Nov 21
2024
3 Strategies for Holistic Cybersecurity
By Austin Anderson, a certified network engineer and IT professional, who travels around Wisconsin helping school districts secure and optimize their networks.
Schools are prime targets for cybercriminals not because their data is pricelessly valuable, but because criminals know school IT teams are chronically overworked, understaffed, and working within a tight budget.
While it’s important to invest in purposefully built and trustworthy software solutions, that’s just the beginning. Invest in your school’s cyberculture instead of isolating data security practices to IT teams alone, and soon keeping data safe becomes everyone’s job. A holistic approach to cybersecurity might be one of the strongest school CTOs and their teams can employ.
What does holistic cybersecurity look like?
Network security can conjure up images of a firewall that keeps bad guys out and only lets certain things in. It might be antivirus software installed, a network security plan, or some other high-level strategy. All these solutions are crucial, but there’s still more work to be done.
Just like you or I listen to the expert advice of doctors, we also partake in everyday practices to keep ourselves healthy. It’s the same concept with cybersecurity. A holistic approach invites everyone to learn more to scrutinize their own cyberspace habits. Training programs like KnowBe4 help users shift their mindset from passive trust of software to a proactive use of services including applications, social media, and other systems. The information employees share on personal social media is regularly mined by bad actors to gather intelligence they can use to infiltrate networks. Holistic cybersecurity strategies teach folks how to protect both personal and professional networks. Anyone can learn how to be more mindful in online spaces, and every little bit of practice helps secure district networks.
Though we tend to imagine computer networks as cloud formations, they also need very practical care. Physical security for data centers, hardware, and network devices all help keep systems out of harm’s way. Ensure doors lock and that data centers aren’t doing double-duty storing liquids or other items that might pose a physical threat.
Above all, this holistic approach (physical, software, and human firewall working together) is designed to work proactively to protect private data and minimize downtime. There’s no better time to improve than when you’re already feeling confident.
Get your leaders on board
Leading by example pays dividends for many reasons. It will help to roll out security changes to administrators, business managers, and leaders first. These folks have the largest share of responsibility in systems, and they’re most likely to be targeted in a phishing or other type of cyberattack. They should be the first people to be secured and the first to understand the stakes—that way, their training can trickle down to their peers, teams, and students. Understanding the “why” behind increased security measures is a worthwhile investment. That way, rather than advocating for IT to “ease up,” leaders can emphasize the importance of constant vigilance, even when users complain about using multi-factor authentication or other extra-secure steps.
Time spent recovering from an attack takes exponentially longer than strengthening your defense. A recent U.S. Government Accountability Office study found that learning time lost post-attack ranged from three days to three weeks (!) while total recovery time took up to nine months.