“For the last five years, cybersecurity has been the No. 1 concern, and it’s increasing in anxiety each year,” says Keith Krueger, CEO of the Consortium for School Networking (CoSN). “School districts are the No. 1 target for ransomware.”
Drawing on CoSN’s recent 2023 State of EdTech Leadership survey, and in conjunction with Amy McLaughlin, CoSN’s cybersecurity subject matter expert, Krueger recently shared tips for school leaders around cybersecurity.
Fortunately, there is plenty of cybersecurity help for school districts in the form of resources, potential collaboration, and little changes that can have a big impact.
1. School Cybersecurity Tips: Backup Information Offline and Offsite
The 2023 State of EdTech Leadership survey found 65 percent of school districts are backing up all their data on an offsite location that is not connected to the internet.
Krueger believes this is a good start but he also sees "the cup is almost half empty" side of that stat. “[It] means that a third of school districts aren't doing that most essential kind of a backup,” he says.
2. Patch Everything
The first step McLaughlin says every district should take is to patch everything in a timely manner. “I can't believe I've been doing this for 20 years and I have to say this, people still don't patch their stuff timely,” she says. “This is one of the simplest things to do. Patch every month, every device on time, and don't forget the stuff that you're not working with, every minute. Things like routers, switches, and firewalls also need patches and firmware upgrades.”
3. Utilize Two-Factor Authentication
McLaughlin’s next piece of advice for a security measure that can pay immediate cybersecurity dividends is to install two-factor authentication.
“It is not the silver bullet, but it is a significant increase in security,” she says. “It makes it so much harder for somebody to compromise your account when they phish credentials on it.”
Sixty-one percent of respondents to the CoSN survey said they require two-factor authentication. While McLaughlin would like to see that number rise, the trend is moving in the right direction. Last year only 40 percent of respondents required two-factor authentication.
4. Don't Reinvent The Wheel
State education departments have resources available and Homeland Security tracks and publishes information about cybersecurity attacks on schools. CoSN also offers a primer for schools looking to ensure they are following cybersecurity best practices.
“It's probably the kind of thing that most school districts will read it and say, ‘Yeah, we're doing almost all those things,’ but it reminds you of what to do if you're not doing all those things,” says McLaughlin.
5. Change the Culture
“The tendency is to think that well, cybersecurity is only the responsibility of the people who have technology in their title, and that's not the case,” Krueger says.
The culture around cybersecurity needs to change so that all school leaders are thinking about it and it becomes a priority for superintendents and school boards.
“They have to understand that cybersecurity isn't a technical problem that you dump on the IT department. It's an organizational challenge for the whole organization, and it needs funding,” McLaughlin says. “Implementing multifactor authentication isn't difficult, technically. None of this is horribly difficult, technically. But the hard part is getting the organizational culture to not just accept but to embrace that this is an important element for taking care of the organization.”