15 Budget-friendly Cybersecurity Tips for Schools
Your organization’s finance professionals make tough, sometimes unpopular, decisions come budget season. Funneling funds to one initiative could mean scaling back, postponing, or eliminating other initiatives. Here are 15 simple, budget-friendly tips that will help fortify your digital defenses.
1. Develop a Culture of Cybersecurity
In organization's that have established a culture of cybersecurity, protecting sensitive data is a value that never gets compromised. The process starts with leadership commitment.
2. Never Share Login Credentials
A password management system eliminates the need to write passwords and account credentials down and reduces the risk of them falling into the wrong hands. Remind employees to be careful about entering passwords or PINs or viewing sensitive information in public places. Criminals could be looking over their shoulders.
3. Use Public Wi-Fi Sparingly
It’s common for coffee shops, libraries, and other public places to provide free Wi-Fi. It’s also common for free Wi-Fi to be unsecured, so avoid using it for sensitive business.
4. Back Up Your Data
Back up your data regularly and ensure that backups are viable. New ransomware hunts for on-premise backups to lock up, so consider off-site, off-line, or powered-down data backups for better protection.
5. Don’t Take the Bait
Cybercriminals sometimes pilfer district funds by posing as legitimate vendors, contractors, or even district staff. Pay attention to strange email or phone call requests that appear to be from a person or business you know. When in doubt, contact the sender through an alternate method and report the suspicious request to your IT/security staff.
Resource: Share this phishing cheat sheet with your finance professionals.
6. Enable Multi-factor Authentication (MFA)
Enable MFA on business and personal accounts to receive authentication codes via SMS or secondary email.
7. Use Passphrases
We all know the importance of creating strong, unique passwords; we’re just not very good at it. Let’s say you choose a seemingly random password like "aaaaaaa." A human probably won’t crack it quickly, but a computer will—in about 10 milliseconds. Consider using passphrases instead.
8. Lean on Data Loss Prevention
Employees are your first line of defense against cybercrime. No matter how informed and prepared your team is, however, cybercriminals constantly find new ways to attack. Their schemes often rely on human error. Data loss prevention tools help ensure that when employees make mistakes, technology has your back.
9. Run Annual Cybersecurity Drills
Preparing for a worst-case scenario will enable your staff to respond quickly and effectively. The faster you act, the better off you’ll be.
10. Vet Your Vendors
Even if your district maintains strong cyber-defenses, your network could be at risk if your vendors don't do their part. Vet your vendors to ensure they are reputable and will protect your data. Take the next step by entering data protection/privacy agreements with vendors.
11. Tap Into Information-Sharing Networks
The K12 SIX, Texas Information Sharing & Analysis Organization, and other information-sharing organizations provide forums for districts to alert each other about cyberthreats and share best practices.
12. Use a VPN for remote work
It’s especially important to use a virtual private network (VPN) if you’re on public or unsecured Wi-Fi. VPNs provide a layer of encryption that could prevent network compromise.
13. Patch Your Software
Ensure there is an automated or manual policy for installing updates and patches to your anti-virus, operating systems, and other software platforms as soon as they’re available. Remember, you’re only as secure as your most recent update.
14. Get the Most from Security Platforms
Make sure your antivirus, firewall, and email security appliance are up-to date, configured correctly, and most of all, turned on.
15. Segment Sensitive Information
Talk to your IT team about departments that work with sensitive information. If possible, provide a distinct, more- secure network segment for those departments. The fewer people who have access, the safer the data.
Bonus Tip Exclusively for Fund Members
Fund members with Privacy and Information Security coverage benefit from expert support at no additional cost. Let us train your team to build a state-mandated cybersecurity plan, avoid common scams and attacks, and recover from incidents.
Editor's note: This article was originally published in November 2021. It has been updated for accuracy and comprehensiveness.
Lucas Anderson
Lucas Anderson joined TASB Risk Management Services in 2019, bringing more than a decade of experience in cybersecurity, network administration, and information technology. He advises districts on preemptive mitigation against ongoing and emerging cybercriminal threats targeting the education sector, as well as cybersecurity-related regulatory compliance.
Over his career, Anderson has supported public and private organizations, including Booz Allen Hamilton, the White House Office of Management and Budget, the Department of Defense, and the Texas Association of Counties.
You May Also Like…
View All Related InsightsThe Basics of School Fleet Management
Your community relies on your district's vehicles, so take care of your buses, trucks, and cars with these fleet management basics.
Cybersecurity Is Not Just an IT Thing
Cybersecurity culture is built on every employee embracing their role in keeping criminals at bay. Here are seven tips to help you get there.
Want to Worry Less About Data Breaches?
The accidental release of sensitive information can tarnish your organization’s reputation. Data loss prevention tools help ensure that when employees make mistakes, technology has your back.
Tax Season Tips for Avoiding Cyber Scams
During tax season, cybercriminals are looking to claim their own returns. Stay up to date on this season's scams to protect your organization and employees.