Cyber Hygiene for Schools
What makes schools particularly vulnerable to cyber attacks and how school officials can prepare for a breach.
By Dennis Ast, CPCU, CCIC
Last year, we saw more local school districts suffer at the hands of cyber criminals than ever before. The NYS Education Department Board of Regents even went as far as to propose and approve an addition to their cyber regulations. Part 121, as the new addendum was called, would strengthen data privacy and security in schools and other educational agencies that need to protect personal information. There are more than 20 pending cyber related bills/resolutions awaiting consideration in the New York State Assembly.
The massive files of student and employee information housed on school computers make school districts desirable targets for cyber criminals. These cyber criminals are constantly looking for vulnerabilities and the opportunity to make some quick money. Since many school districts either don’t have the resources or have not adequately protected themselves against potential cyber attacks, sensitive school records make for easy targets.
According to the K-12 Cybersecurity Resource Center, there have been over 580 publicly-disclosed cyber-related incidents in U.S. public schools since 2016. The number of incidents in 2019 has already exceeded those of 2018.
These school attacks are not small matters, either. Just this summer, Gov. John Bel Edwards declared a state of emergency after cyber attacks hit three separate Louisiana school districts with ransomware. The attacks can take virtually any form, from cybercriminals infecting the district’s network with malware to a student hacking into the system and changing grades for money. (Yes, that last one is true.)
What can you do to minimize cyber risks at your school?
Practice good “Cyber Hygiene”: Update your software often. Use multi-factor authentication and strong password protocols. Install anti-malware software and establish protocols for remote access users. Always have a back-up of your data and test it. Most importantly, have a Cyber Response Plan. Cyber insurance should always be part of your Cyber Response Plan. Many cyber insurance programs can cover First & Third Party losses as well as crime-related losses. Not all cyber policies are created equally, so be sure to discuss your concerns with an expert who can assist in getting the right policy for you.