1. Revisit Your School's Data Security
The first step to keeping your data secure is understanding exactly what sensitive data you possess, where it lives in your system and who has access to it.
Your IT department needs answers to the following questions:
- What personal information does the school collect from students, and where is it kept?
- Does the school collect money or fees online or use a third-party vendor?
- How does the school system interact with third-party vendors?
- Is sensitive data encrypted in both the system and the backup system?
Even if your IT department has conducted an entitlement review (which determines who has access to data and why), it’s worth revisiting due to the scale of changes made in response to the pandemic. Every piece of data, no matter how insignificant it may seem, is worth something to a cybercriminal. All they need is a crack to whittle into your system.
2. Improve Your Device Management Strategy
Providing student devices and giving access to the school network can be rendered less risky by controlling how those devices are used. Disable all functions that would allow students to wander out of the controlled learning environment. Discourage sharing and allow students access to only what they need.
Also, consider network messaging as an alternative to email addresses, which are essentially open windows into your network. If you must give email addresses to students, consider restricting them to older age groups.
3. Provide Security Training for End Users
The weakest link in your cybersecurity system is an untrained user. Every school today conducts some form of technology education; use that time to teach good cybersecurity habits to your students. Yes, the regular curriculum is important, but prioritizing cybersecurity now will keep your systems safe and serve your students long after this crisis has ended.
Define a strong password and explain why it’s important to never share it or write it down. Discuss email protocols and how to respond to receiving an email from someone you don’t know — or even someone you do know. Ask students if they know when it’s OK to give out information online (the correct answer is “never”) and why. Middle and high school students will be able to understand more complex concepts, but even elementary students can start with simple practices and develop good foundational habits.
4. Invest in the Future
If you find that your staff still needs help evaluating protocols, testing safety procedures, creating policies, reviewing your cybersecurity insurance plan or simply taking the long view of cybersecurity, it’s well worth the expense of hiring a partner. An experienced consultant can deal with these issues up front, and planning is always less expensive than cleaning up after a data breach.
In a world of uncertainty, schools will continue to live with contingency plans they’ve made in an environment in which they must prepare for anything and everything. School systems need to comprehensively address every possible scenario and create as many backstops as they can. This year, it’s likely your school will use all of them.