School Cybersecurity - Short and Long Term Steps to Protect your Community

In recent years, cyberattacks have been getting both more frequent and more sophisticated. From Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks. In January, hackers successfully pulled off the largest cyberattack on a single school district in U.S. history when they targeted a New York City public school district vendor, impacting more than 800,000 current and former students in the district. 

If you haven’t already started making a cybersecurity plan for your school, now is the time to start. If you already have a plan in place, consider updating it to ensure it takes into consideration current threats and vulnerabilities. Whatever stage you’re in, here are some steps you can in the short and longer term to ensure your school is protected:

SHORT TERM:

Talk to your cyber insurance provider about any “acts of war” exclusions they may have

Many insurance policies include act of war exclusions. According to the California Resiliency Alliance (CRA), with the current Russia-Ukraine conflict, there is the potential that Russian cyberattacks may be considered an act of war and not covered under insurance policies. Here are some questions CRA recommends asking your insurance provider:

• • What is the current language in your insurance policies in regards to exclusions, specifically around acts of war and other hostile acts? 
  • How does your insurance provider define an ‘act of war’?
  • Does the insurance provider treat cyberattacks conducted by nation-states differently than those conducted by non-nation state actors?
  • What if the impact to you is not by a direct cyber-attack on your organization, but a cascading impact from an attack on another entity such as a utility or service provider?

LONG TERM:

Maintain your systems and software

Keep your operating systems and security software up to date to avoid any potential breaches due to outdated programs. 

Keep devices secure

Be sure to employ strong passwords and password best practices, and encourage employees to do the same. For any employees with school-sponsored devices, use a Mobile Device Management system. Finally, create systems to ensure the IT team is notified quickly when a device goes missing or is compromised.

Audit for Vulnerability

Conduct a cybersecurity audit to highlight gaps or vulnerabilities in your system. Run exercises and drill your emergency plans so you are prepared to respond quickly to minimize the impact of any attack.

Create a cybersecurity PD

Add Cybersecurity PD into the scope and sequence of the year so it does not end up as an afterthought. Schedule phishing tests and other vulnerability tests for your staff and students (Our team is available to provide support with this if needed.)

Cybersecurity threats are likely to continue to advance in the coming years. Implementing some of these best practices now can go a long way toward making sure your data, information and systems stay safe and secure.