Cybersecurity is one of the greatest challenges facing every organization — and the education community is no exception.
With every passing year, more of the education process is happening on a computer network, within apps, and in the cloud. But with the improved convenience, flexibility and connectivity comes security concerns. It is essential that school districts secure the information shared by students, teachers, and staff.
The security implications of modern digitized information include lost data, financial loses, and legal compliance. Districts need to build a framework for security in the digital space.
In 2013, International Data Corp. (IDC) predicted that we will see 30 billion networked devices by 2020. These include student-owned and school-owned devices — anything from iPhones to Chromebooks to printers. Each device presents a new threat for common cybersecurity threats such as ransomware, phishing and cryptomining to gain access to your network. The challenge is monitoring and securing the variety of connected devices.
NJEdge, a member-driven, non-profit technology consortium of academic and research institutions, has been working with the higher education community in New Jersey to solve technical challenges since the turn of the century. Now, in partnership with the New Jersey School Boards Association, NJEdge will bring its experience and guidance to New Jersey’s K-12 schools and districts to help solve the cybersecurity challenges.
Developing a Cybersecurity Maturity Plan Cybersecurity plans can be thought of as having a spectrum of maturity levels, and districts throughout New Jersey are at different stages of the process.
Regardless of the tools and policies already in place, the first recommended step is a robust security assessment. Even the most secure environments have gaps to fill and necessary updates. An effective security assessment enables districts to discover, survey, and classify the devices on the network, and to present an action plan, including immediate steps for patching, updates, and remediation. Ideally, this process should be repeated several times per year to ensure that progress is being made and the network is becoming more secure as time goes on.
The assessment process may also identify larger gaps that require additional tools for effective remediation, and the NJEdge-NJSBA Shared Services Agreement and the NJSBA TEC contract provide procurement options to enable districts to acquire those tools quickly and affordably.
The Human Aspect of Cybersecurity The human aspect of cybersecurity is easy to overlook, but is an essential consideration for every school district. Having the right security tools in place is a big piece of the puzzle, but even the best tools can fail when human error is introduced into the equation.
It is essential to consider every user connected to your network as an active part of your cyberdefense strategy. In a world where one wrong click of an email link or download of an attachment can expose your district to any number of attacks, it is important to put effective security policies in place and train your users to follow those policies. Students, teachers, staff, and administrators all have a role to play in securing your district against cyber threats.
Engaging with NJSBA and NJEdge The NJSBA and NJEdge team stands ready to help New Jersey’s schools and districts along their cybersecurity journeys. If you have questions or would like to request an initial cybersecurity assessment, please contact Michelle Ferraro from NJEdge at michelle.ferraro@njedge.net, or Lou Schimenti from NJSBA at lschimenti@njsba.org.