The summer break, when students and teachers are mostly out of the building, is a good time for school leaders to evaluate their school’s security posture.
Even schools with an already strong security posture make time throughout the year to evaluate their cybersecurity practices and to make process improvements. During the school year, when students and staff are in the building, it can be difficult for school leaders to find time for a deep focus on responsibilities unrelated to their instructional vision, student and staff culture, and family engagement. This makes the summer period a prime time for leaders to reflect on their operational approaches and make revisions for the upcoming school year.
To be honest, the list of summer activities for school leaders can still be quite long; they are focusing on curriculum changes, parent engagement strategies, and planning school cultural initiatives. However, there is a bit more space in the summer months, including room for school leaders to add cybersecurity enhancements to their summer to-do lists.
Cybersecurity attacks on schools and school districts have increased since the start of the pandemic.
With the accelerated shift for many schools and districts to cloud-first computing to better enable remote learning, the K-12 sector has become a prime target for cybercriminals. Schools store a large amount of sensitive data for students, staff, and families. An individual student record is worth up to $300 on the dark web. With data like social security numbers and home addresses, schools are like a treasure trove for bad actors, and the use of more cloud-based platforms has increased the risk of these bad actors attacking endpoint devices.
In addition to the potential increases in opportunities for attacks, cybersecurity risks are increasing because these malicious actors are continuing to grow in their sophistication. They are creating and attempting new scams; many are even customizing and tailoring their scams to target specific schools or specific staff members. This can make it even harder for users to distinguish a scam from the truth. As cybercriminals continue to evolve their cyberattack strategies, schools too must evolve in their approaches for mitigating and warding off these risks.
Having a strong security posture isn’t a one-and-done action; it requires ongoing vigilance because cybersecurity threats are ever-present and growing.
Schools benefit from a proactive and iterative approach to their security posture because the ongoing cybersecurity threats to schools continue to increase. According to Microsoft Security Intelligence, during the first month of the 2021-2022 school year, more than 5.8 million malware attacks were targeted at schools across the globe. These attacks made up more than half of the total attacks that were reported during that same time period.
Because the cybersecurity of schools continues to be a national issue, the K-12 Cybersecurity Act was signed into law in the fall of 2021. This law bolsters federal resources to review the cybersecurity threats that schools are facing. From there, a set of strategies and resources for schools and districts to better protect themselves and student and staff data will be disseminated across the country. While that list is being generated, there are still best practices that schools can take this summer to start the upcoming school year with a better security posture.
Here are three actions schools can take this summer to enhance their security posture.
Action #1: Plan to enable multi-factor authentication wherever possible.
Access to cloud-based platforms has had a positive impact on teaching and learning. However, the rapid shifts that some schools made towards being cloud-first during the pandemic left them without sufficient security protections and opened them up further to the risk of cyberattacks. Enabling multi-factor authentification is a simple and extremely effective method for increasing security.
While enabling multi-factor authentification can be as easy as the click of a button, rolling the process out across a school takes more thought and planning. Preparing users for the transition and providing them with support, guidance, and time for setting up their authentification increases the chances of successful implementation. To prepare for a rollout at the start of the school year, schools can use the summer months to make a list of their platforms that allow multi-factor authentification, decide on which (it can be some or all) platforms they want to enable MFA, and then devise a communication, training and rollout plan that supports the implementation of this new system.
Action #2: Update the antivirus and malware prevention software on all school devices.
Summer is also a great time for schools to check in on their antivirus and malware protection software to see if there are available updates. While making these updates across multiple student and staff devices was once an extremely time-intensive process, strategies exist for making software updates to current devices and software installation for new devices a quick and seamless process.
At CTS, our clients have access to our device management platform. By putting all of a client’s devices on this platform, we ensure easy and comprehensive deployment of security updates in addition to other operational benefits like managing settings, deploying software and apps, printer management, and managing Google Apps or Office 365.
Action #3: Prepare to provide security awareness training for staff and students.
School leaders and administrative and operational staff can spend a great deal of time designing a new system or process, but if their staff or students are unable to follow the process with fidelity, the desired outcome won’t be reached. This is why security awareness training for both staff and students is an important facet of a school’s security posture.
50% of successful ransomware attacks can be linked to poor user practices and insufficient cybersecurity education. With this in mind, summer is a good time to proactively schedule training for staff and students – perhaps during the professional development days before school starts for the staff and during the first few weeks of school for students. It is also a good time to plan the content of the training sessions and to develop the materials. School leaders can think about ways to make training for staff and students more engaging and interactive. If staff and students can understand the significance of the role that they play in keeping the school community safe, these trainings will feel like more than just a compliance activity or a box to check.
Schools can also utilize CIPA’s digital citizenship resources to teach their students about online safety. To participate in the E-rate funding program, schools are required to be CIPA compliant. Beyond just compliance, the CIPA resources are beneficial and give schools a blueprint for how to teach students best practices in digital safety.
At CTS, we take care of the technology so that schools can focus on their unique missions.
Schools are tasked with being engaged in ongoing efforts to maintain secure learning environments and strong security postures. However, with all of the other competing priorities, this strand of work can be hard for school leaders to manage in-house. The team at CTS is here to support this work so that schools can focus on their unique mission. Our team of experts has decades of experience in the educational technology space. Our understanding of technology coupled with our understanding of the unique technology-related challenges that arise in the education space make us well-suited to support our schools.
We’ve worked with more than 60 schools across the United States to integrate cost-effective technology. We partner with school leaders as they safeguard their school’s sensitive data and maintain their cybersecurity efforts. Through our work with schools, we’ve supported thousands of students, staff, and devices. Contact us today to learn more about how we can help improve your school’s security posture, so you can get back to the business of teaching and learning.