Schools Should Deploy MFA and Attack Known Vulnerabilities
Calling the report a starting point, CISA offers three recommendations.
First, it encourages K–12 schools to invest in the most effective cybersecurity measures available. These include “deploying multifactor authentication (MFA), mitigating known exploited vulnerabilities, implementing and testing backups, regularly exercising an incident response plan and implementing a strong cybersecurity training program.”
Second, CISA urges K–12 leaders to build a culture of cybersecurity and make it a top priority, adding that “information technology and cybersecurity personnel cannot bear the burden alone.” The report specifically charges those leaders with acquiring funding for security investments and with migrating to “secure cloud environments and trusted managed services.”
Schools Should Share Information and Collaborate
Finally, the report encourages schools to collaborate with peers, partners such as the K12 Security Information eXchange, and agencies such as CISA and the FBI to “build awareness and sustain resilience.”
Doug Levin, K12 SIX national director, says the report is only one step in a much longer journey.
“Given the steady drumbeat of ransomware, targeted scams and data breach incidents plaguing school systems from coast to coast, CISA’s report comes not a moment too soon,” Levin says. “This landmark federal report recommends common-sense steps that stakeholders can take to bring about needed change.”
Get incident response best practices at edtechmag.com/k12/security.