As if 2020-2021 needed to be any more challenging for educators, cyberattacks on schools are on the rise. There have been 220 attacks on K-12 schools in the first three months of the school year already, a number representing nearly ⅔ of all attacks of 2019-2020 (EdWeek.org Cyberattacks Disrupt Learning Even More During COVID-19).
Combating cyberattacks is a collaborative effort among administration, teachers, and staff. And it’s not a one-size-fits-all approach. A school’s cybersecurity approach should be multilayered, starting with educating users on recognizing phishing attempts, proper security measures, and vigilance in keeping their online presence secure.
For more on the threats of cyberattacks on K-12 schools, check out this slideshare.
The following is the multilayered approach to security that Vartek recommends to partner schools.
Operational
End-User Education and Evaluation
- Oftentimes, our users are our most vulnerable point of entry for cyberattacks. End-user education is a low-cost, high-impact strategy to increase cybersecurity awareness. Choose to implement a program that enables staff to test users frequently and follow up on results through further, customized training.
Insurance and Auditing
- Cybersecurity insurance covers the cost for a business to recover from a data breach, virus, or other cyberattack. It also covers legal claims resulting from the breach. It is recommended to choose a coverage that comprehensively and appropriately covers a K-12 institution.
Related: Cybersafety First: Protect your school from online invaders
Technical
Layered Approach to Environmental Controls
- Choose a next-generation firewall to provide safe and secure traffic to and from the school.
- Further, it is recommended that schools enable two-factor authentication to increase security on user accounts. Two-factor authentication is an authentication mechanism requiring two ways of proving your identity to protect an online account making data more secure online.
- Endpoint security is the practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns.
Active Monitoring
- The final, and most sophisticated, layer of this multilayered approach to cybersecurity is active monitoring in the form of SIEM or EDR. Endpoint Detection and Response (EDR) is a cybersecurity technology that refers to the capabilities that move endpoint protection from reactive to proactive. A Security Information and Event Management (SIEM) platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.
- This use of artificial intelligence (AI) may be sophisticated for schools, but the ability to analyze and predict events increases the security of the district’s network and its most vulnerable users.
Download the PDF for Vartek’s multilayered approach to security.
For more information on how Vartek can help schools implement a multilayered cybersecurity plan, contact us today.
Frank Weyler is Vartek’s Vice President – Operations. Frank joins the Vartek team after several years of leading DXC’s service delivery to Proctor and Gamble’s (P&G) Customer and Consumer segment. As VP – Operations, Frank will be directly responsible for leading, delivering, and/or enhancing: superior operational management; the growth of Vartek’s field managers; Vartek’s Enterprise ITSM; and the customer experience leading to loyal and referenceable clients.
Frank is an expert in IT strategy, delivery, and project management. Along with a BS in Management Information Systems, Frank has both his ITIL Expert and PMP certifications.