School districts continue to be targeted by cyberattacks at an alarming rate.
A recent alert published by the U.S. Cybersecurity Infrastructure and Security Agency (CISA), along with the FBI, warned of a rise in ransomware attacks on schools. “As of December 2020, the FBI, CISA, and MS-ISAC (Multi-State Information Sharing & Analysis Center) continue to receive reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors…Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the report stated.
The report also highlighted that, “In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July,” they said.
With hackers seeing education institutions as soft targets, and the volume and proportion of cyber security incidents targeting K-12 districts continues to increase, how can our communities better protect themselves?
Become Proactive A proactive approach is key to developing a successful cybersecurity strategy. There are several strategies districts can employ to thwart attacks:
Assess your Technology Environment Regular diagnostic assessments can enable technology teams to get ahead of possible security threats. Proactive security assessment programs enable your team to regularly review your technology infrastructure through a security lens. These assessments highlight issues like out-of-date software versions, which can leave the door open to hackers. Cybersecurity assessment programs, like those offered by Edge in partnership with NJSBA, give your team reliable, regular data on technology vulnerabilities, along with access to one of our staff of chief information security officers, to provide executive expert guidance and perspective.
Have (and Test) a True Disaster Recovery Plan The concept of disaster recovery (DR) for technology infrastructure has been around for years, mainly focused on maintaining continuity in the face of natural disasters. Now, DR is just as important to developing a proactive security strategy. At the same time, cloud technology has evolved to the point where it is secure and affordable enough for K-12 districts, offering a reliable alternative to investing in a second data center location. A responsive cybersecurity DR plan should prioritize applications which are critical to district operations, and be tested regularly to ensure business continuity when you need it.
Secure Remote Users The rapid move to remote work and learning was a shock to educators everywhere. With districts having less control over the technology teachers, staff, and students use to access information from home, there is a greater opportunity for hackers to take advantage.
Special attention should be paid to tools designed to combat ransomware, facilitate remote security management, and enforce security policies such as two-factor authentication for critical applications. Edge security experts can help your district identify the tools you need to meet your district’s cybersecurity needs, and other resources like the SANS Security Awareness Work From Home Deployment Kit can be a great way to get started.
Security Awareness as the First Line of Defense Human error is one of the most common vectors of successful cyberattacks. Even with all the right security tools in place, a user clicking a malicious link, downloading the wrong file, or visiting an unsecure website can expose your district’s infrastructure and applications to attack. Security awareness training is essential to counter these threats. Training about the cybersecurity landscape and regular simulated phishing campaigns can provide your users with the knowledge they need to serve as the first line of cybersecurity defense.
Engage with NJSBA and Edge Edge cybersecurity experts are standing by to provide guidance and perspective to New Jersey school districts as you continue to advance your cybersecurity efforts.
If you have questions or would like to request an initial cybersecurity assessment, please contact Michelle Ferraro from Edge at michelle.ferraro@njedge.net, or Lou Schimenti from NJSBA at lschimenti@njsba.org.
Adam Scarzafava is associate vice president for marketing and communications for Edge. Edge is a nonprofit technology firm, serving higher education, K-12, government, and healthcare organizations throughout New Jersey and beyond. Edge partners with NJSBA to make technology services and guidance, including cybersecurity services, available to New Jersey’s K-12 districts.