K12 school districts are increasingly targeted by cybercriminals. What can district leaders do to protect their data, keep their schools running smoothly, and invest funds wisely? And why does it matter, anyway?
Mike Bianco, the vice president of information and data security at Skyward and certified information systems security professional, explains how the SIS & ERP company prioritizes security because student data is precious.
Security and safety are connected
“Security and safety are connected,” Bianco said. “When identity, access, and monitoring are strong, we reduce opportunities for data abuse, online harassment, and account takeovers that can put students at risk. We also point districts to federal K–12 cyber‑safety resources to reinforce safe practices at school and at home.”When it comes to guiding Skyward’s policies and commitments to student data security, Bianco is responsible for three primary things: security strategy, incident response, and third-party testing and audits. One of the major tactics Bianco has doubled down on is MFA, which stands for multi-factor authentication.
A leader in edtech security
“First of all, we [Skyward] are a leader in security because we didn’t just add MFA as a checkbox—we built it right in, made it a must-have, and gave districts straightforward advice for rolling it out,” Bianco emphasized. “Second, we proactively validate our security. We added crowdsourced testing through Bugcrowd in addition to traditional application penetration testing—so we’ve got more eyes, earlier, on the places that matter most.”Bugcrowd is a coordinated vulnerability disclosure and bounty program that goes beyond traditional application penetration testing. Vetted researchers rigorously test areas including login, MFA, and APIs—traditional weak spots criminals target. This strategy deepens the coverage and introduces diverse techniques to spot problems before they reach the user.
“Third, we will never stop making security improvements,” Bianco added. This includes our cloud hosted environments, maintaining a documented incident response plan, and conducting regular exercises to ensure preparedness. We use a multi-layered security approach, so even if one line of defense is tested, we’ve got backup measures ready to keep things safe.”
But this is just the beginning of the edtech vendor’s impact on district security culture. When asked what districts can do on their own to maximize digital security, Bianco suggested they think like a hacker.
Protect identity first
“Start where attackers start: identity,” Bianco said. “Turn on MFA for business office and privileged accounts first, then expand to staff and high risk roles. Pair it with SSO [single-sign on], least privilege security groups, IP address restricted security groups, EDR on endpoints, and a tested incident response plan.“The security available in Skyward’s Secure Cloud is best of class, so move critical Skyward data there. Then move to SSO, EDR, and routine access reviews. Those moves stop the most common attacks cold. “Finally, lock down email (BEC is still rampant) and don’t forget the human layer—continuous phishing awareness wins. We’ve published top recommendations articles and checklists districts can follow to get started,” Bianco suggested.
What’s next for cybersecurity?
Bianco recently showcased edtech security at EdProtect, which is a research initiative led by UC Berkeley’s Center for Long-Term Cybersecurity along with Bugcrowd. This meeting of the edtech security minds reviewed their findings, examined remediation progress, and identified next steps with both researchers and program partners. “Security is a team sport,” Bianco emphasized. “We value our Skyward customers’ feedback and their collaborative spirit—their guidance shapes our approach and enhances our security. Together, we’re setting the standard and leading the edtech industry forward into security excellence.”Follow-up resource: We need you to fight ransomware in schools
How can everyone help protecte the school district's precious data from falling into nefarious hands? Read all about it.WHAT'S NEXT FOR YOUR EDTECH? The right combo of tools & support retains staff and serves students better. We'd love to help. Visit skyward.com/get-started to learn more.
|
Erin Werra Blogger, Researcher, and Edvocate |
Erin Werra is a content writer and strategist at Skyward’s Advancing K12 blog. Her writing about K12 edtech, data, security, social-emotional learning, and leadership has appeared in THE Journal, District Administration, eSchool News, and more. She enjoys puzzling over details to make K12 edtech info accessible for all. Outside of edtech, she’s waxing poetic about motherhood, personality traits, and self-growth.
