Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats.” In that report, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.
- deploying multifactor authentication (MFA)
- mitigating known exploited vulnerabilities (patching
- implementing and testing backups
- minimizing exposure to common attacks
- regularly exercising an incident response plan
- implementing a strong cybersecurity training program
This bulletin will address Step 4 – minimize exposure to common attacks. To quote the CISA report
“Many threat actors find vulnerable targets by scanning the internet for exploitable services. K–12 entities should ensure that IT assets accessible via the internet do not expose frequently exploited services. Any exposed system must have strong compensating controls in place and be reviewed as part of the governance program. CISA’s Stuff off Search (https://www.cisa.gov/resources-tools/resources/stuff-search) page provides additional guidance on this important step. Because attackers frequently compromise Remote Desktop Protocol (RDP) servers, organizations should have their RDP security plan reviewed by both management and outside experts.”
This recommendation ties into the bulletin we sent out a few weeks ago addressing vendor access to your network. You have many systems (like HVAC, transportation apps, security, and camera systems) in use in your school that may be accessible via the Internet. When outside vendors or companies can access your network, there is the potential that bad actors can as well. Trying to put this recommendation in a nutshell, CISA is telling you to identify all systems you currently have that can access your network and be accessed by the internet. Then take steps to make access as secure as possible. The documents in the URL provided by CISA give you suggestions on how to go about doing this. They identify several tools you can subscribe to, configure, and use to test access to your network yourself. If you want help in this area, you can contact us for details about a free external scan of your network from CSI.
This week’s suggestion:
- Talk to your Tech Director about the steps identified in the “Stuff off Search” documents and discuss what you are already doing, and what you can do better
Next week’s bulletin will discuss “CISA Step 5 – Incident Response Planning”
If you would like more information on help with minimizing your exposure to common attacks or navigating the NIST CSF journey, please contact Lisa MacDougall at lmacdougall@csiny.com or call 845.897.9480.