Cybersecurity attacks on schools across the United States are becoming more frequent.
“They are a target-rich, resource-poor environment that really houses incredibly sensitive information about some of our most vulnerable populations,” says Trent Frazier, deputy assistant director of the Cybersecurity and Infrastructure Security Agency (CISA), a component of the US. .US Department of Homeland Security.
When these attacks are successful and student data is compromisedIt can be held for ransom, but it is also doubly valuable to cybercriminals because students generally have impeccable credit histories and are not worried about identity theft.
Cybersecurity is now the Number one concern among school leaders. However, the good news is that there are simple, inexpensive steps you can take that will have a huge positive impact on cybersecurity, Frazier says. Offers the following cybersecurity tips.
1. Don't get overwhelmed
When they hear about the increasing number of cyberattacks, those not trained in cybersecurity may have the mistaken feeling that there is nothing they can do.
“They see it as an almost insurmountable challenge: Tackling cybersecurity means getting a second degree and becoming a cybersecurity professional,” Frazier says.
In reality, the most effective forms of cyber protection are generally simple, common-sense good cybersecurity practices that most of us are already familiar with. He notes that while more complex attacks are occurring, most remain simple efforts that involve basic tasks, such as cracking a weak password.
By removing the simplest aspects of cybersecurity systems, schools can really strengthen their protections. “If we take steps to address those things, we will make it more difficult for our adversaries and force them to conduct much more challenging and, frankly, much more costly types of attacks across all of our infrastructure communities,” he said. she says.
2. Do the little things
Continuing with the idea that small steps can have a big impact on cybersecurity, Frazier points out Secure our world, A recent public service announcement developed by CISA aimed at schools and other organizations offers four easy-to-implement tips:
- Recognize and report phishing
- Use strong passwords
- Activate multi-factor authentication
- Update the software
3. Use CISA resources
District technology leaders should be aware that there are many CISA resources for schools.
“We have regional staff across the country who can help you assess vulnerabilities within your system,” Frazier says.
These staff members can help school leaders prioritize and plan how to better invest in and build stronger cybersecurity systems. “We have developed what we call our Cybersecurity performance objectiveswhich is really an essential tool to help prioritize where you want to make investments and ultimately start making those investments and growing over time,” says Frazier.
Additionally, CISA has its Cybersecurity for K-12 Education resource, which offers a variety of tips for schools. “Applying those two resources and engaging with our people will be a really important tool in helping you identify what the long-term sustainable approach to the program that you ultimately need to design will look like,” Frazier says.
4. Consider adding a full-time cybersecurity resource
A recent edtech-leaders-no-1-priority-in-2023/” target=”_blank” data-url=”https://www.cosn.org/cosn-news/cybersecurity-remains-k-12-edtech-leaders-no-1-priority-in-2023/” referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none”>CoSN Report found that 66% of K-12 districts do not have a full-time cybersecurity resource.
Adding this type of full-time staff member is a step districts should consider, but it's not always about hiring someone new. Often, existing IT staff members can be trained in the fundamentals of good cybersecurity.
“Once this is done, those people can often make great strides in helping you develop the basics of your cybersecurity program,” Frazier says. “Once a certain posture has been achieved, it is meaningful to begin looking for more credentialed cybersecurity professionals who can implement even more advanced mitigation measures within their program.”
But again, schools don't have to undertake this process alone. “I highly recommend both schools and school districts think about where they can partner with local government and state government agencies that can also provide them with capabilities,” Frazier says.
5. Cybersecurity is a team sport
Frazier says it's also important for school leaders to realize that cybersecurity is everyone's responsibility, and that includes students, staff, teachers and parents.
“Often someone says, 'Well, that's the IT department's problem,' or 'That's the state or federal government's problem,' or 'That's the service provider's problem.' “It’s really critical that schools understand that cybersecurity is entirely a team sport,” Frazier says. “No one is able to adequately defend themselves (alone) from all the various threats we see today. It has to be integrated and we all have our part to play.”
