Six Ways to Protect Your School Against a Cyberattack

Posted on 02.27.18 // by Bolton Education Practice Group // Education, Risk Management

Just look at your newsfeed and you’re likely to see another school hit by a cyberattack threatening public safety, privacy of students and staff, and extortion of the school.

Cyber is an emerging liability risk—one that many schools, even ones that have a dedicated IT professional, are ill-equipped to manage as the digital landscape continues to change.

All institutions have risk—and having a plan to manage those risks is half the battle. Transparency is key.

Senior administrators and board of trustees members need to be fully briefed on the potential risk, how those risks are being managed and the established levels of accountability. For their part, they need to provide oversight, direction and deliver the required annual reviews and reports for due diligence.

Here are six starting steps to defending your school.

  1. PROTECT: Purchase the right insurance as the basis of your risk management program. Bolton’s Education Practice Group has put together a customized Cyber Liability program specific to K-12 institutions and has many markets with products that can be tailored for a variety of other types of institutions.
  2. EDUCATE: Keep up with what industries prone to cybercrime and there something for your school to learn. Make sure everyone knows about the cyber risks that are out there, how the school is prepared to defend itself, and what faculty, staff and students need to do to stay protected.
  3. ENFORCE: The amount and kinds of vulnerable data can vary greatly. Are your antivirus software, firewalls and other security mechanisms up to date? Change passwords frequently and use multifactor authentication for the most sensitive information.
  4. GUIDE: Do you have guidelines on social media postings? The most successful phishing exploitations are based on information posted about your school. And spear phishing now takes it to another level by making the emails from the attacker appear as if they are coming from inside your institution.
  5. Not everyone needs to have access to highly sensitive or classified information. Be specific and tailor user profiles to screen out those who don’t need access.
  6. ENCRYPT: If there is a breach, make it as hard as possible for the attacker to read the information. Use the best encryption tools to lock down everything.

As stories of cyber extortion continue to emerge, Bolton’s Education Practice Group is committed to helping make educational institutions safer through proactive planning in managing their risks. To learn more, please contact us.

 

If you liked this, check out these great articles:

About Bolton Education Practice Group

Bolton & Company's Education Practice Group is dedicated to the unique interests and needs of schools, colleges and universities across across the globe. With more than 30 years of experience in the education space, Bolton's EPG is committed to the long-term well-being and future of educational institutions.

Subscribe to the Bolton Blog

Useful Links:

Blog Posts
Final Rule on STLDI and Indemnity Plans
2024-01-29 DOL Updates Civil Monetary Penalties for 2024
San Francisco Health Care Security Ordinance (HCSO) Annual Reporting Due 5/3/24
Johnson & Johnson (J&J) Facing Class Action Lawsuit for Mismanaging Rx Program
Children’s Health Insurance Program (CHIP) Notice: Updated
Prescription Drug Data Collection (RxDC) Reporting: Round 3
ChatGPT’s Top 5 Trends Impacting Employee Benefits: Work-Life Balance (Part 4 of 5)
Post Your OSHA Logs from February 1 to April 30, 2024
Prioritizing Mental Health Part 2: The Link Between Mental Health and Employers’ Healthcare Expenses