TCEA 2023: Schools Learn How to Boost Cybersecurity with Limited Funds

K–12 Schools Can Find Free, Low-Cost and Open-Source Security Help

Schools often find a glut of cybersecurity information on the web that they must carefully comb through and then determine if it’s viable and trustworthy. Pauley’s presentation was focused on cutting through the noise and sharing vetted resources.

Many of Pauley’s resources were federal and state websites, such as the federal Cybersecurity and Infrastructure Security Agency, MS-ISAC and the Texas Dept of Information Resources. Schools may not be aware of the wide array of information and support available from these government agencies.

Pauley recommended several offerings from CISA, including its cybersecurity evaluation tools and cyber hygiene scan. He also found the Texas DIR to be particularly useful as it offers an incident response manual that can help schools prepare for and respond to a cyberattack.

Pauley also discussed the online search engine Shodan.io, a tool he called “terrifying” because threat actors can use it to explore any server connected to the internet. He suggested that schools play offense and use the tool to get clear on which of their servers need to be patched before bad actors discover the vulnerabilities.

WATCH NOW: School cybersecurity experts share cybersecurity best practices.

Use These Bare-Minimum Cybersecurity Practices Today

Even with funding challenges, Pauley said, all schools at a minimum should make sure they install multifactor authentication along with endpoint detection and response.

He shared how schools can improve their email security affordably using the Sender Policy Framework, an email authentication protocol. SPF provides a Domain Name System text record that limits emails from specific IP addresses or services.

Pauley also recommended KeePass, a free, open-source password manager that he says uses highly secure encryption algorithms. He then reiterated some best practices for passwords: include multifactor authentication, use unique passwords for every account, implement zero-trust architecture and segregate admin duties.

LEARN MORE: Why multifactor authentication should no longer be optional in K–12.

Cybersecurity Tools for Educators and Students

While Pauley’s session provided tools that IT professionals can use right away, he did not forget about educators and students. He noted that the Center for Infrastructure Assurance & Security at the University of Texas at San Antonio offers age-appropriate games, activity sheets, stickers and more for K–12 students.

He also mentioned that Microsoft Learn offers a broad range of online courses, including topics on cybersecurity, for technical staff, educators and students.

See Pauley’s full presentation here.

Join EdTech as we provide written coverage of TCEA 2023. Bookmark this page and follow us on Twitter @EdTech_K12.