An expert in cybersecurity provides pointers.
GUEST COLUMN | by Charlie Sander
The cybersecurity attacks K-12 technology teams are experiencing can sometimes feel like fighting a 5-alarm fire with a squirt gun.
CISA’s new toolkit is a helpful step forward. But, there are no guarantees in cybersecurity. No matter how much time, money, and expertise you have to throw at it, the risk is always there.
The good news is that you can mitigate the risk of falling prey to cyber-attacks. Let’s discuss common attacks and how to prevent your district from falling prey to them.
Common K-12 Cyber Attacks
Ransomware gets all the headlines because it’s usually highly disruptive and expensive, whether or not you pay the ransom. But, ransomware is not the most common attack impacting school districts.
Phishing is the most common attack vector. It’s used to deploy malware, redirect payments to fraudulent accounts, and gain access to user accounts that can be used for various criminal purposes.
‘Don’t get discouraged with your district’s cybersecurity. Focus on improvement versus perfection. Reach out to your peers and consortiums to learn how they’re solving problems.’
Distributed Denial of Service (DDoS) is another common cyber attack. Today, DDoS can be an early indication of a broader attack. It’s used to test security resilience or to distract while another attack is launched elsewhere.
Finally, insider risk may or may not be categorized as an “attack” per se, but insiders are a common reason for data exposure. Sometimes it’s on purpose by a disgruntled employee— more commonly, it’s due to negligence. One example is employees sharing files using global link.
How To Protect Your District From Cyber Attacks
No person, process, or technology will 100% guarantee that your district won’t fall prey to a cyber attack. But, you can make your community a less easy target.
1. Leadership and Training
Cybersecurity is everyone’s responsibility. Districts need a culture shift that can only happen when it starts from the top. Superintendents and department leaders need to become cybersecurity advocates.
This includes creating district-wide policies regarding personal devices, how data is stored and shared, and how payments can be sent. Policies should be created in partnership with your technology team, but leadership must advocate for compliance.
Training is also critical. Everyone needs to “think before they click”. Training users to verify a suspicious email with the technology team before they reply or click on a link, for example, is a simple step that has made a significant impact for districts.
Training should occur regularly. Many districts use Cybersecurity Awareness Month (October) to focus on training for all users, from students to administrative leadership. Other times that make sense include during onboarding, the beginning of the school year, when a particular attack is trending, or if your district has recently suffered a cyber incident or a near-miss.
2. Framework and Technology
We like to think that technology will save us, but it’s ultimately just a tool that needs to be correctly configured and managed. That being said, it’s impossible to secure your data without it. Start with a framework before getting deep into what technology you need.
Cybersecurity experts advocate for the zero-trust security framework. Zero trust assumes that your system is always at risk from both internal and external users. This framework is essential because so much of what we do is hosted in the cloud (think Gmail, Outlook, and Google Docs, for example). Because so much of this activity is happening off your local network, traditional network security measures no longer apply.
Zero trust security encourages layering cybersecurity technology. This approach helps defend data from attacks, continuously monitor activity and content to identify risks, and remedy issues when necessary.
For example, what happens next when a phishing email gets through Gmail filters and lands in multiple inboxes? Will you get an alert from Google? How quickly can you remove that email from all impacted inboxes?
3. Incident Response
No discussion about district cybersecurity is complete without incident response. At some point, you fall victim to a cyber attack. When that happens, every minute counts. An incident response plan will help your team respond more effectively than you would be able to without one.
Don’t get discouraged with your district’s cybersecurity. Focus on improvement versus perfection. Reach out to your peers and consortiums to learn how they’re solving problems. Take advantage of resources such as MS-ISAC and CISA. Together, we can create safer, more secure learning spaces.