Accept Risk, Then Assess It and Prevent It
By and large, cybersecurity is all about managing risk. Eliminating risk is, of course, impossible. There will always be new threats lurking beneath the surface (or even in plain sight). Bad things happen, and they always will. The key is how you prepare for and respond to these events as they emerge.
School districts, like all organizations, must accept the existence of risk. But the only way to do that safely is to run a risk assessment. This process not only reveals how vulnerable a district might be, but also helps to determine which risks are acceptable and which ones are not.
For threats that manage to slip under the radar, having the appropriate systems in place for detection and alerts is critical. Equally important is a comprehensive incident response plan that can guide teams to act once the alarm is sounded.
Cybersecurity Was Complicated Enough Before COVID-19
K–12 technology environments have always been complicated. With so many servers and applications, multiple networks, hundreds (maybe thousands) of network devices, desktop computers, laptops, Internet of Things devices and more, some degree of complexity is unavoidable. Even before the pandemic, many schools struggled to keep things working smoothly — including cybersecurity.
Although complexity was a challenge before the pandemic, it was limited by physical boundaries, with most users located in classrooms and administrative offices, and only a few working remotely.
With the onset of COVID-19, however, cybersecurity complexity skyrocketed. With schools closed, events cancelled, and remote learning and social distancing in place, physical boundaries were largely erased, and the number of networks exploded.
Tips for Reducing Complexity in Cybersecurity
In a network environment that is anything but simple, decreasing complexity may seem complicated in itself. The first step is to focus on the basics. Here are a few places to start:
- Reduce the number of vendors: In a study by the Ponemon Institute, 65 percent of respondents said it’s hard to manage cybersecurity risks associated with third-party vendors. Reducing the number of vendors a school or district uses can potentially reduce complexity and, as a result, the level of risk an organization faces.
- Look for opportunities to consolidate: Take inventory of your systems and applications. Consider ways to consolidate servers, network management tools and applications wherever possible.
- Replace or decommission old technology: Every single piece of technology serves a need, or at least it should. An inventory of systems and applications may highlight legacy technology that no longer serves a vital function. Instead of looking for reasons to keep dated technology, shift gears and look for reasons to get rid of it.
Complexity is the enemy when it comes to cybersecurity, but there are two easy rules for combatting it: Simplify wherever possible, and get help if needed. And remember, simple doesn’t mean easy — it just means simple. Keep working toward it.