Last week approximately 400 independent private school information technology (IT) professionals gathered in Los Angeles for the 2017 Association of Technology Leaders in Independent Schools (ATLIS) annual conference. I had the honor of presenting during the Sunday cyber security workshop and leading a cyber security risk management session on Monday. The goals of the sessions were to arm the IT professionals with the latest information on threats, cyber risk management best practices and lessons learned from our work with independent schools across the country. The session attendees were highly engaged and eager to learn how they can shift their school’s data to being safe and secure using the 3 pillars approach.
Throughout both sessions, the attendees were polled on a variety of topics that included implementation of some basic security safeguards and best practices such as assessments, encryption and 2-factor authentication. Only 35% of the survey respondents have performed an assessment in the past 12 months although an assessment is an integral part of developing a school’s cyber security program. 57% of the schools have not deployed 2-factor authentication at all and only 20% have deployed this safeguard for key employees. 2-factor authentication is one of the most effective safeguards to prevent account access in the event that a user’s login credentials are compromised. Only 37% have deployed disk encryption and 26% only deploy disk encryption if an end-user specifically requests it.
Attendees were also polled on what they perceived to be their greatest cyber threats. 46% of respondents indicated that phishing and spear phishing were viewed as the greatest threats that their schools face. In spite of this fact only 29% of the schools had ever performed a mock phishing exercise to test their faculty and staff and raise their security awareness. The good news is that 37% plan to perform a mock phishing exercise soon but that still leaves 34% who do not plan to perform a test in the near future. ATLIS member schools are eligible for a free mock phishing exercise which means that every member school should be considering this as part of their basic security program. This service is provided through COMPASS as a way for us to give back to the community.
In spite of the above survey results I was encouraged by the level of interest and engagement from the session attendees. They had a genuine concern about keeping their faculty, staff, student and parent data safe while balancing an open learning environment. This concern and engagement is warranted since 43% indicated that their school had a data breach in the past 12 months. Remember it is not a matter of if you will have a data breach but when you will have a data breach. ATLIS is leading the charge with providing independent private school IT leaders with access to the resources and knowledge they need to reverse this trend and protect their schools.
If you would like to learn more about how you can protect your organization’s data, please CONTACT US.