TASB Risk Management Fund

15 Budget-Friendly Cybersecurity Tips for Schools

November 08, 2021 Lucas Anderson

Cyber lock

Your organization’s finance professionals make tough, sometimes unpopular, decisions come budget season. Funneling funds to one initiative could mean scaling back, postponing, or eliminating other initiatives. If you’re looking to make a case for cybersecurity, consider these statistics:

  • Publicly disclosed cyberattacks against schools exploded by 235 percent between 2018 and 2020: K-12 Cybersecurity Resource Center
  • In 2020, cyberattacks cost schools an estimated $6.62 billion in down time: cybersecurity research firm Comparitech
  • Parents’ greatest worry is the compromise of their children’s sensitive data (43 percent). Just 11 percent worry about the impact that beefing up security will have on taxpayers: global cybersecurity company Kaspersky

The Fund specializes in pushing back against cyberattacks targeting schools. Here are 15 simple, budget-friendly tips that will help fortify your digital defenses.

Cyber tip 1: Develop a culture of cybersecurity

Lead from the top, and train your employees to recognize and respond to cyber incidents. Reinforce training with drills that prepare your team to react quickly to threats and attacks.

Cyber tip 2: Vet your vendors

Last year, security incidents involving school district vendors and other partners caused 75 percent of K12 data breaches in the U.S. Vet your vendors to ensure they are reputable and will protect your data. Take the next step by entering data protection/privacy agreements with vendors.

Cyber tip 3: Don’t take the bait

Strange email requests, even from trusted contacts, could be malicious. If it smells phishy, contact the sender through an alternate method, and report the suspicious request to your IT/security staff.

Cyber tip 4: Back up your data regularly

New ransomware hunts for on-premise backups. Consider off-site, off-line, or powered-down backups for better protection.

Cyber tip 5: Use passphrases

We all know the importance of creating strong, unique passwords; we’re just not very good at it. Let’s say you choose a seemingly random password like aaaaaaa. A human probably won’t crack it quickly, but a computer will—in about 10 milliseconds. Consider using passphrases instead.

Cyber tip 6: Never share login credentials

A password management system eliminates the need to write passwords and account credentials down cuts the risk of them falling into the wrong hands. Remind employees to be careful about entering passwords or PINs, or viewing sensitive information in public places. Criminals could be looking over their shoulders.

Cyber tip 7: Enable multi-factor authentication (MFA)

Enable MFA on business and personal accounts to receive authentication codes via SMS or secondary email.

Cyber tip 8: Use public Wi-Fi sparingly

It’s not usual for coffee shops, libraries, and other public places to provide free Wi-Fi. It’s also not usual for free Wi-Fi to be unsecured, so avoid using it for sensitive business. Similarly, make sure your home Wi-Fi is on the latest security standard and that it is password protected.

Cyber tip 9: Use a VPN for remote work

It’s especially important to use a virtual private network (VPN) if you’re on public or unsecured Wi-Fi. VPNs provide a layer of encryption that could prevent network compromise.

Cyber tip 10: Watch out for fraudulent instruction attacks

Cybercriminals masquerading as legitimate vendors, and even as employees or staff, have tricked unsuspecting districts into sending money to them. Verify changes to financial routing numbers or direct-deposit accounts with a colleague or a designated external contact before acting.

Share this phishing cheat sheet with your finance professionals.

Cyber tip 11: Patch your software

Ensure there is an automated or manual policy for installing updates and patches to your anti-virus, operating systems, and other software platforms as soon as they’re available. Remember, you’re only as secure as your most recent update.

Cyber tip 12: Get the most from security platforms

Make sure your anti-virus, firewall, and email security appliance are up-to date, configured correctly, and most of all, turned on.

Cyber tip 13: Segment sensitive information

Talk to your IT team about departments that work with sensitive information. If possible, provide a distinct, more secure network segment for those departments. The fewer people who have access, the safer the data.

Cyber tip 14: Tap into information-sharing networks

The K12 SIX, Texas Information Sharing & Analysis Organization, and other information-sharing organizations provide forums for districts to alert each other about cyberthreats and share best practices.

Cyber tip 15: Lean on data loss prevention

Employees are your first line of defense against cybercrime. No matter how informed and prepared your team is, however, cybercriminals constantly find new ways to attack. In many cases, their schemes rely on human error. Data loss prevention tools help ensure that when employees make mistakes, technology has your back.

Bonus tip exclusively for Fund members

Well trained employees are your best defense against cybercrime. Fund members with Privacy and Information Security coverage benefit from our expert's services at no additional cost. Let us train your team to build a state-mandated cybersecurity plan, avoid common scams and attacks, and recover from incidents.

About the author

Lucas Anderson brings 15 years’ experience to his role as TASB Privacy and Cyber Risk Consultant. He advises Fund members on defending against cybercrime and navigating the cybersecurity regulatory landscape. Members benefit from Lucas’ training services at no additional cost.

Tagged: cyber, "cyber security", cybersecurity, "Privacy and Information Security"