Preparing Your School for Cybersecurity Threats

Source Newsletter for Business and Operations Header Image
Source Newsletter for Business and Operations Header Image

Business and Operations//

January 9, 2018

Is your school prepared to withstand a cybersecurity threat? A new study from the Consortium for School Networking and the Education Week Research Center shows that many schools aren’t.

The study surveyed K–12 information technology leaders across the U.S. from private and public schools. Only 27% of those surveyed believe that ransomware attacks are significant threats, while a mere 20% believe unauthorized disclosure of student data could be a significant problem.

Moreover, only 15% have a cybersecurity plan in place, should an attack or breach occur. Only 29% have purchased specific cybersecurity products and services, and just 28% have added security safeguards to vendor negotiations.

Schools today need to be prepared for potential cybersecurity threats. The IRS issued a warning in February 2017 stating that phishing scams have evolved beyond the corporate world and hackers are now targeting schools and nonprofits.

These phishing scams often involve hackers posing as members of your organization, and asking individuals to send sensitive employee information, such as W-2s or other personal materials. Some cybercriminals also follow up with an “executive” email to the payroll team, asking that a wire transfer be made to a certain account. These scams can be run simultaneously or individually.

It’s imperative that the Business Office manage cybersecurity risk effectively in a two-pronged approach. First, schools must take cybersecurity threats seriously and put effective safeguards in place. As technology becomes even more prevalent in every aspect of K–12 education, from the classroom to record-keeping, contemplate whether your current systems provide adequate protection.

Consider your monitoring and security protocols and procedures, the roles of your information-technology-focused employees, what student and employee information you collect, and how that information is stored and used. Also review contracts with vendors for cybersecurity assurances, as well as steps that will be taken if a breach occurs.

Second, provide training to all employees, especially those with access to sensitive student and employee information. Give them the tools they need to recognize scams and spoofs.

If there is a breach, be swift in your response and communicate openly with those impacted. Work with law enforcement if necessary to bring a speedy resolution to the issue.

ISM's Directors & Officers Liability Insurance (D&O) policies, which include Employment Practices Liability, are specially designed to offer expanded protection for the ever-changing needs of private schools. Learn more about ISM's D&O policies here.

Additional ISM Resources:
The Source for Private School News Vol. 16 No. 7 A Primer on Data Privacy for Your School
The Source for Trustees Vol. 16 No. 2 Classroom Apps, Technology, and Privacy Concerns

ism
ism

Upcoming Events

2/25/2025 — 2/27/2025

workshop

Strategic Communications: Understanding and Engaging Your School’s Constituents

Status: Open

Register

1/15/2025 - 12:00pm ET

webinar

Five Things Heads Need to Know About Retiring Well

Status: Open

Register

More Events

  • webinar 1/22/2025 - 3:00pm ET

    Navigating AI Media: Policies, Education, and Protection for K-12 Schools

    Register
  • workshop 3/17/2025 — 3/21/2025

    Student-Centered Scheduling Design

    Register
  • webinar 1/23/2025 - 3:00pm ET

    Building a Culture of Giving and Getting Involved

    Register