IT professionals in every K–12 school district likely grapple with one major security weakness: people.
Hackers can send malware and phishing emails, but users need to be trained how to recognize and report them — and not click.
Forty-six percent of organizations experienced a serious data breach, according to “The Cybersecurity Insight Report” by CDW.
CDW’s report notes “employees need to know what to do when faced with a threat. They also need to know how to take preventive measures to prevent malware.” Districts can take several steps to elevate the cybersecurity conversation and keep bad actors away from critical data.
One of those critical steps is making users aware of how to spot possible hacks. This should be an essential component of any training module moving forward.
Students should be taught how to become better digital citizens in order to help schools avoid data breaches. Begin by teaching them about privacy concerns and how to manage their digital identities. A good place to start is the International Society for Technology in Education’s Standards for Students. There are similar standards for educators and education leaders.
Time Equals Money Lost in Data Breaches
Besides the time lost when a cyberattack happens, there’s also a financial incentive to train users to steer clear of suspicious looking emails.
The Education Department announced recently it would strip any K–12 school district of Title IV funding if it did not adhere to “reasonable methods” to protect student data.
Staff should prepare for this possibility by planning and testing recovery strategies well in advance, since schools aren’t exempt from the risk of an attack.
Right now, according to the CDW report, just 30 percent of IT professionals are extremely confident their processes and people can stave off cyberattacks. The report also found that only 34 percent of IT pros are extremely confident their technology resources could mitigate risks over the next year.
Schools should scan their networks for vulnerabilities. The CDW report shows that organizations improve their security posture with network access controls, security assessment tools and supplementary email security.
Cybersecurity professionals can choose between penetration tests and vulnerability scans.
“The knowledge gained during these tests points out weaknesses that could be exploited by a real hacker and provides a roadmap for security remediation,” says Mike Chapple in a recent EdTech article.
Cybersecurity Is an Ongoing Exercise in Schools
Data security should be an ongoing exercise in schools. Linnette Attai, project manager for Consortium for School Networking’s privacy initiative and Trusted Learning Environment program, told EdTech there’s no one-time, fix-all solution in risk mitigation.
Data governance policies are key, she says.
“People need training and guidance,” says Attai. “We can’t expect them to be able to understand what we mean when we say, ‘protect the privacy and security of data’ without giving them instructions on how to do that well.”
This article is part of the "Connect IT: Bridging the Gap Between Education and Technology" series. Please join the discussion on Twitter by using the #ConnectIT hashtag.