10 Cybersecurity Priorities for the 2020-2021 K-12 School Year
The upcoming school year is going to be unique. With the possibility that schools will likely have to spend some of the 2020-2021 school year learning remotely because of COVID-19, administrators and staff have to plan the upcoming school year with this in mind. One major area that has always been a top priority - and will remain one for the upcoming school year – is cybersecurity. Below are 10 priorities that K-12 schools need to focus on in the next year whether remote learning takes place or not.
Perform a Risk Assessment
By performing a risk assessment, your school district will be able to identify areas of concern that may present themselves. A Security Assessment can help prevent privacy and cybersecurity issues. Assessments can detect vulnerabilities and help you make informed decisions about what you need to do to fix any security problems you’re facing. An assessment will give you the data you need to show administrators and IT leaders in your district what you’re facing, and how to fix it.
Inventory your Technology
Most schools do not have an accurate inventory of the technology in their schools. Districts who inventory their assets can properly manage their technology, third-party services and secure their schools and students.
Limit Unauthorized Access to Systems and Networks
Make sure only users who should have access to things do. For instance, teachers should only have access to certain student data. Ensure that unauthorized users aren’t taking actions they shouldn’t be on your system.
Regularly Provide Security Awareness Training
By conducting regular security training, you can keep your teachers, administrators and students safe. Performing this critical training, such as weekly updates, phishing testing and quarterly testing is imperative to keep users safe. Through this training, encourage staff, administrators and students to practice what they learn both at school and at home.
Maintain Secure Configurations for Systems and Networks
One of the most important cybersecurity actions you can take is making sure your systems are up-to-date on patches and updates. In 2019, 60 percent of breaches were because an unpatched vulnerability was taken advantage of where a patch was actually available. School districts should make patching their systems a weekly practice. As patches for different systems are released at different times, school technology departments should create a schedule to remind themselves to run patches on hardware, operating systems and software.
Focus on Data Classification
Data Classification is the process of defining who has access to what. This process will allow you to limit access to certain data and systems, thus ensuring you protect your school and student data. This process also allows you to determine who has access to third-party programs and vendors as well.
Create a Cybersecurity Response Plan
Cybersecurity events happen, and you should never proceed with a mentality that a security breach won’t happen to you. Always have a plan for how to handle cybersecurity events before they happen. Be aware that it is likely that your school will not have a professional on-staff that can help fix certain cybersecurity issues, and ensure part of the response plan identifies which partners need to be contacted should a breach occur.
Perform Cyber and Information Security Assessments
By performing a security assessment, you can test your information security systems to ensure their reliability. These tests are something your internal IT department can handle. However, it might be helpful to have a partner that also tests your systems. This provides a second layer of insurance to help you know whether or not your systems are secure.
Monitor Networks and Systems for Suspicious Activity
Monitoring your networks is likely a practice that will be handled by an external partner. This practice will allow you to know what is happening on your network to make sure that ensure your systems are secure. This will also allow you to respond fast if a security event takes place.
Use Multi-Factor Authentication
By using Multi-Factor Authentication, you’re providing an additional form of protection when logging into your accounts. For instance, you can set up your gmail account to require you to enter an extra PIN number in order to get in. This type of authentication puts one extra layer of security between threat actors and your sensitive information.
As school’s are likely to spend part of the 2020-2021 school year in a remote-learning setting, cybersecurity is even more important than ever. These 10 priorities are important to pay attention to whether classes are taking place at school or not. The importance of paying attention to these topics is even greater now that school might have to be in session from a distance.
Story via eSchool News