|In today’s school environment, everyone and almost every piece of equipment talks to the internet and run on your network. Your HVAC system, security cameras, phones, bus cameras and communication, attendance, payroll, and many of your teaching tools are all connected to the internet. Interconnected devices bring many benefits. However, there is also increased risk as well. Anything you can access from the internet can be a launchpad for the bad guys, or bad actors as they are known in the cybersecurity world, who want to steal from and hurt you, to attempt to gain unauthorized access to your network.
According to a recent post from SentinelOne, education is the most targeted industry with an average of 2,297 cyberattacks against organizations each week in the first half of 2022; a 44% increase compared to the first half of 2021. In July of 2022, the education sector experienced double the number of weekly cyberattacks when compared to other industry averages. It is tempting to think that protection from this kind of threat is solely the Technology Director’s responsibility, but in today’s world, it’s just not true - you are an integral part of keeping the district safe.
A ransomware attack means being unable to access even the most basic information stored in your network and possibly even online resources. That could be crippling to your organization as it directly impacts student safety, the integrity of your school facilities, your ability to pay your staff, and teaching and learning. Often companies pay to quickly restore access to their data.. We've all experienced the issues associated with the network being down for an hour or two. Imagine that going on for 2-4 weeks (or longer!) instead.
With all the demands placed on them, most school district IT staff simply don’t have the tools, resources, and quite frankly the time, to combat all the real threats. You have seen in the news many schools have been attacked over the last several years - including districts in the region. Many of the affected districts are huge with far more resources available than most area districts can reasonably provide.
This new landscape is forcing us to change the way we think about and manage IT and cyber risk. When almost everything in an organization relies on the network, controlling cyber risk needs to evolve from the IT department's sole responsibility to the organization's shared responsibility. While new tools are a significant part of the solution, you will need to train your users about the new threats and how to keep themselves, the students, and the district safe. Human error is one of the biggest contributing factors to security breaches.
That is why top school administrators are so vital to successfully mitigating the risk of Cyber attacks. Good cyber practices start at the top. It is also why both the government and the cyber insurance industry have reacted to this increased threat with new rules and regulations. As you are aware, New York States Ed Law 2-d regulations come with much more stringent data privacy requirements that also require schools to adopt a data security policy that aligns with the NIST Cybersecurity Framework. We are already seeing districts undergoing NYS technology audits being scrutinized on components of NIST CSF compliance. Unfortunately, these regulations are not simple to understand or implement. But it can be done.
In the coming weeks, we will be talking more about the many threats facing school districts today and how learning more about the NIST Cybersecurity Framework can help you both reduce your cyber risk and help you align with the new rules and regulations. Each week we will give you more information about what your district is facing in today’s Cyber Security landscape, and how you, your Director of IT, and your faculty and staff can work together to fight this threat.
This week’s suggestion:
Make sure Cybersecurity education is part of your annual staff development process. (Human error -clicking on an email attachment, or an infected link in an email, etc - is one of the biggest cyber security risks)
If you would like to learn more before next week, please ask for a copy of our free report “The Changing Face of Cyber Risk Today”. We are also happy to speak with you directly, just contact Lisa MacDougall (email@example.com) or 845.897.9480.