2. Find Trusted Partners Who Bring Additional Expertise and Support
With IT staff members stretched so thin, it is imperative to find great companies you can depend on to help you. I have five primary companies that I trust and who have a great track record working with us. Even if their pricing is a little higher, the benefits far outweigh the costs because they are reliable and responsive, they know the ins and outs of our network, and they understand our goals and objectives.
For example, we have been working with a company for 10-plus years, and they are very familiar with our IT environment. I asked their team over the holiday if they could update our firmware and upgrade our server that runs our application management and patches. Their team remotely completed the work in half a day whereas it would have taken me much longer to finish those upgrades, and I have the peace of mind of knowing their experts took care of everything.
3. Train and Retrain
Most school districts have some type of cybersecurity training program in place for staff, but we are building a training culture centered around empathy and understanding. Teachers are busy. When they have 25 kindergarten students running around, and they get a spoofed email that looks like it is from a legitimate sender, it is easy to understand why they might accidentally click a link.
To address this, we have created some of the following training channels to reinforce best practices with current staff as well as onboarding new team members:
- We hosted a “Know Before You Click” training campaign reinforced by monthly phishing simulations with built-in 30-minute cybersecurity trainings.
- We conducted a Little Phish Cybersecurity weekly video series that addressed cybersecurity issues in an engaging way and was followed up with a short-written synopsis.
- We host a two-day professional development academy in the summer for teachers and staff.
Our training programs are always evolving to meet the needs of our staff, but the most critical factor is that the training never stops, and it never will. To be proactive, we must be diligent about educating staff members and ourselves about the very real threats that exist in today’s digital landscape.
4. Continuously Identify and Address Your Vulnerabilities
As with training, school districts should never remain idle when it comes to evaluating and addressing their vulnerabilities. We have spent the last few years identifying and fixing gaps in our cybersecurity posture and defenses. For example, when I became the technology director, I discovered every teacher had local administrative rights to their C drive. We have since removed those rights and corrected the issue, but those are the types of problems that can go unnoticed and leave a district’s network exposed. Conducting regular audits and evaluations has put our district in a stronger position, but the work is never complete. To be diligent, we must proactively assess our cybersecurity weaknesses and defenses regularly.
Unfortunately, hackers and cyberattacks are not going to go away. Until new funding opportunities are made available, K-12 schools need to reexamine their budgets and find sustainable ways to strengthen their cybersecurity defenses.
- Are substitutes the answer to the teacher shortage? - June 13, 2023
- Preparing for ransomware attacks begins with education - June 13, 2023
- How to use UDL-inspired technology to reengage students - June 12, 2023