Like businesses large and small, K-12 schools are relying heavily upon technology for their day-to-day operations. In the classroom, teachers are using a wide range of rich media curricula, and printed textbooks are being replaced by electronic versions. Tests are increasingly conducted online. Many districts allow students to use their own devices for learning and other school-related activities.
As a result of these trends, corporate America and K-12 school districts now share similar concerns about cybersecurity and the increased risk of a data breach. According to the Verizon 2016 Data Breach Investigations Report, the U.S. education sector ranked sixth overall in terms of the total number of security incidents reported last year, higher than both the retail and healthcare sectors.
Students have launched distributed denial of service (DDoS) attacks that have disabled school networks for days or even weeks. Hackers have stolen test results, changed students’ grades, and stolen the personally identifiable data of students, parents and school personnel. Ransomware attacks have cost schools thousands of dollars and significant downtime.
Whether a security incident involves student hacking, disgruntled former employees, employee negligence, stolen devices, phishing scams or ransomware, it can be extremely costly. In a business setting, the cost of downtime and data loss comes in the form of lost revenue and lost confidence among customers, vendors and business partners. In the K-12 environment, a security breach can bring learning to a standstill as IT personnel scramble to assess and repair damage. Furthermore, schools store a treasure-trove of information that hackers are itching to get their hands on, and a data breach can be expensive and embarrassing. They also need to ensure compliance with the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student records.
Many school districts struggle to balance the need to give students access to online resources with the need to implement robust security measures. While sharing the same cybersecurity challenges as other government entities and corporate America, K-12 school systems are rarely able to make the same level of investment to protect themselves.
This often requires a top-to-bottom re-evaluation of the school’s cybersecurity posture — not only the network and technical protection measures in place, but IT staff capacity and district data protection policies as well. What areas are most vulnerable? What areas present the highest risk? What data is being collected and stored, and how is it being protected? How is access to the network being controlled, and how is suspicious activity being detected? How do we train all of our students and staff to protect confidential information?
Striking the right balance of cybersecurity investment and data loss prevention polices, on a limited K-12 budget, needs to be an organizational decision. IT leaders can, and should, drive the conversation, but it needs to include all executive leadership.
Legacy infrastructure is typically incapable of detecting and responding to today’s sophisticated threats, or meeting increasingly stringent regulatory requirements for data protection. In this case, new security tools must be implemented.
A layered approach to security, in which a combination of tools and applications are integrated, is essential to protecting K-12 networks without disrupting the learning experience and school operations. Layered security typically includes a next-generation firewall, which offers far more advanced functionality than a traditional firewall, as well as intrusion detection systems, content filtering tools, mobile device management, advanced data encryption and more. All components of a layered security model should be centrally managed, configured and monitored through a single interface. This enables IT teams to correlate security data, address complex threats and move quickly to shut down attacks.
Evaluating existing infrastructure and processes and implementing a layered security strategy is a complex undertaking, especially when it involves the unique requirements and budget constraints of K-12 schools. Pivot can help. Let us use our extensive background in educational environments to help develop a cost-effective security strategy while supporting today’s high-tech learning environment.
by Scott Monroe, Sr. Director, Public Sector Portfolio