K-12 is a highly targeted sector when it comes to cyberthreats. In a recent report by CoSN, cybersecurity is a top priority among CTOs. Remote and hybrid environments have drastically increased the volume of devices to support the needs of educators and students. And each device is a potential point of entry for bad actors. There’s also a lot of PII available on these networks, making school districts a prime target for data breaches and ransomware. Listen to this podcast to learn what school districts can do to enhance cybersecurity measures.
Host: James Hilliard
- Pam Aulakh, Vertical Alliances Manager, K-12 at Connection
- Steve Nardone, Senior Director of Security and Network Solutions at Connection
- Tim Allen, Director of Operations and Technology at Connection
[2:55] While there were large volumes of devices that were added to school and home networks, the number of IT staff didn’t increase. Often, districts have a single IT resource.
[4:30] A ransomware attack can disable access, causing students to lose hours of education they need. Many districts struggle with having the processes and training in place to minimize the likelihood of staff clicking on phishing emails, but it’s the key to frontline protection.
[7:56] Are apps the reason why districts are seeing large volumes of ransomware attacks? Apps certainly add another layer of complexity to cybersecurity. If they were developed without the right security in place, bad actors can certainly use them to gain access to network data. Districts use anywhere from two to 700 apps. But teachers are also using apps outside of what is being provided.
[12:22] There are multiple platforms that can be leveraged: open source vs. Software as a Service. Either approach can be effective if there are appropriate security measures in place. Patching and maintaining those apps can be a big undertaking. Schools have a large, diverse set of audiences. Security is not at the forefront among students so sharing logins easily lead to compromised credentials.
[16:50] Cross departmental collaboration is important. Procurement, IT, and Legal should work together to vet apps and software thoroughly and have protocols in place to not allow unapproved applications on the network.
[18:13] Districts are required to secure student data: Children’s Internet Protection Act (CIPA), Children’s Online Privacy Protection Act (COPPA), and meeting E-rate funding requirements. But there is a lot more that should be done to keep data safe. These regulations and protocols also don’t capture emerging technologies so it is critical districts develop these standards.
[21:07] The concept of Zero-Trust should be explored to help understand the full threat landscape. It’s a holistic, mindset approach. Conduct a gap analysis to help prioritize your vulnerability points.
[25:00] What are some resources that districts can leverage today? CISA and CoSN have many resources and reports available for K-12. Leverage surrounding school districts to collect best practices and strategies. Use these resources to develop an ongoing cybersecurity awareness and training program for staff and teachers.
[32:15] What can parents do? Start teaching your kids best practices when browsing online. Teach them about how much is safe to share on social media and how to spot cyberbullying and what to do if they witness it. Have them keep software updated on their devices. Explain why it is important to be skeptical about sources of information and phishing emails that seem too good to be true. Partner with your school district for student resources.