Mar 31 2020

With Cyberattacks, Districts Should Plan for the Inevitable

The question is when, not if, K–12 districts will have to deal with ransomware or other malware.

Savvy K–12 district administrators and IT staffers know to plan for when, not if, a cyber incident occurs.

That planning involves having a comprehensive response strategy for mitigating the effects of ransomware or other malware. Experts also advise that, in the end, people are a key part of any cybersecurity approach. It’s important to develop a culture around cybersecurity.

With the frequency of cyberattacks targeting K–12 schools, there is also a growing number of IT professionals and administrators who can share lessons learned from having to mitigate a breach and communicate the situation to stakeholders. That’s true of Rockford Public Schools in Illinois, which suffered a ransomware attack in fall 2019 that quickly shut down dozens of the district’s virtual servers.

“This was nothing we wanted to experience, but there’s a silver lining,” says Jason Barthel, the district’s executive director of technology. “It’s helped us move forward very quickly with many technology initiatives laid out in our strategic plan.”

Rockford schools are implementing new security technology as well as other efforts, such as user security training, to help prevent future attacks.

A Key to Ongoing Cybersecurity: Be Nimble

An important first step toward developing a district cybersecurity strategy is understanding the status quo. That can be more daunting than it seems, especially for districts with small IT teams or insufficient resources. Seek a free security threat assessment and work with experts to get a handle on existing threats as well as ways to develop a proactive cybersecurity approach. Consider advice from IT leaders who are leveraging the hard lessons of cyberattacks to strengthen their districts’ security strategies.

It’s also important that cybersecurity is not seen as a “one and done” effort. Threats constantly change, and thieves persistently adjust their approaches. That means administrators need to be just as nimble, constantly assessing their networks and altering their cyberdefenses as needed. Planning and strategizing can help prevent the inevitable from turning into a disaster.

OstapenkoOlena/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.