As you may already know, The U.S. Department of Education recently issued a warning encouraging school districts to take extra precautions against cyber extortionists.
As stories of cyber extortion continue to appear in the media, Bolton’s Education Practice Group is committed to helping make educational institutions safer through proactive planning to manage their risks.
The National Institute of Standards and Technology (NIST) outlines five core functions to help institutions better protect against cyber threats such as this.
The functions are as follows:
- Identify internal and external cyber risks
- Protect organization systems, assets and data
- Detect system intrusions, data breaches and unauthorized access
- Respond to potential cyber security event
- Recover from a cybersecurity event by restoring normal operations and services
Depending on the size of your school and how you conduct business on an operational level, the amount and kinds of vulnerable data can vary greatly. In addition, the resources available to each of you can vary greatly, as well. Large institutions may have an entire department dedicated to IT where smaller institutions may have to delegate this function as part of many other duties required of a single employee.
Regardless, all institutions have a degree of exposure and it is vital from a best practices perspective that those risks are identified and communicated effectively to senior administrators and your board of trustees, along with details about how these risks are currently managed, what is being done in terms of mitigation and establishing levels of accountability. At the same time, the board and senior administrative staff must be committed to provide ongoing oversight, direction and due diligence along with required reviews conducted and reported on an annual basis, at minimum.
Lastly, for most institutions a large component of their risk management program is the purchase of insurance. Bolton’s Education Practice Group has put together a customized Cyber Liability program specific to K-12 institutions and has many markets with products that can be tailored for a variety of other types of institutions.
To learn more, please contact us.
Image credit: Brenda Ahearn/Daily Inter Lake.
If you liked this, check out these great articles:
- Taking Flight and Avoiding Risk: What Schools Need to Know About Drones
- Schools and Earthquake Insurance: A Matter of Risk Exposure and Need.
- If Disaster Strikes – Can You Still Have Class? Understanding Business Continuity
- What Schools and Nonprofits Need to do to Meet New Federal Child Abuse Prevention Requirements
- Educated Alternatives to the National School Walkout on March 14