10 Quick Tips for Cybersecurity Awareness Month

Cybercriminals target human behavior 45% more often than technical vulnerabilities. Schools are top targets for cybercrime, and Cybersecurity Awareness Month in October is the perfect time to raise awareness. Here are 10 simple tips to help you get started. 

Tip 1. Comply with the Law

State law requires public school districts to designate a cybersecurity coordinator and maintain a cybersecurity annex as part of their emergency operations plan. The Texas School Safety Center offers a cybersecurity annex template and checklist.

Tip 2. Back Up Your Data

Keep multiple copies offline, offsite, or powered down to protect against ransomware. Test your backups regularly to confirm they can be restored.

Tip 3. Protect Your Credentials

Use long, memorable passphrases instead of short,  weak passwords. Don't share your credentials or leave them where others can find them. Use a password manager so only you hold the keys.

Tip 4. Vet Your Vendors

Third-party vendors are a leading cause of breaches in schools. Carefully vet your vendors, require proof of compliance, and monitor them over time. Review vendor privacy agreements carefully so sensitive data doesn’t get compromised. The Texas Student Privacy Alliance offers a DPA template for reference.

Tip 5. Don't Take the Bait

Phishing attacks often look convincing, but they can unleash chaos. Train staff to pause and hover over links, check sender addresses, and verify unusual requests. Run regular cybersecurity drills so staff know how to respond to phishing scams and other cyberattacks.

Tip 6. Beef Up Your Expertise

Strategic cyber roles such as a Chief Technology Officer and Chief Security Officer can beef up your in-house expertise and guide your cyberdefense strategy.

Tip 7. Verify Banking and Payment Changes

The Fund Data Privacy and Information Security Coverage Agreement requires members to authenticate third party payment-related instructions independently from the received communication. Other coverage providers have similar requirements. Learn more about independent authentication. For added protection, require two people to approve financial account changes for added protection

Tip 8. Update Software

Run regular vulnerability scans to clear weaknesses, and apply patches and updates to antivirus, operating systems, and applications.

Tip 9. Clean Up Privileges

Hackers who gain access to your system can’t do much without administrative privileges. Privilege-access management tools help you control who can do what in your network. Similarly, users should have only the access necessary to do their jobs. Use identity and access management tools to control cloud permissions and remove unnecessary access.

Tip 10. Team Up with Allies

Join information-sharing groups like K12 SIX or Texas ISAO to exchange threat intelligence and strengthen defenses together.