Cyber
What School Districts Need to Know About Cybercrime
January 13, 2023
School districts across Ohio have invested millions of dollars in security hardware, systems and staffing to protect students and staff from people who try to enter school buildings with malicious intent. Yet many of those same districts are alarmingly vulnerable to cybercriminals whose incursions may remain unnoticed until the damage is done.
Administrators and district leaders have done a phenomenal job leveraging technology to make student learning effective and engaging. Today, they must also put that same energy towards understanding and preparing for the threats they face from criminals seeking access to systems and data.
The good news is that there are effective ways to manage those risks and protect students, staff, data and facilities from attacks by cybercriminals. This article examines key risks and best practices for preparing and protecting your district.
WHAT’S AT RISK?
Your community trusts you to keep everybody safe. There are your students and your staff, of course. You’re also responsible for a long list of community assets and activities. A major cyberattack on your schools could throw your community into chaos.
Then there’s data. You have detailed information on every student and family you serve. Cybercriminals are likely even more interested in data about your students than their parents. Why? Data about adults is readily available. It’s much harder to find information about kids, so it’s much more valuable. What’s your legal liability if someone accesses it?
FIRE AND LOCKDOWN DRILLS
The last major fatal fire at a U.S. school happened in 1958. While fires have broken out in schools many times since, the widespread use of fire alarms and regular fire drills have ensured safe evacuations, and devices like sprinkler systems and fire doors have limited property damage. Schools throughout Ohio practice other emergency procedures, such as lockdown drills, so students and staff will know what to do when faced with an emergency. Yet far too many districts cross their fingers and hope for the best regarding cyber threats.
MULTIPLE STRATEGIES
You don’t take just one approach to fire prevention. Instead, you use a combination of strategies from inspections to fire drills, to alarm systems, to sprinklers and more to limit the potential risk. Protecting your district from cyber threats requires a similarly multifaceted approach.
Start by implementing basic controls. These include applying patches when they become available, backing up data regularly, implementing multifactor authentication and endpoint detection and response software, and conducting employee training. Not every strategy is difficult or costly, but each plays a critical role in securing the school district’s cyber environment.
Next, create a cyber resilience plan that outlines how the district will identify, withstand, recover from and continue operations in the event of a cyberattack. Knowing ahead of time what you will do—and who will do it—if faced with a cyber incident removes some of the stress from a tense situation. Work with your cyber insurance professional to understand available coverages and limits and how they can help you.
Cybersecurity professionals can perform assessments and testing to help you identify vulnerabilities. A great starting place is what’s known as a penetration test that pinpoints where your organization is most vulnerable.
BACKUPS AREN’T SIMPLE
With the explosive growth of ransomware and the education community’s reputation as a relatively easy target, you could be shut down instantly. Criminals who deploy ransomware often wait until their malicious code has had a chance to work its way into your backup files or every corner of your network. When you’re attacked and try to load your backup, you may discover it’s been corrupted, too. That’s why your backup program should include keeping at least one set of data offline. You should back up frequently, make sure everything is encrypted, scan your backups and test them regularly.
IS THE CLOUD SAFE?
Some districts think they’re okay because they use big-name cloud systems. The cloud isn’t necessarily safer. The cloud is simply someone else’s computer, which is vulnerable to hack attacks and downtime. Even the best-known cloud providers have been attacked and suffered outages, so counting on their security measures isn’t enough. What you’ll do when they fail must be part of your plan.
THE BIGGEST VULNERABILITY
You may have the best cyber protection, but one employee clicking on a link in the wrong email can jeopardize it. Eighty percent of the cyber claims today come from human error, whether that’s falling for a phishing scam, using weak passwords or giving up credentials to third-party malicious websites. In addition to requiring strong passwords, school districts need to train their employees to identify and report suspected malicious emails.
“Rogue” employees are another widely overlooked exposure. Frustrated employees and volunteers may leave voluntarily or be forced to leave the district for whatever reason. These people have access to critical data. When that data is stolen or used maliciously, the school and individuals are at risk. Rogue employees are increasing significantly, so having a formal process to onboard and offboard people is vital.
IS CYBERSECURITY HOPELESS?
Not at all. Cybersecurity can be challenging initially because there’s a lot to learn. A good start involves asking an insurance broker, alongside your IT professionals, to audit your current cyber coverage. Knowledgeable brokers are trained to recognize risk and identify ways to offset it.
CONTINUOUS PROCESS
Once your cybersecurity plan is developed, you’re not done. All systems need to be monitored and updated constantly. It’s also wise to regularly test your resiliency plans so you don’t encounter problems at the worst time ever. Regular tabletop simulations help you and your team think through all aspects of responding to a cyberattack. You’ll be able to spot weaknesses in your procedures and recognize gaps in your plan.
Approach your district’s cybersecurity like fire prevention. Fire drills and other measures have long been woven into your daily operations to protect everyone. A proactive approach to cyber threats is just as important and effective.
Related Reading: What is Cyber Insurance?
The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.
Authored by
Alex Clark
Cyber Risk Practice Leader
Indianapolis
Alex helps clients understand emerging technology risks and the importance of pre- and post-breach readiness. He takes a hands-on approach to placing coverage and ensuring clients know how to use their cyber policy, prevent incidents, minimize payouts and execute incident response plans.