Three Back-to-School Cybersecurity Practices for the K-12 District

American children are back in school and using new tools and technologies in the classroom. According to SolarWinds 2022 Public Sector Cybersecurity Survey, 31% of surveyed educational institutions say using digital services is one of their top priorities.

But with digitization comes risk. Bad actors are increasingly targeting K-12 schools. According to the most recent data from the US Government General Accountability Office in 2020, at least 408 cyber incidents were publicly reported, an increase of nearly 20% year over year.

However, this number is likely to be much higher since many local school districts are not required to report cyber incidents.

How do K-12 districts fight cybercrime?

Cyberattacks can disrupt education. A single click on a phishing email can bring down networks and websites, infiltrate systems with ransomware, and breach personal data, putting children, families, and employees at risk of identity theft .

To reduce cyber risk, the SolarWinds survey found that 98% of K-12 schools and districts surveyed are likely to adopt the cybersecurity recommendations outlined in the House Cybersecurity Executive Order. Blanche, including improving investigation and remediation capabilities, leveraging a standard playbook for responding to cyber threats, and implementing a zero-trust approach.

But how can schools and academies integrate these best practices into their cybersecurity programs? Let’s dive deeper into each of these priorities and suggest how schools can move toward a more resilient cybersecurity posture.

1. Improve investigation and remediation capabilities

We know attacks can happen quickly and without warning. But discovery can take a long time. According to a recent study, the average time to identify and contain a breach is 287 days.

Part of the challenge is expanding a school district’s digital environment, both on-premises and into the cloud, where a shift in toolset can take hold. It is not uncommon for security analysts to switch between monitoring tools. Besides being a costly and inefficient way to manage security risks, analysts risk drowning in a sea of ​​data and alerts, which can cause teams to miss real threats.

A better way to improve observability in hybrid infrastructure, and by extension remediation, is to consolidate tools and aggregate security logs in one place. For example, today’s security event management tools automatically collect and aggregate logs from multiple devices and applications on the network into a single window so security professionals can uncover suspicious activity and threats by minimal time and effort.

2. Create a standard manual for responding to cyber incidents

Another effective way to accelerate investigation and remediation efforts is to create a cyber playbook.
A cyber playbook contains a standard set of tested operating procedures for dealing with threats and ensures that everyone from security analysts to district administrators know their roles and responsibilities and have the tools and processes to detect and respond.

The playbook should outline an incident detection and response plan for each threat vector: ransomware, denial of service, data breach, etc.

Collecting data from past incidents or discovered vulnerabilities can help inform future “games”. For example, security and IT teams can examine data from security event monitoring and reporting tools to drill down into past incidents and understand the cause and effect of events on network infrastructure and how school or district reacted.

Automating previous incident detection and response workflows can also help already overburdened security teams diagnose, prioritize, and act on security events. For example, a security event management tool can help optimize security threat resolution with automated responses and initiate real-time threat remediation by configuring threshold-based alarms and notifications.

3. Mitigate insider threats

Although the general hacker community poses a major security threat, the SolarWinds survey found that 53% of respondents in the education sector said careless or untrained employees posed the greatest risk.
Students and staff may unwittingly share passwords, leave devices containing sensitive data unattended, install unapproved apps, or engage in other acts of negligence that could leave school networks vulnerable to attack.

For this reason, many schools are leading the way by adopting a zero-trust cybersecurity strategy. When surveyed, 82% of educational institutions said SolarWinds Zero Trust was a “very or somewhat important” security approach.

An important pillar of zero trust is the principle of least privilege, and schools need to make this a priority. Because every user poses a risk, schools should ensure that employees and students have the minimum access privileges they need to do their job.

To do this, security professionals must examine user permissions on devices and apps and use automation to do so effectively. For example, access rights management tools make it easy to assess user access privileges, detect suspicious access attempts, and manage permissions at scale.

Securing K-12 Education for the Year Ahead

As K-12 schools plan for a safe and secure 2022-2023 season, these best practices can be critical in helping security and IT leaders mitigate the growing internal (and external) threat.

Featured image: metamorworks, iStock.

Norma A. Roth