Since January 2016, there have been nearly 400 recorded cyber security incidents at K-12 schools. Unfortunately, these common security incidents have some major consequences when it comes to safety plans, student privacy, and your school’s proprietary software. Cyber criminals target schools in a variety of forms — from phishing schemes that gather private data, to ransomware that infects computer systems, to breaches that expose social security numbers.
No system is completely safe. For example, in 2015 three high school students in New York hacked into their school’s computer system to change their grades. In a more extreme example, a New Jersey school district’s computer system was held ransom — with the attacker demanding the equivalent of $128,000 in bitcoins. In 2018, a hacker group called Dark Overlord started sending threatening text messages to students’ and their parents – resulting in widespread fears and school closures.
Luckily, K-12 administrators can minimize these potentially damaging cyber incidents with a few basic steps. By planning security measures in advance, keeping your staff educated, and choosing your vendors carefully, you can help keep your school’s private data safe. Let’s take a closer look.
1. Have a Plan for Network Attacks & Data Breaches
In your school district, you have a plan for just about everything. Fires, weather-related delays, school lockdowns — all of these strategies are key. Your cyber security should be no different. According to the Education Network of America, no system is safe all the time. Every administration is at risk of both attacks and breaches:
- Network attack. In an attack, an outside force attempts to disturb or interrupt normal networks — sometimes to distract or divert attention from a breach that’s underway.
- Data breach. In a breach, access has been gained to sensitive data or information.
Once you understand the key differences between attacks and breaches, you can come up with a comprehensive plan for mitigating further damage. Assign responsibility and engage between departments to implement a cohesive plan that includes everyone responsible for withholding network security — from IT professionals, to Human Resources, to school security. Once your plan is in place, you’ll be able to respond quickly, efficiently, and collaboratively to recover from a breach or deflect an attack.
2. Use a Password Manager
One of the best ways to keep your school’s data secure is also the simplest: protect user credentials. While every administrator, teacher, and faculty member already has their own login, many of them might not understand the gravity of compromised credentials. With passwords in hand, it’s incredibly easy for cybercriminals to access private student, parent, and faculty data.
Obviously, everyone in the school community needs to know the basics of passwords: they should not be shared with anyone else, staff shouldn’t use systems that are logged in under a colleague’s name, and staff should ensure they’re entering passwords discreetly. But you can take these security efforts one step further by using a password manager. By storing login credentials in a password manager, staff maintain a secure location for all their various passwords. Here are some of the perks:
- Makes it easier to generate long, random passwords
- Only one password needs to be remembered in order to access the password master
- Helps generate new passwords
- Simplifies changing passwords regularly
Perhaps most importantly, using a password manager helps reinforce the concept that passwords are not to be taken lightly. As a pivotal aspect of staff and faculty security, tight password protection is non-negotiable.
3. Educate your Staff
The tech world is changing rapidly. While some of your district’s community members are extremely tech-savvy and current with best practices, it’s important to ensure everyone is kept up to speed with rapidly-changing security procedures. Not only does this ensure enhanced cyber security, but continuing education increases buy-in for staff.
Include cyber security training as part of your district’s on-boarding procedures, and makes sure staff receive continual training on new policies and procedures. As cyber criminals become more sophisticated, make sure you train your employees on various aspects of security:
- Strong passwords. Consider having your staff use password managers.
- Phishing awareness. Educate your staff on what common email phishing attempts may look like.
- File sharing. Have education policies in place for sharing sensitive files, such as using encryption.
- Mobile. With more teachers and administrators than ever before using personal mobile devices, make sure they’re following best practices on keeping their wireless devices secure.
By instituting education standards, you’ll ensure everyone on your team has the tools to keep up with rapidly changing technology — and prevent the risk of a major breach.
4. Choosing Vendors: Do your Homework
Schools today use a multitude of cloud-based platforms to improve day to day functioning, like coordinating monthly fire or lockdown drills. In fact, the cloud-based market in K-12 schools is projected to grow 26% by 2021. How do you do your homework to ensure you’re partnering with trusted vendors? Before making a decision, it’s pivotal to ensure that a vendor is taking steps to protect you and your students’ data. Don’t be afraid to ask tough questions before contracting with a vendor:
- Do they encrypt their traffic?
- Is data stored off the internet?
- Is their customer support team ready to help you with technical issues?
- Can you easily and securely integrate with other platforms?
- Do they offer training materials and resources?
Choosing a vendor who abides by best practices in cyber security is extremely important. When making decisions, establish good communication from the start by getting your IT team engaged and on the same page with the new technology. A good vendor will understand that it’s your job to ask tough questions — and should be able to satisfy your concerns.
5. Check & Update the Rulebook
Most school districts already have network security policies in place. Traditionally, districts most commonly have Acceptable Use, Remote Access, and Digital Communication policies. In an Acceptable Use policy, teachers, students, and staff are kept up to date on the activity that’s permissible using school computers and software.
For example, are certain websites off limits? Do they know the acceptable uses of the school’s proprietary software? What are appropriate uses for proprietary school software? Using the frameworks established in these policies, you can help ensure your staff and administrators are adhering to guidelines — and are kept accountable in case of mistakes.
Here’s the issue: some school districts don’t regularly update their Acceptable Use policies. When were yours written? If the answer starts with a 19, you might want to consider an update. Even if your policies have been updated within the last few years, make sure the rules reflect how people in the school community actually use technology. For example, if you have flexible workers that may be accessing data on the go, ensure that you have remote access policies firmly in place.
Security: Pivotal on All Levels
By establishing a plan, educating your staff, and employing other common sense measures, you’re well on the way to establishing a secure K-12 district. At Ruvna, we take security seriously. Our software integrates seamlessly with your pre-existing platform to help you manage lockdown drills, fire drills, evacuations, and weather events — all with the best, most current cyber security precautions in place. To get in touch about how Ruvna can integrate securely with tools you already use, please contact us today.