Is your school prepared to withstand a cybersecurity threat? A new study from the Consortium for School Networking and the Education Week Research Center shows that many schools aren’t.
The study surveyed K–12 information technology leaders across the U.S. from private and public schools. Only 27% of those surveyed believe that ransomware attacks are significant threats, while a mere 20% believe unauthorized disclosure of student data could be a significant problem.
Moreover, only 15% have a cybersecurity plan in place, should an attack or breach occur. Only 29% have purchased specific cybersecurity products and services, and just 28% have added security safeguards to vendor negotiations.
Schools today need to be prepared for potential cybersecurity threats. The IRS issued a warning in February 2017 stating that phishing scams have evolved beyond the corporate world and hackers are now targeting schools and nonprofits.
These phishing scams often involve hackers posing as members of your organization, and asking individuals to send sensitive employee information, such as W-2s or other personal materials. Some cybercriminals also follow up with an “executive” email to the payroll team, asking that a wire transfer be made to a certain account. These scams can be run simultaneously or individually.
It’s imperative that the Business Office manage cybersecurity risk effectively in a two-pronged approach. First, schools must take cybersecurity threats seriously and put effective safeguards in place. As technology becomes even more prevalent in every aspect of K–12 education, from the classroom to record-keeping, contemplate whether your current systems provide adequate protection.
Consider your monitoring and security protocols and procedures, the roles of your information-technology-focused employees, what student and employee information you collect, and how that information is stored and used. Also review contracts with vendors for cybersecurity assurances, as well as steps that will be taken if a breach occurs.
Second, provide training to all employees, especially those with access to sensitive student and employee information. Give them the tools they need to recognize scams and spoofs.
If there is a breach, be swift in your response and communicate openly with those impacted. Work with law enforcement if necessary to bring a speedy resolution to the issue.
ISM's Directors & Officers Liability Insurance (D&O) policies, which include Employment Practices Liability, are specially designed to offer expanded protection for the ever-changing needs of private schools. Learn more about ISM's D&O policies here.
Additional ISM Resources:
The Source for Private School News Vol. 16 No. 7 A Primer on Data Privacy for Your School
The Source for Trustees Vol. 16 No. 2 Classroom Apps, Technology, and Privacy Concerns
