informa
/
Vulnerability Management
Commentary

End-of-Summer Crunch Time for Ed Tech Teams

Four questions to help ensure schools are ready for the new school year.

Another school year is beginning — and with it the concern over rising COVID numbers, in-school mask mandates, and calls for (and against) hybrid learning.

While summer months offer necessary downtime for educators, they are the busiest for educational technology (ed tech) teams. Over the summer, all network upgrades are completed, new platforms are onboarded, new devices are asset tagged and configured, and fresh images are deployed to old computers.

There is an influx of new staff needing support, in addition to veteran employees who need assistance matching old devices with new classroom technology. As the school year begins, there's a greater need for technical staff to support teachers as students enter their classrooms.

As if that isn't enough to keep ed tech teams up at night, school leaders must also confront the harsh reality that they are a primary target for ransomware attacks. Last year saw a significant spike in the number of attacks on K-12 school districts, with ransom requests reaching an all-time high. There were more than 400 documented attacks in 2020, equating to roughly two per day throughout the school year.

How can schools best prepare for increased cyberattacks while balancing typical demands of a new year?

There are a few things that educational leaders and chief technologists can do. To battle COVID, for example, the Centers for Disease Control stresses simple things like washing your hands and maintaining good hygiene. The same is true when it comes to technical environments: Just like we have learned to do with personal hygiene, we must also enforce good cyber hygiene in schools.

Here's a list of questions school leaders and technology teams must answer as they begin the new year.

1. Where are your assets? Beginning with a sound inventory is vital. Knowing what is in your environment allows you to predict your level of cyber-risk and determine the level of effort required to prepare your systems for another year.

Yet, inventory gets tricky in the summer since items are often unplugged and packed away. There's always at least one teacher whose computer remains hidden until the first day of school. The teacher will boot it up for the first time in three months only to discover that the latest version of a software package isn't installed, or worse yet, it does not even connect to the network.

Finding these back-to-school asset landmines as soon as teachers return can save you months of headaches later in the year.

2. Are your devices properly prepared? No one has ever said that patching operating systems and applications is the sexiest part of IT, but it is among the most necessary. Google releases security patches every two to three weeks, Microsoft once per month, and Apple as needed (but no less than quarterly). This means most school devices are behind in security patching after a summer hiatus. Security patching is a key element in good cyber hygiene, and one of the most efficient ways to prevent malicious code from overtaking your environment is to remain current on patches for known issues.

This is also true for student devices. We are now seeing more issues from improperly patched applications than operating systems, which includes all browser plug-ins. Over the past few years, increasing numbers of exploits have been initiated via browser plug-ins designed to capture or steal important data from the user.

3. Have you communicated security expectations to your students, staff, and school community? The need for cybersecurity and Internet safety in schools has never been more important than it is today. It's crucial to inform and educate staff and students about the proper uses and general care of their devices, and dangers of phishing emails. Sending one email about cybersecurity do's and don'ts will not cut it when it comes to cyber education; research says you need to read or hear something 20 to 30 times before remembering it.

Build a communications plan that will periodically and methodically inform and remind staff and students. Use email to communicate phishing alerts, but don't rely on it. Use social media, newsletters, and other communication methods to keep cybersecurity and Internet safety top of mind for the entire school community.

4. Do you have backups for all critical data? In the event of a malicious attack that overtakes your school system, having a sound backup is your best strategy to restore services with minimal disruption. There have been countless examples of school divisions suffering a ransomware attack and losing access to major systems for an extended period. Bottom line: Keep regular backups.

While we all hoped for a return to normal this school year, the reality is that may not be possible. With this in mind, school systems should ensure they have fully leveraged all stimulus funding to ensure systems are robust enough to handle a potential shift back to hybrid or online. Based on guidance from the Department of Education, stimulus funds can be utilized for cybersecurity and other technical needs that have arisen during the pandemic, so take full advantage of available resources. Prepare for the worst — and hope for the best.


Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5