Cybersecurity Month: School Approach

Poster sourced from REMS Technical Assistance (TA) Center.

In light of October as National Cybersecurity Awareness Month (NACM), we feel that acknowledging the risks of educational data storing is of imminent concern. In every school district and local institution, there is a dependency on systems to protect the privacy of students and staff. Disregarding potential threat and proper response, is likely to leave your institution vulnerable to cybersecurity breaches or attacks. We understand the reliance and necessity of these data systems for daily school functions, and we desire to help our community better plan for the protection of their educational content. We hope to share a few helpful insights as to what cybersecurity means for your schools, how to craft preventive habits, and why the merge of this practice into your Emergency Operation Plans is crucial. 

Threat Awareness

When approaching cybersecurity, it’s important to note that these threats are occurring more frequently between K-12 schools. This is, in part, is due to growth in digitalization of school administrative tasks and coursework. However, many schools fall victim to cybersecurity without initial realization. Taking time to consider the very real possibility of an attack, and what it means to your school specifically, will help in the discipline of maintaining well-monitored schools. So, what do these threats look like? They manifest in a multitude of ways, but listed below are some of the most often seen cases.

Data breaching – In this instance, sensitive or confidential data is hacked and at risk of being shared. For schools, this threat poses a serious hazard to exposure of student information or institutional banking accounts. Which, in turn, is capable of leading to crime such as identity theft and extortion of money from institutions.

Internal threats – These internal attacks take place more often than we suspect, and it is easy to fall susceptible to them. Two types of internal threats exist and must be acknowledged. The first, is that of employees corrupting permissions access and sharing unauthorized information (sometimes seeking to steal resources.) The second, and more common case, occurs when team members are not well versed in handling physical devices or sensitive systems. For example, faculty that is negligent or uninformed of privacy control has the potential to fall victim to scam targeting or misplacement of important documents.

Physical security – It is possible for cybersecurity to become a means of physical security, when cyber threats are targeted towards specific people or groups. This overlap is not to be taken lightly, when considering the health and well-being of others at risk. If a cyber criminal has internally or externally received personal information of health records, email addresses, or physical addresses, cybersecurity progresses to physical security. For instance, with this access criminals have the potential to pose threats of cyberbullying or physical violence.

Proactive Steps

Due to the nature of these risks, we find it necessary to consider best practices and resources available to you. Our team at nSide desires for your organization to be prepared in every situation, so we have identified a few practical ways that you might be able to prevent, properly respond, and promptly recover from these attacks.

  1. Cultivate a culture of risk assessment. Train employees to recognize threats and follow in appropriate next steps.
  2. Keep track of employees that have access control and withdraw permissions to any faculty member that transfers or withdraws from the system entirely.
  3. Change passwords to data regularly and limit any recurring words or phrases.
  4. Familiarize your team with patterns that exhibit cybercrime scams and behaviors.
  5. Stay acclimated to the monitoring of data, by regularly practicing and evolving plans. 

EOP Integration Steps

Emergency Operation Planning is just one tool of many that nSide has accessible to organizations. Within the context of cybersecurity, EOP integration is of significant use. Because of this, it is important to understand the ways in which your cybersecurity is integrated into a plan. In short, this model provides a process for deliberate protection and readiness against all threats. This is a foundational resource for your school’s security to build upon. You might ask yourself, is my EOP updated and inclusive of cybersecurity plans?

The following steps are sourced from a “A Companion to the School Guide,” by the U.S. Department of Education, U.S. Department of Justice, U.S. Department of Health and Human Services, and the U.S. Department of Homeland Security (5).

Our Support

As districts and schools spread awareness of cybersecurity month and the urgency of this message, our team will be here with additional resources to assist you along the way. We believe that understanding threats, and our role in best practices for them, is critical to the execution of these situations. Additionally, we know that the community at large has a responsibility in training, monitoring systems, and responding to risk. Navigating these threats might seem like a daunting task, but we are here to help! As the month of October progresses, we will continue to share valuable tips to consider in your security steps and daily functions.

If you are curious about EOP features within nSide, or need help merging cybersecurity practices, we would love to discuss what tools are available for the benefit of your school safety. You can always reach us via live chat or by email at help@nside.io.

Leave a Reply