How Secure is Your School’s Network? Share Cybersecurity is a hot topic in schools, and for good reason – data breaches are on the rise, and schools are particularly vulnerable to hackers. In fact, Verizon’s 2016 Data Breach Investigations Report ranked the education sector sixth in the U.S. for reported security incidents. In this Q&A, Christina Stevens, Chief Information Security Officer at GuideOne Insurance, shares why schools are at risk for cyberattacks – and how you can avoid becoming a statistic. Q: What makes schools attractive to hackers? A: Schools have a lot of personal information on staff, students and parents that’s potentially accessible in many forms. For instance, a lot of schools and districts use mobile apps to connect with students and parents, and offer the ability to submit payments online. On top of all this, many schools have minimal budgets, and administrators prefer to use that money for the good of students instead of data security. Q: What is the biggest mistake schools make when it comes to cybersecurity? A: Assuming that they’re not a target because they’re a non-profit organization. With that mindset, it’s not a matter of if you’re going to be attacked, it’s a matter of when. It’s important to be aware of different cyberattack types and trends, and make data security a priority. Q: What are the current and upcoming trends in cyberattacks that educators need to be aware of? A: Two that are top-of-mind are ransomware and spear phishing. Ransomware, which disables your network and then demands a large sum of money in order to restore the network, is becoming more and more popular because it’s a quick way of making money. Spear phishing attacks via email and social media are also on the rise because they’re easy to pull off. Hackers will impersonate someone you know as a way to get you to click on links or download malware in an attempt to gain access. Q: How can school leaders better protect the personal information they collect? A: First, they need to understand what data they are collecting. Then they need to determine where the data is being stored and in what format. With this information, they can limit the individuals or systems that have access to that data and monitor that access. Educating users on the appropriate use and protection of this data is also critical. Q: What are some recommended preventive cyber security tips specific to schools? A: Keep tabs on those who have access – by that, I mean perform background checks on employees, vendors, etc. to ensure they’re legitimate. If you don’t have an IT staff, or have limited IT resources, partner with an established IT vendor who has experience with school cybersecurity. You can also team up with other schools and districts to learn more about what they’re dealing with – and how they’re handling it. Look out for each other! Tags Nonprofit & Human Service Category Education © 2024 GuideOne Insurance. GuideOne® is the registered trademark of the GuideOne Insurance Company. All rights reserved. This material is for informational purposes only. It is not intended to give specific legal or risk management advice, nor are any suggested checklists or action plans intended to include or address all possible risk management exposures or solutions. You are encouraged to retain your own expert consultants and legal advisors in order to develop a risk management plan specific to your own activities.