Cybersecurity has always been — or should be — a top priority for K–12 schools, which protect mountains of confidential student data and faculty information. However, the recent shift to remote learning has made cybersecurity an even more important concern. With more people using more devices to connect to schools’ IT networks from more locations, it is essential for IT leaders in education to follow best practices to keep their environments safe.
In my experience, most schools can eliminate the vast majority of serious cyberthreats simply by implementing the five pillars of the National Institute of Standards and Technology’s Cybersecurity Framework.
This first pillar of NIST’s framework involves identifying an organization’s critical assets, as well as potential cyberthreats to those systems. Sounds simple, right? However, many school districts currently have no real way of sniffing out all of the IT assets on their own networks. We recently worked with a district that had set up an external-facing special education server, which allowed parents to track their kids’ progress. Because this server was unknown to the IT department, patches and passwords had not been updated in years, and a hacker could easily have used this endpoint to infiltrate the district’s entire network. Penetration testing can help districts to identify such vulnerable assets.
Once districts identify their critical assets, they need to protect them. One best practice is to guard systems with multiple layers of cybersecurity solutions, such as next-generation endpoint protection, Domain Name System filtering, intrusion detection and prevention systems, and multifactor authentication. Any one of these layers could fail, but it is highly unlikely that all of them will fail simultaneously. The goal isn’t to make schools’ networks impenetrable, but rather to make them difficult enough to hack that attackers will move on to softer targets.
When attackers make their way past a school district’s defenses, officials need a way to determine that their networks have been breached. Logs are important here. Some larger districts may be able to afford to invest in a central management logging system. Others will need to rely on personnel to regularly inspect the logs of firewalls or endpoint protection tools.
Most schools don’t have any sort of written cybersecurity incident response plan. That’s a huge mistake, as planning is an essential part of successfully navigating a crisis. CDW leads workshops that help school districts to create playbooks for specific scenarios, including ransomware, distributed denial of service attacks and compromised email accounts. CDW also offers a complimentary cybersecurity incident retainer, giving school districts someone they can call to help them contain an attack and limit damage.
After school districts are hit by cyberattacks, they can’t simply go back to business as usual. Instead, they must close the gaps that led to the attack in the first place and do their best to ensure that they don’t suffer the same fate twice. You would be surprised by how many organizations leave themselves vulnerable to a subsequent breach, and only begin to truly take cybersecurity seriously after getting burned by ransomware (or another attack type) more than once.
I estimate that schools could avoid up to 80 percent of cybersecurity incidents by putting these five concepts into practice. It’s not rocket science; it’s patching, password hygiene and improved documentation. However, these little steps ultimately add up to a K–12 IT environment that is far more secure than before.