Three Back-to-School Cybersecurity Practices For K-12 Districts
September 26, 2022
America’s kids are back to school and using new tools and technology in the classroom. According to the 2022 SolarWinds Public Sector Cybersecurity Survey, 31% of the education institutions surveyed say utilizing digital services is one of their highest priorities.
But with digitization comes risk. Bad actors are increasingly targeting K-12 schools. Most recent data from the U.S. Government General Accountability Office found in 2020, at least 408 cyber incidents were publicly reported—a nearly 20% increase year over year.
However, this number is likely to be much higher since many local school districts aren’t required to report cyber incidents.
How are K-12 Districts Combating Cyber Crime?
Cyberattacks can disrupt education. A single click on a phishing email can bring down networks and websites, infiltrate systems with ransomware, and breach personal data, putting kids, families, and employees at risk of identity theft.
To lessen the cyber risk, the SolarWinds survey found that 98% of the K-12 schools and districts surveyed are likely to adopt the cybersecurity recommendations outlined in The White House Cybersecurity Executive Order, including improving investigative and remediation capabilities, leveraging a standard playbook for responding to cyber threats, and implementing a zero-trust approach.
But how can schools and districts incorporate these best practices into their cybersecurity programs? Let’s take a deeper dive into each of these priorities and suggest how schools can move toward a more resilient cybersecurity posture.
1. Improve Investigative and Remediation Capabilities
We know attacks can happen rapidly and without notice. But discovery can take a long time. According to a recent study, the average time to identify and contain a breach is 287 days.
Part of the challenge is as a school district’s digital environment expands—both on-premises and in the cloud—toolset creep can set in. It’s not unusual for security analysts to jump between multiple monitoring tools. In addition to being a costly and inefficient way to handle security risks, analysts risk drowning in a sea of data and alerts, which can result in teams missing real threats.
A better way to improve observability across hybrid infrastructure—and by extension remediation—is to consolidate tools and aggregate security logs in one location. For instance, today’s security event management tools automatically collect and aggregate logs from multiple devices and applications across the network into a single pane of glass so security pros can discover suspicious activity and threats with minimum time and effort.
2. Create a Standard Playbook for Responding to Cyber Incidents
Another impactful way to expedite investigation and remediation efforts is to create a cyber playbook.
A cyber playbook contains a standard set of tested operational procedures for addressing threats and ensures everyone—from security analysts to district administrators—knows their roles and responsibilities and has the tools and processes to detect and respond.
The playbook should outline an incident detection and response plan for each threat vector—ransomware, denial of service, data breach, and so on.
Gathering data from previous incidents or discovered vulnerabilities can help inform future “plays.” For example, security and IT teams can review data from security event monitoring and reporting tools to dig deep into past incidents and understand the cause and effect of events across the network infrastructure and how the school or district responded.
Automating previous incident detection and response workflows can also help already stretched security teams diagnose, prioritize, and act on security events. For instance, a security event management tool can help optimize security threat resolution with automated responses and initiate real-time threat remediation by configuring threshold-based alarms and notifications.
3. Mitigate Insider Threats
Though the general hacking community is a top security threat, the SolarWinds survey found 53% of respondents in the education sector said careless or untrained employees pose the greatest risk.
Students and staff may unintentionally share passwords, leave devices containing sensitive data unattended, install unapproved applications, or commit other acts of negligence capable of leaving school networks vulnerable to attack.
For this reason, many schools are leading the way in adopting a zero-trust cybersecurity strategy. When surveyed, 82% of educational institutions told SolarWinds zero trust was a “very or somewhat important” security approach.
An important pillar of zero trust is the principle of least privilege, and schools need to make this a priority. Because every user poses risk, schools must ensure employees and students have the least amount of access privileges they need to get work done.
To do this, security pros should review user permissions across devices and applications and utilize automation to efficiently do so. For instance, access rights management tools make it easy to assess user access privileges, detect suspicious access attempts, and manage permissions at scale.
Securing K-12 Education for the Year Ahead
As K-12 schools plan a safe and secure 2022 – 2023 season, these best practices can be essential in helping security and IT leaders mitigate the growing insider (and outsider) threat.
Featured image: metamorworks, iStock.