Resources

Cyber risk is growing every day. In 2022 K-12 education was the single most targeted industry for ransomware. CSI wants to get you the information you need to know. Spend a day learning about the cybersecurity threats and data privacy challenges facing schools today and how they could impact your district.

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats.

As we mentioned in our last bulletin, in January 2023 CISA published a report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats”. In that report, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.

In last week’s email, we talked about the third NIST Cybersecurity Framework category – Detect. This week we will be discussing the fourth category – Respond. As with Protect, the general idea of Respond seems pretty clear-cut.

It is already a weird summer for me. I normally go to Acadia National Park right about now and enjoy the Maine weather. (It is so weird that NY has Maine weather so far). Instead of my normal summer routine, this year I am moving one of my daughters into the University of Alabama at […]

  Cyber Security has grown into an issue that needs to be addressed by everyone in a school district, not just by the Director of IT. To that end, we are starting a weekly bulletin series aimed at helping School Business Officials, who generally own the district’s risk management responsibility, become more knowledgeable about the […]

  In August of 2021, CISA added “Single Factor Authentication” to its list of practices it considers “exceptionally risky” as it exposes you to an “unnecessary risk from threat actors”. Your district auditors and the NYS Comptroller’s Office technology auditors are most likely pestering you about your multi-factor authentication (MFA) strategies and beginning to ding […]

  I am sitting here at 6 am doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight and there are lots of noisy UPSes, but thankfully it is a pretty boring morning. Boring is good.

Your techs *should not* be local admins anymore. It is simply too dangerous.   I have personally been a limited user on all my laptops, VMs and desktops for three years. I am living a happy life. It is time to completely eliminate this concept of “Techs are Local Admins”. It is simply too dangerous […]

We have to plan to safely ride out storms and other unforseen events   I am fresh off another weekend of power issues with the big storm. It was another object lesson that it is imperative to actually test disaster recovery strategies.