Why Schools and Districts Must Do Better on Cybersecurity
The education sector received an “F” for security, but help is available to make improvements.
How great is the security challenge that schools and school districts face? A 2018 report by SecurityScorecard gave the education sector an “F” for cybersecurity.
Cybercriminals attempted 4 billion attacks — the majority of which were phishing scams — on school computer systems in Kentucky in just one year, the state Department of Education’s CIO recently revealed to U.S. lawmakers.
Many schools and school districts are reporting a similar spike in cyberattacks, including some that have made headlines for compromising the personal and financial data of students and school personnel. For example, in 2018, a phishing attack in California’s San Diego Unified School District resulted in a data breach that compromised personal data, including Social Security numbers, of more than 500,000 students and staff. And the largest state-run virtual school in the country, Florida Virtual School, reported that personal information for more than 368,000 students was at risk of being stolen because it was not protected online.
These examples show the risk of some of the more common cyberattacks against schools and other organizations: phishing, malware sent via email, targeted attacks and adware.
How a Third-Party Security Partner Can Help
Attackers have become more sophisticated and devious in their attempts to bypass security. In a recent presentation at the Future of Education Technology Conference in Orlando, Fla., I shared four key security challenges that education leaders should have on their radar. They include decentralized control of data, the Internet of Things and connected devices, security planning, and cybersecurity awareness among staff and students.
Schools and districts face a wide variety of common and uncommon cybersecurity challenges, but many of them lack the expertise to adequately protect their data. As cyberthreats grow more numerous and sophisticated, these challenges only grow more difficult. For many educational institutions, a cybersecurity partner can help fill in the gaps in their security environment.
A trusted partner can perform cybersecurity evaluations; help with consultation, design and evaluation of security solutions; and provide experts to help plan deployments.
Cybersecurity Assessments Reduce Risks
One of the first steps in reducing cybersecurity risks is to assess your IT environment to identify and pinpoint your vulnerabilities. This evaluation can vary in its approach based on an organization’s needs, resources and security objectives.
Other assessment services to consider include Application Security Assessments that test applications for possible exploit paths and weaknesses. A Policy and Procedure Assessment can determine how your security environment stacks up against specific cybersecurity standards such as the National Institute of Standards and Technology’s Cybersecurity Framework, the Payment Card Industry Data Security Standard and HIPAA.
CDW offers a Rapid Security Assessment that includes internal network vulnerability scans and penetration tests of key IT assets, and an audit of passwords and password-related policies. This assessment, tailored for smaller organizations, can include a scan of workstations and a wireless security test, among other services. For larger organizations looking to achieve an even higher level of security, a Comprehensive Security Assessment can help uncover vulnerabilities by using the same strategies to breach systems that cybercriminals use. This can help organizations avoid the debilitating costs of a breach and prioritize security spending.
One thing that schools — and all organizations — should keep in mind is that effective cybersecurity is an ongoing process. There’s no final step to security, just a long journey of continuous improvement to keep pace with cyberthreats.