4 Tips for a Stronger Cybersecurity Program
Think about all the birthdates, addresses, Social Security numbers, and other sensitive information about staff, students, and parents your schools are trusted to protect. If budget shortfalls have left your cyber defenses lagging, you’re not alone—and criminals are cashing in.
The increasing frequency and severity of cyberattacks against schools drains budgets, tarnishes reputations, and drives coverage costs up. If your organization is a Fund member with Privacy and Information Security coverage, follow these four best practices to defend against cybercrime and prepare for your next renewal.
1. Comply With State Requirements
School cybersecurity has been a hot-button topic during recent Texas legislative sessions. High-profile legislation requires schools to:
- Adopt a cybersecurity plan.
- Appoint a cybersecurity coordinator who serves as a liaison between the district and the Texas Education Agency.
- Report incidents that meet data breach criteria under the law.
- Provide cybersecurity training to certain employees and board members.
2. Implement Multifactor Authentication (MFA)
MFA may sound complicated, but simply put, it means requiring employees to enter more than their password to access a system. Examples include codes sent to cell phones or secondary email addresses, passcode-generating devices, fingerprints, and facial scanners.
Going through two steps to verify your identity can feel tedious, and many organizations experience initial pushback from their employees. But MFA can go a long way toward protecting your network and your sensitive information.
There are a variety of low-cost MFA solutions. If your organization uses Office365, implementing MFA is free and easy to configure.
If you aren’t using MFA, talk to your IT department about which options might work best for your network.
3. Apply Patches and Update Your Technology
As hackers uncover vulnerabilities, cybersecurity threats evolve. New vulnerabilities promptly become public knowledge. Criminals race to exploit them as developers rush to slam the virtual door and keep the bad guys out.
As soon as developers release security patches and updates, it’s up to your organization to apply them to your systems:
- Some organizations install patches and updates manually to confirm they’re working as expected.
- Others automate the process with a server that scans for new updates and patches, and then installs them.
- Critical security patches should be installed immediately. Antivirus updates should run at least weekly, and other software patches and updates can run monthly or according to the patch release cycle.
Whichever option your organization chooses, it’s important to make patches and updates a priority.
4. Back Up Your Data
Ransomware attacks often leave organizations without access to their most important files, and in some cases, all their files. Ransomware is popular because hackers know how highly you value your data. When faced with losing everything or paying a ransom, districts often choose to pay.
If you pay hackers, you might motivate them to continue attacking. You could even encourage other hacking groups to target your organization. Fortunately, giving in doesn’t have to be your only option.
How Often Should You Run Backups?
Cybersecurity professionals promote data backups, which are partial or full copies of an organization’s systems, as a best practice for defending against cybercrime. If your systems are infected with ransomware, you can simply roll to a previous backup:
- Some organizations take daily or weekly snapshots of their network environment.
- Others run partial backups periodically throughout the day.
- Networks and systems vary. Consult your technology team to determine the right size, frequency, and location of your backups.
A 2020 study by Sophos found that among organizations impacted by ransomware, twice as many were able to retrieve their data with backups rather than paying a ransom, and the cost of the disruption was less than half what it was to those who paid up.
Why You Should Store Your Backups Offsite
Recent ransomware variants are programmed to look for onsite (located in your local network) backups and lock or destroy them. To protect backups from ransomware attacks, many organizations and security leaders recommend storing your backups at an offsite location. If that’s not an option, disconnect them or power them down after backups run.
39 Seconds Is All It Takes
A cyberattack happens every 39 seconds. The frequency of attacks, along with their rapidly rising costs, is creating a challenging cyber coverage market.
Most insurance carriers are tightening their underwriting guidelines, limiting or declining coverage, and increasing premiums. They’re also asking questions about how customers are guarding against attacks.
Launching a cybersecurity program that accounts for the spectrum of risk your schools face can seem overwhelming. These four best practices can go a long way toward protecting your data and showing insurance carriers you’re serious about cybersecurity:
- Comply with state cybersecurity requirements.
- Allow software patches to run.
- Implement multifactor authentication.
- Back up your data.
Lucas Anderson joined TASB Risk Management Services in 2019, bringing more than a decade of experience in cybersecurity, network administration, and information technology. He advises districts on preemptive mitigation against ongoing and emerging cybercriminal threats targeting the education sector, as well as cybersecurity-related regulatory compliance.
Over his career, Anderson has supported public and private organizations, including Booz Allen Hamilton, the White House Office of Management and Budget, the Department of Defense, and the Texas Association of Counties.