As we mentioned in our last bulletin, in January 2023 CISA published a report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats”. In that report, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.
We have been talking a lot in these bulletins about the increase in Cybersecurity incidents and what can be done to mitigate that risk. Congress also recognized this heightened risk environment and enacted the K–12 Cybersecurity Act of 2021 (“The Act”), which required the Cybersecurity and Infrastructure Security Agency (CISA) to report on cybersecurity risks […]
I am sitting here at 6 a.m. doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight and there were lots of noisy UPSes, but thankfully it was a pretty boring morning.
Cyber Attack – Are you as protected as you think you are? (Part Six – Vendor Access to Your Network)
Today it seems everything is connected to the internet in some way. At home, you have doorbells, garage doors, TVs, and a myriad of other things. School networks also have a long list of vendors and vendor devices sharing their network.
Today’s Tidbit should be quite simple once you get going. NIST requires data to be encrypted in transit and at rest. Probably you have a number of staff and techs who have laptops that leave the district.
Imagine you’ve been hit by a Cyber Attack. Your network is locked by ransomware and all your data is compromised. What now? Many people rely on their backups as a way to restore their data.
Cyber Attack – Are you as protected as you think you are? (Part Four – Multi-Factor Authentication (MFA)
In August of 2021, CISA added “Single Factor Authentication” to its list of practices it considers “exceptionally risky” as it exposes you to an “unnecessary risk from threat actors”. As a result, you may start to see requests from multiple sources to implement multi-factor authentication (MFA) strategies.
I watch a lot of Cybersecurity presentations. Ransomware is on everyone’s lips as a major concern. Here are two interesting tidbits of information. Many Law Enforcement Agencies and CyberSecurity Analysts are now recommending that if you don’t pay the ransom, you keep your encrypted data and backups anyway.
Perhaps you’ve heard the story of the young girl walking along the seashore, who noticed hundreds of starfish that had washed up along the beach with the incoming tide. Knowing they would soon dry out in the hot sun and die, she quickly started picking them up and throwing them back into the sea.
Today’s Internet and network security environment is very different from what it was just a few short years ago. As we’ve discussed, legacy tools, basic firewalls, and basic anti-virus/malware are no longer sufficient to keep your network safe.