For the head of IT at any school, it is no doubt frustrating to try and get buy-in for cybersecurity resources to an unrelenting board that just doesn’t see the cost of school cybersecurity protections as a priority. It is critical to demonstrate benefits of proactivity to security threats, rather than waiting for an attack before deciding to finally upgrade your defenses.
Recognize the threat
Cyber threats continue to evolve at an alarming rate, which means schools must be ready to respond to a new breed of attacks.
Attacks are prevalent across every sector, often gaining a foothold in an organization by tricking someone into opening an infected attachment or clicking on a malicious link. The infection will then quickly spread throughout the organization’s network, encrypting important files and demanding payment for their release. Other attacks might steal that data to sell on the dark web.
For schools, this sensitive data can include staff records, student medical information, academic results and much more. U.S. Federal law requires that student information be protected under the Family Educational Rights and Privacy Act, with schools found in violation facing stiff penalties. Similarly, all data collected by the Australian Government’s Department of Education is protected under the Privacy Act 1988.
The education sector has been bullied by ransomware attacks such as WannaCry and GoldenEye, suffering the highest rates of attack while having the least protected systems, according to BitSight. In the firm’s ‘The Rising Face of Cyber Crime: Ransomware’ report they reveal that educational institutions were three times more likely to experience an attack than those in healthcare and 10 times more likely than those in finance.
It isn’t tough to make the case for school cybersecurity measures with the appropriate messaging and substantiation.
Consider the consequences
Education providers that fall victim to cybersecurity attacks make the headlines, such as South Carolina’s Dorchester County School District 2, which saw almost half of its servers crippled by a ransomware attack. The school was forced to pay the ransom, yet they still lost their data.
In light of the attack, the district is overhauling its cybersecurity defenses, but the damage to its reputation will take much longer to repair. The attack made the news after the district was forced to contact the families of 32 students, whose 2016–2017 data was not available in hard copy, and ask for their assistance in recovering lost information.
Get on the front foot
Instead of waiting for disaster to strike and then switching to damage control mode, boards have got to get on the front foot when it comes to cyber resilience. There is an obligation to understand the risks and protect the sensitive data of students and staff, as well as protecting the reputation of the institution.
We can help – get in touch with us and we can start with an evaluation of what you have now and determine what you can do to improve your institution’s security posture today. We can help you build your case for this critical cog in operations.