The increasing frequency and severity of cyberattacks on K-12 education have caught the attention of educational leaders and policymakers. These attacks have caused school closures, disrupted learning, stolen taxpayer dollars, and exposed sensitive student and teacher data. While there's no shortage of cybersecurity advice available, it often assumes more IT resources than schools have and doesn't address their unique needs.
To bridge this gap, there are five main cybersecurity protections that align with recognized cybersecurity frameworks for K-12 institutions. These protections are designed to safeguard against common threats faced by schools based on insight from K12 SIX, CISA, FBI, and school cyber insurance providers. For the 2023-2024 school year, these protections help with planning, negotiation, and procurement of cybersecurity tools. Key Features remain, focusing on a small number of cost-effective security controls, providing guidance on their impacts on school budgets, IT staff workload, and educator workflows.
Implementing these protections won't guarantee the complete cybersecurity of school systems. Still, they are a step in the right direction. They should not be considered a substitute for a comprehensive, cross-organizational cybersecurity risk management program, which is a responsibility of school district leaders.
2023-2024 Cybersecurity Protections include fourteen cybersecurity controls, grouped into five categories. These controls are essential for every K-12 organization:
1. Sanitize Network Traffic to/from the Internet:
Block Malicious Web Content: block access to known malicious online contact
Defend Against Email Attacks: protect users from email-based scams and fraud
Segment and Limit Exposed Services: establish safeguards for access to critical internal and external services
2. Safeguard Devices:
Restrict Administrative Access: Limit privileged user accounts to reduce the impact of attacks
Apply Endpoint Protection: ensure devices used for school remain safe whether accessed on or off premises
3. Protect Identities:
Protect User Logins: implement muti-factor authentication to safeguard against compromised passwords
Improve Password and Account Management: prevent account compromise, sharing, and re-use commonly responsible for data breaches
Minimize 3rd Party Risk: mitigate risks introduced by relying on vendor tools and services
4. Practice Continuous Improvement:
Install Security Updates: protect against known vulnerabilities through timely patching of IT systems, computers, and equipment
Backup Critical Systems: ensure continuity of operations by enacting policies to enable the timely restoration of data and systems
Manage Sensitive Data: enact policies to regularly archive and/or delete sensitive data and documents
5. Communicate and Collaborate:
Train to Improve Cybersecurity Awareness: Reinforce cyber hygiene practices and precautions to prevent cyber-attacks
Plan for Cyber Incidents: Prepare for cyber incidents by developing and testing an incident response plan
Contribute to a Collective Defense: Share information about threats, vulnerabilities, incidents, and best practices with partners and peers
Implementing these defenses reduces the risk of significant cyber incidents involving data breaches, teaching and learning disruptions, and the theft of taxpayer funds.
In conclusion, cybersecurity is not merely a matter of if, but when a cyber incident will occur. For over two decades, Dependable Solutions has stood side by side with schools and districts throughout the Midwest, understanding the unique challenges they face. We recognize the importance of providing practical, budget-conscious solutions that align with your values and options. The safety and security of your educational communities are paramount, and we are committed to helping you safeguard your institutions. As the cyberlandscape continues to evolve, we urge you to stay vigilant, prepared, and resilient. Together, we can navigate these challenges and ensure a safer
digital future for our schools and districts.
Dependable Solutions - Your Partner in School District Cybersecurity