CoSN’s 2021 IT leadership surveys found that cybersecurity remains a top concern among chief technology officers across the nation.

I spoke with David, the Director of Information Services in a smaller district (~5000 students) in the Midwest about what his district is doing to prepare for cyber-attacks this school year.

Their core philosophy is that attacks are inevitablebut the district should do everything it can to reduce their impact.

The following are the key success factors of their cybersecurity defense plan:

Professional Networks. Professional networks have been critical in supporting efforts to increase cybersecurity practices and funding. Their District meets monthly with a county-wide Technology Consortium to exchange ideas and talk about best practices with Directors and Sysadmins. This is where many of their Districts’ successful ideas emerged – once one District adopts something, others tend to model in similar ways. Local, State and National consortiums like CoSN provide best practices for combating cybersecurity.

Data Backups. Part of planning for cybersecurity is being realistic about its occurrence. Loss of data by way of crashes or breaches can wreak havoc on internal systems. Data backups are key to this District’s comeback strategy – they currently have several backup models with the focus of being immutable and air-gapped. Data backups ensure that they can recover data if it is stolen or lost within an affordable time frame. Districts need multiple places to backup data both in the cloud and on premises; it should be scheduled and tested frequently.

Strict Policies and Procedures. David’s District has struggled with the tradeoff between protection and autonomy, but they understand the risks at stake. Their Technology department made the decision to provide administrative rights exclusively to the Technology team. They provide a Software Store for staff to install pre-approved applications at their leisure. The key is to provide the software but keep the security posture in place. They are also working toward MFA for all users. This helps secure users on edge devices that may have a higher level of access in the system. Centralizing administrative rights to the technology department protects student data privacy and lowers the risk of vulnerabilities in the system.

External Audits. Their District participates in annual audits of their cybersecurity practices to identify weaknesses in their system. They also change the vendor that does their audit from year to year to gain a diverse set of recommendations and action items. For Districts that don’t have large technology budgets, there are lots of free tools online that are a good starting point to discover best practices including CoSN’s Cybersecurity toolkit. Districts should continually assess what they can be doing to improve their defenses as the landscape is changing almost hourly. Annual or Semi-annual audits are recommended to Districts as threats continue to evolve.

Security Event and Incident Management (SEIM) system. Purchasing the SEIM system has greatly improved the district’s capabilities to detect and respond to attacks. The decision to purchase the system came when the district was considering hiring another staff member or two to manage cybersecurity threats. While the system isn’t cheap, it is able to detect threats 24/7 and is faster than human capability. The software was purchased under a 5-year contract and is able to detect any suspicious activity and isolate it before it spreads through the entire system. Part of its success is the work that the district has done on interoperability, ensuring that the AI system can find threats in the cloud, data center, internal network, or IoT devices. It analyzes device behavior and data to detect new threats. Most cybersecurity platforms are moving to subscription-based models to stay current with the growing threat environments with cloud-based AI. This allows customers to scale capability and cost where it makes sense. While an automated system is effective, it is also important to plan for training and staffing to manage the system and the responses. AI-driven threat detection is effective at preventing attacks and is a tool that IT leaders should consider purchasing for their cybersecurity arsenal.

Mardi Crean, MPP
Membership Coordinator, CoSN

CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.