In the wake of recent cybersecurity hacks, districts across the country are on high alert and looking for ways to make sure they don't become the next victim of a cyberattack. In a 2018 study conducted by EdTech, school districts were found to be one of the least secure of the 17 industries surveyed, due in part to a lack of funding allocated to cybersecurity. This has lead to weaker security protections making schools more likely to be targeted by hackers.
There are many different types of cybersecurity threats, but one of the most common is called ransomware. This is when hackers gain unauthorized access to the data on your computer and demand money in order to regain access to it. These threats expose sensitive information of those in your school community, disrupt school operations, and have high recovery costs. This heightens the importance of reviewing internal and external security measures to keep your student and staff information safe.
As schools continue to collect more student information and rely on systems to manage their operations, improving security across your district becomes imperative. Reviewing these three key areas can help mitigate these security threats.
Vendor Software/Solutions
Throughout a school district, many departments and programs use software solutions that are provided by outside vendors, like a student information system or cafeteria point of sale. These vendors are constantly releasing updates to their solutions to ensure software bugs and potential security vulnerabilities are fixed. Work closely with your vendors and IT department to make sure your computers always have the latest version installed. Sometimes these updates can be automated, but other times it may be a manual process. Either way, the important takeaway is that you should always keep your solutions up-to-date to help protect against potential cyber threats.
In addition to performing regular software updates, backing up your data is equally important. In the event of a cyber threat, backups can help prevent data loss and recover faster. Some vendor solutions are cloud-based, which typically mean that your data is already being regularly backed-up. Our Cloud software platforms like Mosaic and MCS offer automatic backups and server redundancy, allowing you to rest easy knowing your information stays safe no matter what may happen to your computers. For solutions that are not in the cloud, work with your IT department to make sure backups are being performed often.
District Network
A decade ago, school computers were the only devices that would connect to a school's network, and "ransomware" wasn't even in our vocabulary. Today, students, staff, and parents use their personal devices on district networks while on campus, which poses a huge security risk. As more of these personal devices connect to district networks, the potential for school computers and systems to be impacted by malicious programs/viruses grows.
Before students, teachers, or staff access your school's network, they should be informed of any policies regarding the usage of your school network. You may also want to consider controlling which types of personal devices are allowed to connect to your network. Google Chromebooks can be a viable way to still allow access to your network, while reducing the risk of malicious programs/virus because of the way the Chromebook operating system is designed.
District Staff
Many times cyberattacks unintentionally start with district staff. Clicking on a wrong website link or download the wrong email attachment can give hackers entry into your district's network. Providing staff members with regular training so they can recognize phishing emails, practice safe web browsing habits, and follow FERPA guidelines for handle sensitive information will pay dividends.
Actively monitoring staff member program access which directly pertains to their job and removing personnel that are no longer with the district will also help protect your district's sensitive information.
At Heartland, we employ a number of security measures to help keep our districts' data safe. We adhere to the highest and most stringent security standards in the industry when it comes to managing data, controlling access, and encrypting data transmissions. We highly regulate our network management and the authentication and authorization of data access.
Our MySchoolBucks website and mobile app are fully compliant with the Payment Card Industry Data Security Standard, which is a set of security requirements set by Visa, MasterCard, and other major credit card brands. This is the gold standard for payments security and all transactions are encrypted and transmitted securely. If you're currently in the market for a new vendor, be sure to ask if they offer similar security features.
If your school happens to fall victim to a cyber attack, work with your district's IT department to stop the attack in its tracks. Don’t wait until the worst case scenario occurs; make a plan and take the time to protect your school and your data today!