When it comes to cyber crimes, bad actors are no longer focusing their efforts on the usual targets, such as law firms and financial institutions. Their scope continues to evolve.
Unfortunately, education has become a sought-after field for cyber attackers. In fact, K–12 school districts, along with colleges and universities across the U.S., have suffered more than 1,300 data breaches since 2005, with the number of attacks rising annually. At times, the results of these breaches have been devastating.
In a high-profile example in 2019, two breaches linked to aimsweb—the Pearson Education student assessment tool—compromised an astounding 673,487 records in school districts in Nevada.
Smaller schools across the country haven’t been spared either. With less budget to work with and fewer cybersecurity personnel on staff, these schools often find themselves ill-equipped for today’s growing threat landscape. This leaves many wondering, "What can schools do to enhance security and provide piece of mind for their districts?"
The K-12 Cybersecurity Checklist
To help provide a starting point for schools to build a stronger security posture, Arctic Wolf has developed The K-12 Cybersecurity Checklist.
Inside the checklist you’ll find guidance and actionable steps to help secure your school from cyberthreats. Filled with tips, advice, and the latest news on compliance and legislation enacted at the state level, you'll discover helpful information to develop and maintain a robust cybersecurity strategy, step-by-step.
Here is a look at some of the key topics found within the checklist, along with steps to take to keep security in mind.
Create a Security Conscious Workforce
Employees who aren’t well trained in IT security take shortcuts to help them work more efficiently. They might share the same password for certain programs or even leave passwords lying around on Post-It notes. The best way to account for human error is to create a culture of security at work, supported by training and resources.
- Implement an ongoing schedule of training and education for all workers. Include updates on known attacks and information about best-in-class security procedures, such as two-factor authentication and password managers.
- Monitor IT processes for complexity. Keep ease-of-use in mind whenever you update or alter processes to avoid users turning to insecure shortcuts.
- Implement data usage controls that can block unsafe actions like uploading data to the web, sending emails to unauthorized addresses, or copying to external drives.
- Establish a password policy that requires using strong passwords as well as regular password changes and forbids written copies of passwords.
Train Staff on Breach Protocols
It’s vitally important to try to protect your networks from data breaches, but it’s also critical that your staff know what to do when a breach occurs. Employees should understand the sequence of steps to take following a breach, and IT staff should have the know-how to reinstate security systems as quickly as possible.
- Create a response team that’s always ready for action. In addition to IT staff, include legal, operational, HR, risk management, and PR personnel on the response team.
- Determine which systems were affected and what data was compromised. The team’s first job is to determine the extent of the breach so a full response can be put in place. As part of your response, make sure to notify relevant authorities and users.
- Change user passwords in terms of systems and software for any accounts possibly impacted.
- Fix any vulnerabilities. Analyze the attack and ensure that the security team addresses any vulnerabilities.
Other Highlights of the Checklist
In addition, The K-12 Cybersecurity Checklist delivers helpful advice and tips on a number of today's growing cybersecurity concerns. Here are some of the key topics we explore and explain their importance for maintaining a strong security posture at your school.
- Inventory and Control of Hardware and Software Assets
- How to Create Privileged Access to Critical Assets
- Why you need to Continuously Analyze, Prioritize, and Manage Vulnerabilities
- How to make distance learning safe and secure for Students
For the full rundown on all of these topics and more, download The K-12 Cybersecurity Checklist.