Ransomware attacks have grown in recent years and schools have increasingly been identified as soft targets lacking the capacity to ward off hackers. In addition, greater reliance on technology to deliver instruction and services since the COVID-19 pandemic has left schools increasingly vulnerable to cyberattacks.
In 2022, cyberattacks grew by 150 percent, with the average attack lasting 66 hours. Cyberattacks against the education sector increased by 36 percent. For local educational agencies, it is not a matter of if — but when — school information systems will be subject to a cyberattack, which can render the entire school district or county office of education unable to conduct the day-to-day business of educating students.
Yet, in addition to accessing support from the state, there are many steps that boards of education can take at the local level to help guard against and mitigate the severity of cyberattacks. This list of tips and resources is intended to guide LEA leaders in the right direction.
- Are we prepared for a cybersecurity attack?
- What does the board need to know about disaster recovery?
- How long will it take the LEA to recover from an attack?
- Do we have adequate cybersecurity insurance?
- How long do we have to retain data? How often do we purge sensitive files?
- What do you need to secure the LEA?
- Have you reviewed the Instant Response Plan with the board?
- Does our plan align with our insurance carrier requirements?
- Who can the LEA turn to for an IT security audit?
- Develop a comprehensive cybersecurity policy and procedures manual
- Conduct regular cybersecurity risk assessments to identify vulnerabilities
- Implement strong password policies and enforce regular password changes
- Provide ongoing cybersecurity training for staff, students and parents
- Establish a system for monitoring and logging network activity
- Regularly update and patch software systems and applications
- Backup critical data and ensure it is stored securely
- Install and maintain updated antivirus and antimalware software
- Utilize firewalls and secure network configurations
- Implement multi-factor authentication for all user accounts
- Restrict administrative access and privileges
- Enable automatic software updates and security patches
- Regularly scan and monitor the network for anomalies and intrusions
- Establish incident response protocols and communication channels
- Develop and practice an incident response plan for cyberattacks
- Establish a dedicated incident response team with assigned roles
- Isolate compromised systems to prevent the spread of attacks
- Engage with law enforcement and cybersecurity experts when necessary
- Communicate promptly and transparently with stakeholders about the incident
- Analyze the attack, learn from it, and update security measures accordingly
- Conduct regular post-incident reviews and debriefing
For more CSBA-curated cybersecurity resources, visit bit.ly/3pVvcGK.