Protecting Your District Against Cyberattacks
May 06, 19
Parents trust our schools to create a safe environment for their children, and this environment extends beyond the physical security of the buildings. It also includes student data. School districts are responsible for highly valuable digital information for both students and employees, including Social Security Numbers, medical records, photos, and financial information.
School districts were not always on the list of targets for cyberattacks, but times have changed. According to “The State of K-12 Cybersecurity: 2018 Year in Review,” every three days a U.S. school district is the victim of a cyberattack. These attacks include data breaches, denial of service attacks, phishing attacks, and ransomware. So, how do you protect your data against these attacks?
Train Train Train
The first and most important step to deal with cyberattacks is to train your staff to recognize and report suspicious e-mails, links, and people. Your employees are the first line of defense against cyberattacks, and security awareness should be part of every employee’s job description. Schedule monthly trainings that cover threats such as social engineering and phishing, and always cover who to call when something goes wrong.
It’s All About the Process
Make sure you have a process in place for reporting suspicious emails, links, and people-a process that every employee is aware of and feels confident using. Mistakes happen. If an employee clicks on a malicious link, it is not only vital that he or she knows how to report it, it is also vital that the employee feels comfortable reporting it. Immediate action is critical in keeping data secure.
Testing… One, Two, Three
Human error, not technology, is the most likely cause of a data breach1. Run regular simulated attacks to test your employees. Send out false phishing emails and provide immediate, targeted training to any employees who take the bait. For example, instead of ransomware taking over the employee’s PC, an instructional video could play to reinforce learning.
And remember, train and test ALL your employees, including IT professionals.
Build a long-term plan for security. In addition to consistent training, include regular refreshes of other areas of security such as hardware refreshes, software and operating system patches, and removal of outdated hardware and software. Also make sure you complete regular user access reviews to verify that only those who should have access, do in fact have access to your systems.
Your Data is Safe with WSIPC
WSIPC takes the following measures to protect the privacy of your data:
- Data Ownership – WSIPC never discloses or shares student level data, to any party outside of state or federal entities, without the approval of the district.
- Data Security – Security assessments are conducted on WSIPC systems annually, by independent companies. The results of the assessments are used to ensure that our system security is continually updated to meet the ever-growing threat of cyber security attacks.
- Security Awareness – WSIPC participates with the following resources, among others, to stay informed and engaged:
- Student Data Privacy Consortium (SDPC) – a national alliance of states, districts, vendors and policy makers. WSIPC has been part of this organization since its inception.
- National Center for Educational Statistics – a multi-state forum operated by the US Department of Education.
- Future of Privacy Forum (FPF) – a nonprofit organization that serves as a catalyst for advancing principled data practices and fostering privacy leadership and scholarship.
Student data privacy is a top concern for WSIPC, and we will continue to do our utmost to ensure that your data is protected.
To learn about WSIPC’s security policies and practices, see our Data Privacy page on our website, or contact us at email@example.com or 425.349.6600.
WSIPC is a non-profit cooperative that provides technology solutions (including Skyward), services, and support to K-12 schools. WSIPC’s purpose is to help schools do more with every dollar and to empower them with the tools to work smarter. To learn how your district can become a part of the WSIPC Cooperative, contact us at firstname.lastname@example.org or 425.349.6600.
Inspired by education. Empowered by technology.TM