School systems are utilizing digital resources now more than any other point in history. As more advancements are made in technology, this trend is sure to continue. While technology provides an incredible platform for students to learn and develop quality skills, it also creates higher chances of school systems experiencing a breach. Along with healthcare and municipalities, education has been a prime target for cyber criminals and ransomware attacks. Students, school faculty, board members, and parents across the U.S. have been put at risk by these attacks. According to K-12 Cybersecurity Resource Center, Since January of 2016, there have been 788 incidents reported in K-12 schools spanning across almost every state in the U.S.
Legislation has started to piece together plans to mitigate these attacks and turn the tide on the cyber war in education. Most notably, Texas Legislation passed Senate Bill 820 to mandate school districts to put in place cybersecurity controls. Texas schools have been attacked more than any other state’s education, resulting in millions of dollars lost through targeted phishing scams and ransomware. Large-scale breaches have occurred in school vendors such as Pearson which have led to the compromise of student data and personal bank accounts of thousands of educators and administrators. SB 820 is a step in the right direction to help mitigate these attacks. However, superintendents and board members will need to understand their responsibility when it comes to implementation of a proper cybersecurity plan if Texas expects to see a decrease in successful phishing attacks and fewer ransomware incidents.
Every school district utilizes technology resources in different ways. Some rely heavily on it, while others don’t. However, all schools face the same risks and need to be properly educated on safe cyber practices. SB 820 can spark change not just in Texas but across the entire landscape of cybersecurity in U.S. education. As much as every school district wants to take advantage of modern digital resources, they also all want to avoid a breach. The implementation of SB 820 will be very telling on its nationwide influence on other state legislation.
School systems shouldn’t wait on their state legislation to implement laws to take necessary action in creating a sound cybersecurity plan of action. The Readiness and Emergency Management for Schools (REMS) Technical Assistance Center lays out 6 steps to follow in mitigating cyber threats for school districts:
1. Form a collaborative planning team.
The planning team is made up of school personnel, community partners, and representative from the school district. This team will work closely with a security professional, law enforcement and emergency management.
2. Understand the situation.
Understanding the situation involves the team can addressing the risks associated with their school district. Using a variety of risk assessment tools, they prioritize these risks and how they can be mitigated.
3. Determine goals.
Even when taking the proper course of action, a breach is never out of the realm of possibilities. Setting goals and objectives help eliminate panic and set a course of action to recover faster.
4. Plan development.
Students, educators and administrators need strong development to prevent a breach from happening. They need a heightened sense of awareness and strong attention to detail.
5. Plan preparation, review, and approval.
The team will draft an Emergency Operations Plan (EOP) and garner quality feedback. Edits are made based on necessary comments and approval is obtained from appropriate leadership.
6. Plan implementation and maintenance.
The EOP is maintained by regular reviews and revisions are made when needed. Individuals with cybersecurity roles are trained in their responsibilities and set up for success.
For more information from REMS Technical Assistance Center, check out the entirety of their Cyber Safety For Schools Fact Sheet.
Growth is an important element of U.S. education. For students to be successful they need constant opportunities to learn and grow. It’s time for school districts to make movements towards substantial growth in cybersecurity.
SB 820 requires superintendents to designate a cybersecurity coordinator to serve as a liaison between the school district and the agency in cybersecurity matters. NXTsoft’s ThreatAdvice vCISO solution provides strong expertise in cybersecurity to make sure Texas school districts are compliant with SB 820. Learn more about NXTsoft’s cybersecurity solutions here.