09 Jul When Should School Districts Update Their Security Policy?
Now that the educational sector has been identified as the least secure out of 17 industries overall, the time has come for district heads and IT administrators to take another look at their security policy. Chances are good that your district already has some sort of policy established and written down somewhere – but when was the last time this important document was updated?
Is it time to update our cybersecurity policy?
Unless you and your IT team have taken a look at your policy within the last few months, your answer to this question will likely be, “Yes, we’re overdue for an update.”
There are a few reasons this is true:
- Hackers may already be on your trail. According to Malwarebytes Labs’ 2019 State of Malware report, the education industry isn’t just one of the least secure – it’s also one of the top-targeted sectors by cybercriminals.
- You need to protect your computing power. A Q&A with Melissa Tebbenkamp, director of instructional technology for Raytown Quality Schools in Missouri, revealed that hackers aren’t always after schools’ data – they want to drain available computer power to support their malicious activity. It’s important that administrators take steps to enable visibility into their IT resource usage to prevent this kind of unauthorized power mining. Check out Tebbenkamp’s full responses from her EducationWeek interview to learn more.
- Sensitive info still needs security. At the same time, though, the personal information of students, educators and faculty also need to be protected as well.
- New risks are always emerging. In addition to computer resource mining, other vulnerabilities like ransomware, data-compromising Trojans and other security issues are on the rise.
What to consider with your cybersecurity policy revamp
When you and your data security administrators are ready to update your security policy (and a time like summer break could provide the ideal opportunity!) there are a few things you should examine first.
As Tebbenkamp explained, it’s critical for stakeholders to seek out any gaps in their current policy, such as issues securing the network for mobile device use and access restrictions.
“My teachers don’t need to have administrative access to their computers to do their jobs,” Tebbenkamp pointed out. “We find a way to make sure they have the resources they need.”
Speaking of users like the district’s educators, it’s helpful to build awareness and security best practice training requirements into the overarching policy. In this way, it reduces the chances that a teacher will open a suspicious email and let a ransomware infection loose on the network, for example.
District stakeholders should also pinpoint any new systems, environments or applications within the infrastructure that have been added since the last policy update. Even small things like the ways in which platforms are integrated could open up potential security risks. Examining and ensuring the security of these newer systems can make a big difference.
Finally, it’s critical that the school district has the right tools and technology in place to support a best-in-class security posture. This includes strategies to support data confidentiality and integrity, as well as regular data backups. To find out more, connect with one of our expert consultants today.