Although cybersecurity might seem daunting for schools to address, you can do so by tackling the most crucial items first. In Part One of this 2-part post, we covered the first five steps schools like yours can take to bolster cybersecurity. Here in Part Two, we’ll tackle the last five steps:
6. Implement multifactor authentication
Nowadays, passwords are easy to steal via phishing or break via brute force attacks. This means that you risk exposing your school to great danger if you don’t enforce multifactor authentication. If your staff groan about the hassle of completing additional steps to access their school accounts, tell them that it’s school policy, much like having their ID always on display while they’re on school grounds. It’s just like having their driver’s license displayed all the time.
7. Properly dispose of IT equipment
To stretch their budgets, schools sell old computers and other IT assets to equipment recyclers. Many schools that do so keep the drives intact. This is bad practice because those drives may still contain sensitive information which hackers can extract. Therefore, when you’re disposing of your IT equipment, make sure to wipe them clean of any digital information. For best results, follow the NIST 800-888 guideline for media sanitization protocol and obtain a signed attestation from the party tasked with wiping the data that they had wiped or will wipe the data clean in full compliance with the said protocol.
8. Monitor your IT systems
The task of “monitoring” may be broad in scope, but its primary objective is to provide continuous visibility into the condition of your IT systems and cybersecurity controls. To accomplish this, you can schedule risk analyses, penetration tests, and vulnerability assessments on your company and across the value chain you belong to. By asking your vendors and business partners to do risk assessments as well, they may spot cybersecurity holes you may have missed. Additionally, everyone will gain a big-picture overview of the value chain’s cybersecurity posture, and everyone can provide feedback on how to improve cybersecurity for everyone’s benefit.
9. Provide cybersecurity training
Employees tend to be the weakest link in an organization’s cybersecurity chain, but this can be completely reversed with sufficient training. Increase their awareness of suspicious security events (e.g., receiving a phishing email) and teach them how to report such events. Moreover, train school staff on how to properly share and store data. To illustrate, if a school administrator wishes to deliver a spreadsheet containing student information to teachers, that administrator must follow protocol for securely sharing such info.
10. Regularly test your cybersecurity protocols
There’s no better way to make sure your security measures are effective than by testing them regularly. You need to do penetration tests to find how well your defenses can hold against external threats.
You also need to do simulations to see if your staff will respond to adverse cybersecurity as they were trained to or not. Such simulations will reveal how effective your cybersecurity training is, as well as who needs to take refreshers.
Cybersecurity can seem like a daunting task for schools, but this checklist will help you address the most critical items one at a time. For a comprehensive cybersecurity assessment of your school, avail of IT consulting Orange County.