3 Strategies for Holistic Cybersecurity

#Technology

Austin Anderson

by Austin Anderson

Austin Anderson Edtech Thought Leader

Read time:

Schools are prime targets for cybercriminals not because their data is pricelessly valuable, but because criminals know school IT teams are chronically overworked, understaffed, and working within a tight budget.

While it’s important to invest in purposefully built and trustworthy software solutions, that’s just the beginning. Invest in your school’s cyberculture instead of isolating data security practices to IT teams alone, and soon keeping data safe becomes everyone’s job. A holistic approach to cybersecurity might be one of the strongest school CTOs and their teams can employ.

What does holistic cybersecurity look like?

Network security can conjure up images of a firewall that keeps bad guys out and only lets certain things in. It might be antivirus software installed, a network security plan, or some other high-level strategy. All these solutions are crucial, but there’s still more work to be done.

Just like you or I listen to the expert advice of doctors, we also partake in everyday practices to keep ourselves healthy. It’s the same concept with cybersecurity. A holistic approach invites everyone to learn more to scrutinize their own cyberspace habits. Training programs like KnowBe4 help users shift their mindset from passive trust of software to a proactive use of services including applications, social media, and other systems. The information employees share on personal social media is regularly mined by bad actors to gather intelligence they can use to infiltrate networks. Holistic cybersecurity strategies teach folks how to protect both personal and professional networks. Anyone can learn how to be more mindful in online spaces, and every little bit of practice helps secure district networks.

Though we tend to imagine computer networks as cloud formations, they also need very practical care. Physical security for data centers, hardware, and network devices all help keep systems out of harm’s way. Ensure doors lock and that data centers aren’t doing double-duty storing liquids or other items that might pose a physical threat.

Above all, this holistic approach (physical, software, and human firewall working together) is designed to work proactively to protect private data and minimize downtime. There’s no better time to improve than when you’re already feeling confident.

Get your leaders on board

Leading by example pays dividends for many reasons. It will help to roll out security changes to administrators, business managers, and leaders first. These folks have the largest share of responsibility in systems, and they’re most likely to be targeted in a phishing or other type of cyberattack. They should be the first people to be secured and the first to understand the stakes—that way, their training can trickle down to their peers, teams, and students. Understanding the “why” behind increased security measures is a worthwhile investment. That way, rather than advocating for IT to “ease up,” leaders can emphasize the importance of constant vigilance, even when users complain about using multi-factor authentication or other extra-secure steps.

Time spent recovering from an attack takes exponentially longer than strengthening your defense. A recent U.S. Government Accountability Office study found that learning time lost post-attack ranged from three days to three weeks (!) while total recovery time took up to nine months.

Off-campus, cyberattacks shake the strong foundation of trust school leaders work tirelessly to build. It’s not fair to the district leaders, but an even stronger motivator to look at every email, attachment, and link with a critical eye. After all, the cost of proactive security is far less than reactive security.

Maximize the tools you already have

Take part in professional development experiences. Your student information system (SIS), enterprise resource planning solution (ERP), and learning management system (LMS) all contain built-in security measures, including task-based permissions, geofencing, and more.

Now’s the time to maximize your interoperability capabilities and implement single sign on (SSO) solutions. Fewer paths of entry to exploit plus a better UX is a win/win for staff, students, and your IT team.

Plus, hardware and network partnerships provide much-needed trustworthy support and backup for your in-house technology teams.

Get your students on board

Contrary to popular belief, students aren’t really the technology wizards we might imagine them to be. It’s true they’ve been surfing the Web since they could read, but that comfort simply means they don’t know quite how to protect themselves (and their personal data) online.

Digital citizenship skills are wholly appropriate and crucial at school and outside it. Why not teach great online safety tips to protect students on school devices, since hopefully, those good digital habits will translate to their personal devices? Parents can learn a thing or two as well.

Finally, students using school credentials on social media led to a new type of cyberattack for Las Vegas schools. Teaching good social media strategies to students can not only protect their own accounts but also your heavily protected edtech.

School data is worth protecting. Get everyone involved and lean on great technology partners, and your chances of weathering the rough seas of cyberattacks increase.

Follow-up resource: We need you to fight ransomware in K12 schools

Learn the steps for preparing and responding to ransomware attacks.