Assess your organization’s risk level
No school district wants to place their sensitive data at risk. Here are a few guidelines to aid in the determination of your risk level. What’s more, they will help you identify areas where you may be more vulnerable.
The attack vectors
“Attack vector is a path or means through which a hacker gains access to your digital content,” says Amit Kumar Sharma. Here are potential school district attack vectors:
- The Student Information System (SIS).
- Public Education Information Management System (PEIMS) data stored in your business applications. It resides along with your business applications.
- People who work with sensitive data. Each person (e.g., IT/HR personnel) that handles sensitive data may inadvertently expose it.
- Website security protocols and certificates (e.g., outdated Secure Socket Layer (SSL), FTP).
- Offsite placement of sensitive data (e.g., third-party vendor).
- Unsecured employee email and/or cloud storage.
Cyber liability insurance providers need to know you have secured data. They may ask questions such as the following:
- If personnel are handling data, are they encrypting it?
- Are you accessing confidential data over an insecure connection from a remote location?
- How are you sending sensitive data via email, if at all?
- Do staff know to not place unencrypted data on USB flash drives for transport?
On August 12, 2016, the largest school district in San Antonio, Texas suffered a data breach. The breach affected almost 23,000 students and faculty. An unauthorized individual gained entry via an employee email account.
Tips to protect against a breach
Here are some tips to keep in mind:
- Never share passwords, period
- Enable and use two-factor authentication to access key systems
- Secure your workstation and log out when you get up from your desk
- Ensure physical/network security for offices, MDFs, and IDFs in server/network closets
- Use security protocols for network, vLAN, wireless SSID, and firewall configurations
- Verify security for essential services including email, SIS applications, local area network logins, and VPN access
- Put strong password policies in place
Hot tip: Use a pass phrase or a short sentence without spaces instead of a password. Include a number and the punctuation, and you’ve got yourself a very strong password. Example: “KeepAust1nweird!” or “Ilov3mydogSally!” Learn more.
Educate and protect
Education is key. No district can afford down time due to a cyber security breach. Coach your faculty and coworkers on security best practices and plan ahead for how you will handle sensitive data.