Cybersecurity isn't a one-size-fits-all solution; it's a mindset that must be integrated into every aspect of our digital environments. As school IT environments grow more complex, so do the potential threat vectors, which means protecting them requires a multi-faceted approach. Specifically, when it comes to school safety on digital systems, there are key considerations that can be applied to minimize threats.
Recent reports of breaches in the media have accelerated the importance of cybersecurity best practices. One such breach involved a company that provides services to public schools, where hackers gained access through the company’s support portal using valid credentials. These hackers were able to retrieve "all" historical student and teacher data stored in multiple school districts student information systems. The breach was attributed to the company's failure to implement a basic multi-factor authentication security measures on the affected system. Other reported breaches in other state school districts would have required a different protective measure. In one instance, unauthorized actors gained access to specific computer systems and obtained stored data files. A more effective protection method in this case would have been the implementation of an Endpoint Detection and Response (EDR) solution, which proactively monitors laptops and devices around the clock These are just two examples of different approaches to cybersecurity. There are 4 main elements to consider when protecting digital data. 1. Individual users. In this case, students, staff members and parents. That includes the user and their devices. 2. Systems that are built and controlled by our schools. These are generally managed by the school’s IT teams. 3. Supply chain and the systems that are provided by vendors. These can be cloud and SaaS type technology services. 4. Finally, the network connection that provides the pathway accessing either type of system that connects the users to these applications must be protected.
