FINRA's BrokerCheck

Three Ways to Prevent Cyberattacks at Your School

Educational organizations are increasingly victims of cyberattacks. In fact, according to the K-12 Cybersecurity Resource Center, a new scholastic cybersecurity incident is reported every three days.

Some are highly publicized, like when a Texas school district was scammed out of nearly $2 million via email. But many incidents fly under the radar, even going unreported, despite causing significant harm.

However, there’s good news – sound information technology (IT) practices go a long way. To help, here are three steps to fortify your IT environment and better safeguard data.

Secure Everything

With the amount of technology in schools, chances are high for data breaches (defined as any unauthorized disclosure or access by current and former staff, students, vendors or outside hackers). It’s no surprise the Consortium for School Networking lists data breaches as a top cybersecurity threat.

As such, schools must secure everything in their IT domains.

Your networks should have firewalls and email protections so bad software isn’t distributed. Network devices need updated security software and must adhere to sensible IT policies (e.g., no unapproved software, etc.). Also, use multi-factor authentication whenever possible and ensure users are required to utilize strong and complex passwords.

Similarly, if you have Internet of Things (IoT) devices, like surveillance cameras, secure them to prevent unauthorized use and keep them updated. Consider putting IoT devices on separate networks (or virtual networks) so they can be monitored independently and can’t access other networks.

We’ve discussed a lot of technology, but behavior is an important aspect of security too.

It’s important that users exhibit good IT practices (more on that later). One reason is more than half of all reported data breaches are carried out or caused by people inside the affected organization, per the K-12 Cybersecurity Resource Center.

Additional ways to promote security are keeping IT equipment in locked rooms and placing surveillance cameras in key areas, because ultimately, the aim is to secure all endpoints and devices on your networks. The ideal scenario is a combination of stringent defenses to combat external threats and strong internal governance to guide appropriate use, leaving no compromises on security.

Configure Equipment Properly

Misconfigured equipment can cause serious problems. Remember Capital One’s issues last year started with incorrect settings.

One of the fastest growing threats on the Center for Internet Security’s “Hot Topics” list is misconfigured servers. This can lead to system breakdowns, or worse, expose systems and data to malicious use.

Distributed Denial of Service (DDoS) attacks, which make online services unavailable due to overwhelming traffic, continue to wreak havoc on schools. However, DDoS attacks are preventable with correctly configured technology, like:

  • Redundant, disparate data centers with load balancers for ample bandwidth
  • Firewall and router settings that disable DDoS attack paths
  • Anti-DDoS hardware/software

Educate Users

Technologically literate users are one of the best ways to strengthen IT defenses.

For example, phishing scams and ransomware are two of the biggest IT problems school districts face. There are more potential problems too, including viruses, malware, keylogging, and so on. But the thing is, most of these issues can be avoided with knowledgeable users at the helm.

When people know how their equipment works and how they’re supposed to use it, they’re better able to recognize potential problems and avoid them. They can identify when things aren’t normal and act accordingly.

Remember how “insiders” are involved in breaches? Well, insiders can be good for IT governance too, when they’re properly trained and follow sound IT policies (even if it’s begrudging acceptance).

What does that mean, exactly? It ranges from technical training, like how to spot phishing scams, to everyday usage policies, like not leaving devices in vehicles. And it must be ongoing, because as technology changes, so do security best practices.

Spread Thin? Look Outside

Unfortunately, IT expertise is often outside of school administrators’ bandwidth. Or the IT staff is spread thin. Predictably, this can lead to issues.

Outside help can alleviate these pressures, providing comprehensive IT solutions to your organization, as they’re needed. That keeps your budget and IT plans aligned, and it’s what we do at Rehmann every day. To get started, call us at 866.799.9580.

Meet The Rehmann Team

Start typing a name ...
Searching for "{{nameQuery}}"...
Start typing a experience ...
Searching for "{{experienceQuery}}"...
Start typing a location ...
Searching for "{{locationQuery}}"...
Or view a list of team members