Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats.” In that report, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.
- deploying multifactor authentication (MFA)
- mitigating known exploited vulnerabilities (patching)
- implementing and testing backups
- minimizing exposure to common attacks
- regularly exercising an incident response plan
- implementing a strong cybersecurity training program
This bulletin will address Step 6 - Create a Training and Awareness Campaign at all Levels. To quote the CISA report
“The cybersecurity field is not just about technology; it is also about people. Good training focuses on both awareness and enablement. When people on the front lines see something suspicious, do they know how to report it? Do the people who receive the report know how to act appropriately? Investment in training is just as important as investment in cybersecurity capabilities, tools, and solutions. Staff training at all levels is a prerequisite to progress. While leadership, staff, and student time is limited, initiating positive change and driving cyber awareness at all levels is within reach. Free training resources can be curated and administered to build on current training or fill gaps, such as cybersecurity training provided by CISA through the Federal Virtual Training Environment (FedVTE).”
Footnote: Private sector entities, including Amazon, CYBER.ORG, and the SANS Institute, also offer free training. Each K–12 organization should assess its training needs and take full advantage of the breadth of available free resources.
Human error is a huge risk factor for Data Breaches and other Cyber Attacks. The numbers vary depending on the source – (Stanford 88%, IBM 95%) but there is no denying that people make mistakes. When those mistakes affect your network’s security, it can have a big impact. So it is vital your staff has all the information they need to minimize preventable mistakes. There are many resources available to you, including your local BOCES, so please take advantage before human error affects your Network Security.
This week’s suggestion:
- Talk to your Tech Director about training already in place, and what additional training he/she thinks is needed.
Next week’s bulletin will discuss “Do You Know Four of the Most Common Cyber-Attacks?”
If you would like more information on navigating the NIST CSF journey, please contact Lisa MacDougall at lmacdougall@csiny.com or call 845.897.9480.