IT teams in school districts across North America started planning and prepping for the start of the next academic calendar not long after the previous one ended. Detailed planning goes into getting staff, students, and classrooms technology-ready for the first day of school, but educational institutions are learning that their schools’ cybersecurity programs may be missing essentials.
Cyber attacks on schools are increasing. Ransomware moved to the head of the class, becoming the most disclosed incident type for the first time in 2022, rising to 62% in 2022 compared to 12% in 2020. Technology has been part of education for years, so what’s driving the increase and why now?
More devices, more data, more attacks
Technology is more woven into the everyday fabric of education than ever before. What started relatively gradually—slow rollouts of 1:1 device programs and classroom-by-classroom technology upgrades—became an avalanche of devices and users during the pandemic.
When students became remote learners, school-issued devices went with them. Curriculum, grading, and student records had to be accessible from the outside world. The “how” of accomplishing this was left to teachers and administrators focused on learning and lean IT teams with few resources. The need to ensure learning continued supplanted many cybersecurity initiatives.
Schools weren’t the only ones rushing to the cloud to stay operational in 2020, and they certainly weren’t the only ones to lose focus on cybersecurity in the process. With so many fish in the barrel, attackers began indiscriminately targeting victims.
Attackers want “soft” targets. Targets that are easy to infect and ransom. While many industries quickly secured remote work setups, schools often lacked the funds, expertise, and time. Student and staff personally identifiable information (PII), healthcare records, and credit card and financial data became enticing and profitable.
Protect education, protect the future
All cyber attack victims face the same fallout—lost operational time, significant financial costs, and strained resources. Cyber criminals don’t care who is on the other end of their attacks, but attacks on education have the potential to cause long-term harm to students, families, communities, and beyond.
CISA and the US Department of Homeland Security partnered to produce helpful guidance for K-12 institutions, and the governments of Canada and the US continue to advance bills and regulations to support cybersecurity in education.
Those efforts help, but security still needs to be implemented at a district and school level. With 52% of districts short on IT support staff and 77% lacking dedicated skills, it’s important to focus on cybersecurity basics for schools.
Essential checklist for cybersecurity in schools
To develop an effective cybersecurity program, schools need these four items:
☑️ Incident response plan
Rising attacks make “when an attack occurs” a higher probability than “if.” An incident response (IR) plan builds the information needed to help minimize and mitigate an attack without lost time spent putting together what you need to respond effectively.
1) Communication: Define roles and responsibilities, record contact information, and outline communication processes.
2) Detection and Analysis: Outline how events will be detected and analyzed to understand the risk, impact, and mitigation methods.
3) Response: Detail the steps to take to contain, eliminate, and recover from an attack, which could include disabling accounts and purging systems. Identify how you will restore/rebuild systems to regain operations.
4) Debrief: Build a post-event follow-up into the plan so your IR plan can be updated and improved based on what you experienced.
☑️ Threat and vulnerability management
A proper threat and vulnerability program helps you understand where you have weak points and provides you with a roadmap for shoring up your defenses.
1) Regularly inventory devices and use discovery to identify devices you weren’t aware of.
2) Use scanning, assessments, and penetration testing to know the vulnerabilities in your applications and systems.
3) Use a strong patch management process to eliminate identified vulnerabilities.
☑️ Endpoint detection and response
1) Implement an automated endpoint detection and response (EDR) solution that scales as needed, integrates with your existing solutions, and is easy to use.
2) Monitor and analyze EDR reporting to identify real threats and eliminate false positive alerts.
☑️ Raise your hand
Knowing when to get help can be one of the most critical elements of strong cybersecurity. Look for a partner with a high level of expertise that provides skill- and solution-specific management to ease the burden on the internal team.
Cybersecurity built for education
Educational environments vary from district to district. Few of the technology teams supporting them would say they have the budget and resources to build robust security processes or infrastructure.
With Converge CyberdefenseEDU, school IT teams don’t need to go it alone. We’ve been side by side with our clients on the front lines of cybersecurity for over three decades, and we see firsthand the challenges schools face.
CyberdefenseEDU services make it easy to pick the most essential solutions for solving the top cybersecurity issues in K-12 schools. Dedicated consultants help support all education environments and existing technology through a guided process.
A Cybersecurity Ambassador is included with every engagement and delivers monthly reporting and threat intel, attends meetings as a cybersecurity subject matter expert, and provides guidance and support. The Cybersecurity Ambassador also delivers the following services with each CyberdefenseEDU engagement:
- Ransomware Readiness Assessment
- Incident Response Plan Development & Testing
- Policy Development
These individual modules can be added based on each school’s needs using existing technology or Converge can assist with purchase and implementation of new solutions:
- Threat & Vulnerability Management
- Endpoint Detection & Response
- Managed Detection & Response
- Security Awareness Training
Our quick-start methodology delivers fast benefits for your schools and team:
- Significantly reduces workload
- Provides cost-effective access to industry expertise
- Speeds incident response readiness
- Bolsters your team with a dedicated subject matter expert
Advance school security to a higher level
Cybersecurity best practices and industry standards shift and modify to meet evolving threats. The current industry standard for cybersecurity in education is based on NIST 800-53 and addresses five categories in a continuous process of identify, protect, respond, and recover using 42 security controls.
Converge understands and uses this framework every day to help our clients implement and manage their cybersecurity processes. We can help your security graduate to the next level. Contact us today to get started.
