From phishing scams to data loss to outside vendors misusing remote access, the digital world is rife with risk for schools. But, as anyone who has ever created policies knows, the users are the weak link. When it comes to cybersecurity, “your technology department can help, but they’re only part of the solution. Firewalls, VPN, all that techy stuff does help protect you, but it's usually failures of people making mistakes that are the root of many cybersecurity issues,” said Shandor Simon, director of technology, The Latin School of Chicago, in a recent NBOA webinar.
Who should be on board to support IT? Schools should have a team made up of folks involved with risk management, crisis management and communication, insurance, policies, and training, suggested Simon and co-presenter Alex Inman, founder and president of Educational Collaborators, based in St. Louis, Missouri. “These people should come from all around the school: you need your communications team, your leadership team, your HR team, your business and finance team to all be part of the solution,” Simon said.
These people should come from all around the school: you need your communications team, your leadership team, your HR team, your business and finance team to all be part of the solution.
Shandor SimonThe Latin School of Chicago
In one scenario presented by Simon and Inman, a school nurse inappropriately shared sensitive data. Simon and Inman suggested that the first thing a school do is activate its crisis plan and then get on the phone with an attorney “pretty fast” to learn about the school’s liability.
They suggested that preventative measures in this case would include cybersecurity training that occurs more than once a year and updating and publishing internal privacy and confidentiality policies that focus on handling secure data. They also stressed the importance of “bi-directional communication between the business offices, staff offices, and IT to make sure that that sensitive information is appropriately tagged as sensitive information.”
Again, everyone needs to be in the loop and understand what’s at stake.
To figure out where some of your problems occur, it’s worthwhile getting a cybersecurity assessment, Simon suggested. “You’ll get a handful of recommendations usually in the form of smart goals that are specific, measurable, achievable, relevant, and time-bound, so you can actually do something about them.”
Simon and Inman suggested taking a look at the following resources to help schools keep up with cybersecurity:
Greetings from Kazakhstan: Hackers Target Independent Schools (Sept/Oct 2015)
Your Money or Your Data: Dangers of Ransomware (Sept/Oct 2016)
A School’s Last Phishing Trip (March 2017, web-only)
Risk & Compliance: Cybersecurity and Master Planning (July/August 2017)
Sign in to leave a comment
Get Net Assets NOW
NBOA's free twice-monthly newsletter
1400 I Street, NW, Suite 675Washington, DC 20005www.nboa.org