Aug 21
2021
The Cost of Proactive vs. Reactive Data Security
By Erin Werra, writer, Skyward’s Advancing K12 blog.
This past year, K12 schools became the top targets of ransomware attacks. In August and September 2020, districts accounted for 57% of reported ransomware attacks. You know the threat is out there, but is your district prepared?
Nothing worth having is free. Create a strong plan when things are going well, and you’ll be grateful if disaster strikes.
Security teams
Brilliant teams are run by people, not by machines. Salary, training, and planning fall under this category.
Has your security team grown in proportion with ransomware risks? According to CoSN’s 2020 EdTech Leadership survey, 69% of districts say they are proactive or very proactive—but less than 20% of respondents had a dedicated full-time employee responsible for cybersecurity. 46% listed it as a shared responsibility, 30% “part of the job,” and 10% ad-hoc. This means an overwhelming majority of school districts run the risk of cybersecurity missteps or passing the buck.
One study by ISC2, a professional IT organization, shows more than 4 million cybersecurity jobs are unfilled worldwide. Not only is this a potential blind spot, but it’s an opportunity for students pursuing STEM and computer science fields.
Backup services
Know your data recovery options. Data hosting services may offer multiple options for backup and recovery, but multiple data centers should be a priority. Whether hosting offsite or in person, frequent backups are crucial.
Single sign-on
Humans creating passwords is one of the weakest points of any network. Single sign-on uses multiple strategies to strengthen security, as well as makes logging on to the many, many different ed tech solutions any given district relies on much easier.
Training programs
Constant vigilance is easier when training prompts frequent reminders. Your team members all possess wildly different levels of tech savviness—even the most grizzled veterans of the computer sciences benefit from security training updates. Security training creates a unified set of standards for everyone to follow and may even give you a baseline set of data, so you know where to add training.
Crisis communication templates
Hope for the best, prepare for the worst, and create templates when the worst is yet to come. Readers will appreciate calm, collected communication more than a slapdash letter in the event of a data breach.