K-12 schools and higher-education institutions across the nation are setting records. Unfortunately, these are not milestones anyone feels like celebrating. That’s because these organizations are experiencing the highest number of cyberattacks they have ever reported.

From ransomware to malware and phishing, a wide variety of cyber incidents are now regularly costing schools and their districts exorbitant amounts of time and resources to respond to and remediate. In addition, these types of events are more frequently causing students to miss out on critical classroom experiences and learning.

One of the best approaches for schools to take in this ever-evolving cyber environment is to stay informed and be as preemptive as possible. The Fred C. Church team provides you with several preventive steps you may want to consider taking to improve your school’s cybersecurity.

Proactive Steps That May Help Your School Better Manage Its Cybersecurity Risks

While the recent stats on school cyberattacks may seem overwhelming, there are quite a few measures that schools can implement to help fortify their cybersecurity and possibly fend off would-be bad actors. Some of the following actions may require an investment of time and resources by your school. However, there are many simple and affordable—even free—preventive steps your school may be able to take immediately.

Steps that may require some investment:

  • Hire a managed service provider (MSP) to handle a specific task you’d like to outsource, such as data backup, or to oversee your entire IT infrastructure, cybersecurity, and related operations.
  • Consider providing educators and students with all IoT devices necessary for their success, giving your IT staff more control over device monitoring and management.
  • Implement a cloud-based unified platform that students, faculty, and employees can download and install on their own devices, and that also allows your IT team to provide management, support, and security measures.
  • Ask your IT professionals to implement proper network segmentation—for example, designating a specific system for private and regulated data and a completely other system to support student and staff personal devices and guest usage.
  • Replace outdated or aging IT infrastructure.
  • Set up training sessions to share cybersecurity best practices with faculty, staff, administrators, and students and their families, because it’s often through their devices, and the apps on them, that bad actors gain access to the larger school and its network.

Steps that may require little to no investment:

  • Require that antivirus or authentication software be installed on all devices if you have a bring your own device (BYOD) policy at your school.
  • Run vulnerability scans on all devices, and make sure to immediately patch any security holes that pop up.
  • Update all device software as new versions are released, or simply set up automatic updates.
  • Conduct regular backups of every school system that is part of your technological footprint, from learning management software to video surveillance, classroom intercom, and wireless connectivity systems.
  • Implement a schoolwide policy that outlines standards for passwords, including multifactor authentication, on all devices.
  • Join the federally supported Center for Internet Security’s Multi-State Information Sharing and Analysis Center at no cost and gain access to free software that helps block and report malicious domains.

It’s important to keep in mind that it’s highly unlikely a single service provider or product can guarantee you will never experience a cyberattack. In fact, we recommend you be very wary of any company that makes that promise. Instead, the most effective solution for the majority of schools is likely to be a multifaceted cybersecurity risk management plan with many different layers of protection and several strong partners who can provide critical expertise and assistance.

As you consider all the possible next steps your school could take in terms of improving cybersecurity, you may want to consider working closely with an insurance broker and risk management professional, like Fred C. Church. Not only do we have broad experience across the education sector, but we also offer clients the support of a dedicated Education Practice Group and an in-house Cyber Practice Leader.

We hope you’ll reach out to Fred C. Church before a cyber incident occurs so we can assist you in identifying, assessing, and addressing the most pressing cyber threats to your independent school, public school, college, or university and help you design a proactive approach to managing them. Please contact us today if you would like to tap into our knowledge and experience.

Sources: