School Cybersecurity - Short and Long Term Steps to Protect your Community

5 min read
In this article

    pexels-gustavo-fring-5621934In recent years, cyberattacks have been getting both more frequent and more sophisticated. From Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks. In January, hackers successfully pulled off the largest cyberattack on a single school district in U.S. history when they targeted a New York City public school district vendor, impacting more than 800,000 current and former students in the district. 

    If you haven’t already started making a cybersecurity plan for your school, now is the time to start. If you already have a plan in place, consider updating it to ensure it takes into consideration current threats and vulnerabilities. Whatever stage you’re in, here are some steps you can in the short and longer term to ensure your school is protected:

    SHORT TERM:

    Talk to your cyber insurance provider about any “acts of war” exclusions they may have

    Many insurance policies include act of war exclusions. According to the California Resiliency Alliance (CRA), with the current Russia-Ukraine conflict, there is the potential that Russian cyberattacks may be considered an act of war and not covered under insurance policies. Here are some questions CRA recommends asking your insurance provider:

      • What is the current language in your insurance policies in regards to exclusions, specifically around acts of war and other hostile acts? 
      • How does your insurance provider define an ‘act of war’?
      • Does the insurance provider treat cyberattacks conducted by nation-states differently than those conducted by non-nation state actors?
      • What if the impact to you is not by a direct cyber-attack on your organization, but a cascading impact from an attack on another entity such as a utility or service provider?

    LONG TERM:

    Maintain your systems and software

    Keep your operating systems and security software up to date to avoid any potential breaches due to outdated programs. 

    Keep devices secure

    Be sure to employ strong passwords and password best practices, and encourage employees to do the same. For any employees with school-sponsored devices, use a Mobile Device Management system. Finally, create systems to ensure the IT team is notified quickly when a device goes missing or is compromised.

    Audit for Vulnerability

    Conduct a cybersecurity audit to highlight gaps or vulnerabilities in your system. Run exercises and drill your emergency plans so you are prepared to respond quickly to minimize the impact of any attack.

    Create a cybersecurity PD

    Add Cybersecurity PD into the scope and sequence of the year so it does not end up as an afterthought. Schedule phishing tests and other vulnerability tests for your staff and students (Our team is available to provide support with this if needed.)

    Cybersecurity threats are likely to continue to advance in the coming years. Implementing some of these best practices now can go a long way toward making sure your data, information and systems stay safe and secure. 

    About the author
    Chris Joffe
    Chris Joffe
    Safety Expert, Joffe Emergency Services

    Chris has helped protect millions of lives since 2007. Based on the belief that people have the power to save lives through education and training, Chris has built Joffe Emergency Services to become the leader in life-saving training, event safety, and disaster preparedness. Chris has flown commercial so much that he's becoming a pilot now. Seriously. Ask him for a ride somewhere.

    Take the next step

    Ready to go beyond the article?

    Schedule a free call with a Joffe safety expert, or take our 5-minute Swiss Cheese Assessment to see where your program stands today.