Oct 28 2020
Security

4 Ways Schools Can Improve Cybersecurity — Even When Budgets Are Tight

These low-cost tactics can help schools protect their systems from cybercrime.
Jeff Bathurst
by

Jeff Bathurst is the director of SC&H Group’s Technology Advisory Services practice.

Whether schools choose to continue remote education, use a hybrid education model or return full-time to campus, some form of virtual teaching system will figure into every school’s plan, even if only as a contingency. With every jurisdiction constructing their own approach to virtual education — then adjusting it in response to a rapidly evolving pandemic — cybersecurity risks abound.

Schools are particularly vulnerable to cyberattacks right now because they have been forced to completely re-envision and restructure the way they teach students. More likely than not, the IT department — charged with distributing tens of thousands of devices to students and keeping those devices and the network secure — suddenly seems understaffed.

The combination of minimal preparation time, changing protocols and tight budgets can create a breeding ground for cybersecurity risks. Still, there are low-cost tactics schools can employ to protect their systems from cybercrime.

EdTech Security EdTech Security

1. Revisit Your School's Data Security

The first step to keeping your data secure is understanding exactly what sensitive data you possess, where it lives in your system and who has access to it.

Your IT department needs answers to the following questions:

  • What personal information does the school collect from students, and where is it kept?
  • Does the school collect money or fees online or use a third-party vendor?
  • How does the school system interact with third-party vendors?
  • Is sensitive data encrypted in both the system and the backup system?

Even if your IT department has conducted an entitlement review (which determines who has access to data and why), it’s worth revisiting due to the scale of changes made in response to the pandemic. Every piece of data, no matter how insignificant it may seem, is worth something to a cybercriminal. All they need is a crack to whittle into your system.

LEARN MORE: Read best practices for protecting student data when using online tech.

2. Improve Your Device Management Strategy

Providing student devices and giving access to the school network can be rendered less risky by controlling how those devices are used. Disable all functions that would allow students to wander out of the controlled learning environment. Discourage sharing and allow students access to only what they need.

Also, consider network messaging as an alternative to email addresses, which are essentially open windows into your network. If you must give email addresses to students, consider restricting them to older age groups.

READ MORE: Find out how to better manage devices during remote learning.

3. Provide Security Training for End Users

The weakest link in your cybersecurity system is an untrained user. Every school today conducts some form of technology education; use that time to teach good cybersecurity habits to your students. Yes, the regular curriculum is important, but prioritizing cybersecurity now will keep your systems safe and serve your students long after this crisis has ended.

Define a strong password and explain why it’s important to never share it or write it down. Discuss email protocols and how to respond to receiving an email from someone you don’t know — or even someone you do know. Ask students if they know when it’s OK to give out information online (the correct answer is “never”) and why. Middle and high school students will be able to understand more complex concepts, but even elementary students can start with simple practices and develop good foundational habits.

DISCOVER: Here's why security training is crucial.

4. Invest in the Future

If you find that your staff still needs help evaluating protocols, testing safety procedures, creating policies, reviewing your cybersecurity insurance plan or simply taking the long view of cybersecurity, it’s well worth the expense of hiring a partner. An experienced consultant can deal with these issues up front, and planning is always less expensive than cleaning up after a data breach.

In a world of uncertainty, schools will continue to live with contingency plans they’ve made in an environment in which they must prepare for anything and everything. School systems need to comprehensively address every possible scenario and create as many backstops as they can. This year, it’s likely your school will use all of them.

MORE ON EDTECH: How can you make the case for cybersecurity?

nimis69/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now