If you work for or have a family member who attends a K-12 school in the United States and think that your school is immune from hacking, then you couldn’t be more wrong. Between January 1, 2016 and April 19, 2017 there were 112 data security incidents in just K-12 schools! The actual number of incidents is likely much higher since the reported incidents were voluntarily disclosed by the victim organizations. Schools are increasingly being targeted, which means that faculty and staff must strike a balance of fostering an open learning environment with cyber safety and security. Schools are responsible for educating and preparing their students for the future across a range of subjects and cyber security awareness should be included as part of the ongoing curriculum. Our K-12 school clients often ask how they can balance learning and security to ensure that their students are prepared to be safe in today’s digital environment. Although there is not a single answer to this question, there are several actions that schools can take to dramatically improve their cyber security. Some of the most impactful activities include:
- Creating a culture of security across your entire community (parents, students, faculty and staff) by incorporating security awareness information into everyday life. This can include guides, case studies, seminars, webinars, podcasts, newsletters and any other method of communication that is effective in your organization.
- Develop and maintain a curriculum of student and faculty security awareness training on important topics such as social media, cyber bullying and safe web browsing. This type of training is invaluable and will be relevant for the foreseeable future.
- Identify and develop plans to address threats that are unique to your school’s environment. Schools are being targeted by hacktivist groups who support a cause that may be counter to the school’s mission. An example could be a religiously affiliated school that is attacked by a hacktivist group.
- Take advantage of your technologies’ built-in security features. Most schools have done a good job of investing in their technology infrastructure but they lack the expertise and resources to fully utilize the security functionality.
- “Gamify” security awareness training and make it fun. One of our client schools recently included their upper school students in the semi-annual mock phishing exercises we perform for them. They made it a contest between the upper school students and faculty to determine who was most vulnerable.
- Actively monitor your environment to understand how it is being used and where you are vulnerable. It is possible to monitor a school’s environment without disrupting learning. If you aren’t monitoring the organization, there is no way you can understand how the user community is using your infrastructure and where your vulnerabilities lie.
Through supporting our K-12 clients across the country we find that when they implement an effective cyber security program that encourages learning, they receive very positive feedback from not only their faculty and staff but their students and parents. These user groups appreciate the information and have begun to expect schools to include this type of education throughout the school year.
If you’d like to discuss these steps further or have questions regarding your school’s approach to balancing an open learning environment and cyber security, please feel free to CONTACT US.
