Adding Disparate Policies Is a Poor Cybersecurity Strategy for K–12
Policy enforcement and smart cybersecurity solutions can dramatically reduce this risk. However, policy setting too often is a one-off, whack-a-mole approach to locking down systems. It’s easy to forget about a breach after it’s cleaned up and the headlines simmer down. Then a more sophisticated breach hits, and another policy is added. The cycle goes on.
Adding disparate policies every time a security incident occurs is a poor cybersecurity practice that will create more work in the long run. With technology evolving as fast as the viral trends on social media, school IT administrators are doing all they can to secure network access while allowing permissions for authorized users. They’re also tasked with facilitating remote and hybrid learning and implementing the tools and apps that support it. Policies are not agile enough for this dynamic technological environment.
Schools Need Policy Enforcement for Better Password Management
A proactive approach would be to implement solutions that have policy enforcement baked in. Security policies need to find a balance between usability and effectiveness or they won’t be adopted in the first place.
Passwords fulfill the rules, but they’re often weak, and the requirements to create them can be complex. For example, using initials and a birthday might meet the requirement for numbers, uppercase and lowercase letters and special characters, but sophisticated methods for cracking these codes puts data at risk.
Fatigue surrounding passwords and cybersecurity doesn’t help. Given the lack of user training and how often security incidents are connected to password breaches, doing the bare minimum is no longer sufficient. Advanced password protection should be standard operating procedure in our public schools.
As the line between physical security and online security narrows, every perimeter must be sealed. Strengthening password management with multifactor authentication is an affordable and necessary first step.
Creating unique and complex passwords for every online account is a standard security best practice that needs to be continuously enforced, but resistance to doing so often stems from the friction involved in implementing stringent security measures.
Password Managers Are Simple, Cost-Effective Tools
With all the ed tech initiatives in K-12 education, it stands to reason that security and privacy would be baked into the curricula as well as the back-end technology systems and infrastructure that keep these institutions running. Multifactor authentication is now critical.
In a 2021 meeting at the White House, technology executives said deploying two-factor authentication decreases the risk of a cyberattack or a data breach by over 80 percent. And earlier this year, the Cybersecurity and Infrastructure Security Agency released a report targeted at K–12 recommending MFA as a crucial cybersecurity best practice.
K-12 organizations rarely have the resources to procure and implement the most expensive solutions to meet their cybersecurity needs, which are often as complex and demanding as those of private companies. However, as threats become more sophisticated, reliance on legacy systems won’t suffice.
Schools must implement unique solutions that are cost-effective and easy to adopt, and that protect against the most common risk factors leading to these damaging attacks. Password managers are a simple, affordable solution with inherent credential management that goes far in policing who gets access to what.
Trusted Partners Can Help Navigate Limited Budgets to Boost Security
Procurement teams can source and compare credible and secure authorized solutions through trusted programs that help reduce the duplicative efforts, inconsistencies and cost inefficiencies that beset cybersecurity in public education. For example, by working with StateRAMP authorized solution providers, K–12 education organizations can comply with the zero-trust cybersecurity directives outlined in the White House’s National Cybersecurity Strategy released in March 2023. These directives set standards for the highest levels of security and privacy.
The challenges are increasingly complex — from limited budgets to staff shortfalls — but new commitments of funding and grants to increase cybersecurity safeguards and training for K-12 schools this year present a great opportunity for IT administrators to improve their resources and modernize their approach to cybersecurity.