breach Investigations Report, the number of total security incidents in the education sector outranked both the healthcare and retail industries. It’s obvious that cybersecurity remains an increasingly dangerous threat that often gets overlooked when it comes to safety. This is partly due to limited school funding, strict budget factors, and a corresponding lack of IT support.

While cybersecurity is a constant challenge for any industry, the education sector has less resources and more at stake. School district networks house a variety of sensitive information on staff members, students, and students’ families, including credit card numbers, Social Security numbers, and sometimes even medical information, making K-12 schools a top target for hackers.

Data breaches and other threats
For example, in early January the largest school system in San Antonio, Texas, reported that it suffered a data breach last August, which exposed the personal data of more than 23,000 current and former students and staff. Ransomware is another common type of attack, costing schools thousands of dollars and significant downtime. In October 2017 an entire district in Montana was shut down for several days after hackers who dubbed themselves “TheDarkOverlord Solutions” threatened to release student, teachers, and school leaders’ personal information unless a ransom was paid.

But it’s not just cybercriminals that pose threats for schools—students are also guilty of misuse, with challenges ranging from device theft or loss to unauthorized application changes. Tech-savvy students have even launched distributed denial of service (DDoS) attacks, aiming to disable the network access and disrupt the school day to get out of a class or test.

Regardless of the type or severity of attack, it’s clear that K-12 institutions need to have a strategy in place for minimizing the potential of a security breach as well as a recovery plan for after one hits. While there is no one-size-fits-all solution for combating threats, investing in the right tools and crafting appropriate processes or procedures can significantly reduce their impact. For most districts, this decision comes down to technology budget allocation, but I urge administrators to consider the risks.

Here are five key best practices that I recommend to increase efficiency and foster a safe learning environment for students and staff.

1. Train and educate staff. Invest in training resources to make sure your IT department is knowledgeable and trained to safeguard the online safety of each student, family, teacher, and administrator. As technology continues to evolve, so will the number of risks and cybersecurity issues. You need to constantly refresh your IT staff on the latest policies, procedures, and compliance regulations to make sure they remain up to date. One way to stay up-to-date is by attending conferences, workshops, and summits focused on security topics. One of our customers also recommends hosting regular face-to-face meetings with the IT department staff and sharing relevant news articles.

Want to share a great resource? Let us know at submissions@eschoolmedia.com.