“The biggest issue with our school districts is that they have the last virgin information on the planet,” says Mikela Lea, principal field solution architect for security assessments at CDW•G. “It’s very profitable, for many reasons. It can be sold for identities, it can be sold for credit purposes — the list goes on. And a lot of times, our children aren’t going to know their identities have been stolen until they’re 18 or 19 and they apply for credit.”
School leaders traditionally have focused their energy and resources on developing instructional technology without adequately prioritizing security.
“Unfortunately, we live in a world where we have to secure it now,” Lea says.
The lack of funding for cybersecurity measures is particularly problematic for public schools, and staffing shortages are common because IT department salaries tend to be less competitive, says Jen Miller-Osborn, deputy director of threat intelligence for Unit 42 at Palo Alto Networks.
According to experts, thwarting cybercriminals takes a multifaceted approach. Preventive third-party assessments are perhaps one of the most important components of a school cybersecurity strategy, along with having an incident response playbook and adequate staff training.
Lock the Doors of Your Network with Preventive Assessments
The best cybersecurity strategy is to prevent an attack altogether, experts say. There are a few options (and a range of price points) for preventive third-party assessments, which can root out risks before they turn into full-fledged problems.
One of the most common assessments is a network penetration test, or pen test. In an external pen test, a security professional simulates the activities of a hacker — without going all the way into the network — to identify any vulnerabilities in a district’s external systems.