A year ago, IT professionals in K-12 school systems became heroes to their communities when their skills and resourcefulness turned on remote learning for nearly all. But while IT teams were enabling teaching and learning to continue uninterrupted in spite of everything else going on in the world, they were also seeing their systems beset by relentless attacks. More school districts than ever have been victimized by ransomware, data breaches, and other forms of digital malfeasance. While there’s no way to guarantee your schools will avoid all cyber incidents, the preemptive moves you take will make digital and online activities ever safer for your district users. Learn how your institution can adapt to this new environment in Carahsoft’s Innovation in Education report.
“Traditionally, for good reasons, the conversation in K-12 has been focused on education. The priority for spending has been steered toward academics — getting more support and training for teachers and trying to control the classroom size, for example. Technology, and especially cybersecurity, was a scheduled expense, up there with predictable plumbing problems and textbook replacement, but contained within the IT organization. However, IT — and especially cybersecurity — has now become a strategic element for education. Parents, superintendents, board members and executives within administration have realized that keeping data and systems safe can have a district-wide impact. Experience a data breach or a ransomware event and you’ll suffer damages that strike your budget as well as your reputation: Families will leave your schools to go to the district next door that didn’t have a break-in. That means it has become something that should be part of all decision-making.”
Read more insights from Palo Alto Networks’ Cybersecurity Strategist, Fadi Fadhil.
“Even though it’s now a simple matter to go online and learn how to launch a cyber-attack and buy the tools to do so for just a few dollars, ransomware has become a more complicated process, involving triple extortion. Originally, the idea was that the bad guys would get into your computer system, encrypt your data and tell you that in order to get the data back, you’d have to pay x bitcoins. That was pretty direct; you either paid the money and hoped they’d give you your data or you had backups, because a good backup policy would prevent an attack from imposing any lasting damage. So the criminals revised their approach. They turned around and said, ‘OK, we’ve encrypted your data. Pay this amount to get it back. And by the way, we also stole your data. If you want to prevent this data from being made public, you will pay the same amount of ransom, and this is the deadline.’”
Read more insights from HPE’s Distinguished Technologist in Cybersecurity, James Morrison.
“The cybersecurity threat to K-12 educational institutions has been consistently growing since 2018. Unfortunately, for many schools, efforts to protect against cyber-attacks have not seen similar growth. K-12 public schools became the number one target for ransomware attacks across all public sectors in 2020. Meanwhile, less than a quarter of school districts have anyone dedicated to network security, according to the latest CoSN leadership report. And even institutions with dedicated network security staff may struggle with a lack of funding to dedicate to cybersecurity measures. This poses a challenge for schools that cannot build cybersecurity defenses that match the sophistication of the malicious actors intent on attacking their data-rich networks. Fortunately, cybersecurity help is available, and at no cost. Recognizing that schools, along with other state, local, tribal and territorial government agencies, rarely have the resources they need for cybersecurity, the Center for Internet Security, an international nonprofit, offers essential cybersecurity services through the Multi-State Information Sharing & Analysis Center (MS-ISAC).”
Read more insights from the Center for Internet Security’s (CIS) Senior VP of Operations and Security Services, Josh Moulin.
“Envision this scenario: Requests for payment are sent in via online interface or digitized en masse through a designated service center. The data is vetted to make sure vendors are approved and expenses fall within the expected range or amount. The documentation is immediately tagged for the proper workflow, being approved at each level through a mobile app or computer application. Approvers can be added or removed from the workflow list as staffing or delegation needs change. Those who sit on approvals too long can be notified that the clock is running. Likewise, managers can be alerted when people on their team try to shove payments through without adequate controls or documentation in place. As a result, the right invoices are paid on time, without incurring penalties or losing out on possible rebates offered by the vendors. Any physical space dedicated to holding onto paper documentation can be dedicated to other purposes. On the expense side, schools can eliminate adult arts-and-crafts.”
Read more insights from SAP Concur’s Public Sector Senior Director, Jim McClurkin.
“With the return to the physical classroom, you might think schools should tuck away their Zoom licenses for the next time an emergency strikes. But that would be short-sighted. Educators have seen how technology can play a role in delivering learning options for students who can’t attend in person. Now that K-12 administrators are reimagining and redesigning education, school districts would be foolish not to learn from their pandemic experiences. Their big lesson? Schools need virtual options. They need them for students who, because of physical, emotional or mental disabilities, can’t be in the classroom; who have dropped out just shy of a few credits and really want to earn that diploma; who are working to support their families; who are taking care of younger siblings; or who want to participate in dual enrollment and can’t get the unique classes they need through their own schools.”
Read more insights from Class Technologies’ VP of K-12 Strategy, Elfreda Massie.
“While the concept of zero trust serves as a useful framework for understanding the goal of posting a guard at every entry and maintaining clear lines of authorization and authentication, getting it done is another matter. Somebody has to do the work of implementing endpoint management and security. Consider the challenge of mobile endpoint patching. IT churns through cycles continuously applying long lists of patches, mitigating risks for which there may be no exploit and that may not be in line for attack. According to a recent Ivanti report, “Patch Management Challenges,” 71% of IT and security professionals find patching to be overly complex and time-consuming. And the patching efforts may only address district-owned devices along with the small share of end users with their own devices who are willing to go through the patch process. What about everybody and everything else? The key is knowing what patches are crucial and being able to prioritize patch decisions that are going to provide comthe greatest security. The patch management approach needs to apply threat intelligence and risk assessment. Then it needs to be enabled on all devices — district-owned or not — without the process relying on interaction from users.”
Read more insights from Ivanti’s Public Sector CTO, Bill Harrod.
“K-12 professionals are continually trying to keep their heads above water. They’re drowning in paperwork, processes, regulations and general bureaucracy. And they just need relief. If you’ve got 100 different contracts, every time you touch those contracts to manage them, support them, make amendments, check that they meet state and federal compliance guidelines, and more, it increases the total cost of ownership for every one of those cloud products and services. E&I helps you reduce this work, so that you can spend more time and energy in what you love to do, which is helping students learn.”
Read more insights from E&I Cooperative Services’ Vice President of Technology, Keith Fowlkes.
Download the full Innovation in Education report for more insights from these cybersecurity thought leaders and additional K-12 industry research from THE Journal.