While the 2021-2022 school year returned to “normal,” many district leaders acknowledge that it wasn’t a typical school year, even though in-person learning resumed for many. In addition to the challenges associated with the pandemic, K-12 districts also had an influx of cybersecurity attacks.
Lightspeed Systems® brought together a panel of experts to discuss trends educators and administrators can expect in the coming school year. And cybersecurity for schools was a top trend. The edtech leaders shared key takeaways on cybersecurity and what steps K-12 schools can take to secure their networks next year and beyond.
Surveys show that cybersecurity remains top of mind for IT professionals and school district CIOs. Many K-12 IT leaders know that schools are, unfortunately, an easy target for hackers.
According to Steven Langford, Chief Information Officer for the Beaverton School District in Beaverton, Oregon, schools possess a wealth of data and many lack the resources to contain or monitor that information the way private companies do. That makes school districts an appealing, vulnerable target for hackers.
Langford gives an example of a DDoS attack that nearly shut down Beaverton’s network on the first day of statewide testing. Eventually, it was discovered the attack had been purchased by students for only $50. When a cyberattack against a school can be purchased so cheaply, there’s concern this will be an issue for schools going forward. Langford also pointed out more sophisticated organizations can initiate even more effective, powerful attacks than the one purchased against his school.
The increasing ease of launching a cyberattack should make addressing network security a priority for K-12 schools.
Langford said the first thing schools can do to protect themselves from cyberattacks is to look at available resources—including, Multi-State Information Sharing and Analysis Center (MS-ISAC), Cybersecurity and Infrastructure Security Agency (CISA), and Center for Internet Security (CIS)—to see how their district can align with the recommendations from those agencies.
Another strategy to safeguard your school is to perform an audit.
During the upheaval of remote learning caused by COVID-19, it’s possible that the IT safeguards your school had in place were overlooked. Teachers and administrators, trying to ensure that learning continued under extremely trying circumstances, may have downloaded new software and apps outside of IT processes, vendor assessments, and security vulnerability scans.
Performing a risk assessment can help you address this and is a good step to protect your school’s network against cybercrime. Mike Baur, who works within the education technology vertical at Amazon Web Services (AWS) advised schools ask themselves these questions when conducting an audit:
Another way districts can protect themselves is through cybersecurity insurance. But if you are considering insurance, it might be a good idea to move fast: insurance companies are raising expectations for what conditions they’ll accept. This can even be true for districts that already have cybersecurity insurance and are looking to renew.
Finally, having a cybersecurity plan is crucial. This includes:
A good framework to build your school’s cybersecurity plan can be found by taking the plans and processes your district already has in place for emergencies and using them as a model for a chain of command and communication protocols during a cybersecurity incident.
Still doing your research?
Let us help! Schedule a free demo with one of our product experts to get all of your questions answered quickly.
Looking for pricing information for our solutions?
Let us know about your district’s requirements and we’ll be happy to build a custom quote.