July 19, 2024

K–12 Schools Overlook a Few Common Cyberthreats

Author: eli.zimmerman_9856
Go to Source

K–12 Schools Overlook a Few Common Cyberthreats
Fri, 01/25/2019 – 13:12

As cybercrime becomes more common in K–12 education, schools and districts face increasing threats from cybercriminals looking to sell access to systems and the types of personal and financial data that schools store in abundance.

School networks and systems face internal threats as well, from students seeking access to change grades or from staff who may fall victim to email phishing schemes.

While the education sector might receive an “F” in cybersecurity by any measure, proactive school leaders can take steps to prevent threats against their networks that can result in learning disruptions, identity theft and lost time or money.

Too often, education IT leaders focus on the more common types of cyberattacks: phishing, malware sent via email, targeted attacks and adware. What about the threats that fly under the radar?

MORE FROM EDTECH: 3 cybersecurity threats K–12 schools should watch out for in 2019.

Experts Identify Key Cybersecurity Challenges

Attackers have become more sophisticated and devious in their attempts to bypass security. In an upcoming presentation at next week’s Future of Education Technology Conference in Orlando, Fla., I’ll share four key security challenges that education leaders should consider. 

They include decentralized control of data, the Internet of Things and connected devices, poor security planning and awareness among staff and students.

I’ll also review some steps that K–12 leaders can take to assess their systems’ vulnerabilities, plan security work and regularly test systems and look for ways to improve.

What Can Schools Do to Protect Themselves from Cyberthreats?

One strategy is to segment the infrastructure to better protect inbound and outbound communication. At CDW, we recommend that schools separate systems and users based on their roles and use policies, restrict connections only to known systems and devices, and establish methods to determine if a device is out of compliance.

School IT teams should also consider ways to monitor and analyze network traffic, to ensure they can promptly identify and alert officials when abnormal traffic flows or user/device behavior are discovered, then alert officials accordingly.

Despite databases being the ultimate target in the majority of cyberattacks, it is common to find organizations have failed to properly secure them. Having a proper database security program in place and following a few simple steps will go a long way to secure critical data. 

By auditing databases for compliance, establishing and following set standards and policies, controlling user access and following the Principle of Least Privilege, and using real-time database monitoring, schools can protect their critical data.

School leaders must ensure that cybersecurity remains a key part of technology onboarding and training for all students and staff. Keep everyone up to date to continue building awareness about potential threats. 

Training should also provide students and staff with best practices related to password management.

CDW offers a wide variety of solutions to solve common and uncommon cybersecurity challenges. Our teams can perform cybersecurity evaluations; help with consultation, design and evaluation of security solutions; and provide experts to help plan deployments. 

If you can’t make it to FETC for my presentation, check out “The Cybersecurity Insight Report” by CDW, which offers more advice on protecting data with next-generation security solutions, tips on how to increase visibility into your security posture, and ways artificial intelligence and machine learning can help combat the latest threats, and more.



This article is part of the “Connect IT: Bridging the Gap Between Education and Technology” series. Please join the discussion on Twitter by using the #ConnectIT hashtag.



[title]Connect IT: Bridging the Gap Between Education and Technology


Highly motivated and driven Sales Engineer with extensive pre-sale design and solution-sellingexperience in Cyber-Security, WAN and IP services, CPE, Telecom, Cloud, Wireless, ManagedServices, and Network Design.