Just look at your newsfeed and you’re likely to see another school hit by a cyberattack threatening public safety, privacy of students and staff, and extortion of the school.
Cyber is an emerging liability risk—one that many schools, even ones that have a dedicated IT professional, are ill-equipped to manage as the digital landscape continues to change.
All institutions have risk—and having a plan to manage those risks is half the battle. Transparency is key.
Senior administrators and board of trustees members need to be fully briefed on the potential risk, how those risks are being managed and the established levels of accountability. For their part, they need to provide oversight, direction and deliver the required annual reviews and reports for due diligence.
Here are six starting steps to defending your school.
- PROTECT: Purchase the right insurance as the basis of your risk management program. Bolton’s Education Practice Group has put together a customized Cyber Liability program specific to K-12 institutions and has many markets with products that can be tailored for a variety of other types of institutions.
- EDUCATE: Keep up with what industries prone to cybercrime and there something for your school to learn. Make sure everyone knows about the cyber risks that are out there, how the school is prepared to defend itself, and what faculty, staff and students need to do to stay protected.
- ENFORCE: The amount and kinds of vulnerable data can vary greatly. Are your antivirus software, firewalls and other security mechanisms up to date? Change passwords frequently and use multifactor authentication for the most sensitive information.
- GUIDE: Do you have guidelines on social media postings? The most successful phishing exploitations are based on information posted about your school. And spear phishing now takes it to another level by making the emails from the attacker appear as if they are coming from inside your institution.
- Not everyone needs to have access to highly sensitive or classified information. Be specific and tailor user profiles to screen out those who don’t need access.
- ENCRYPT: If there is a breach, make it as hard as possible for the attacker to read the information. Use the best encryption tools to lock down everything.
As stories of cyber extortion continue to emerge, Bolton’s Education Practice Group is committed to helping make educational institutions safer through proactive planning in managing their risks. To learn more, please contact us.
If you liked this, check out these great articles:
- Educated Alternatives to the National School Walkout on March 14
- Think Your Data Has Been Hacked? Here Are Some Smart Steps You Need to Take
- A National Tragedy Reinforces the Need for Active Shooter Preparation at Schools and Beyond
- Surging Cyberattacks Take on Another Deceptive Form: Spear Phishing
- Electronic Filing Update from OSHA: Compliance Date Extended to December 15, 2017