In a time when they say it’s a matter of when not if, and it never happens at a good time; How do you support your IT staff when you are under attack? It could have been a click of a link, a comprised password, an update that was forgotten. However you got there it doesn’t really matter. It is how you sail your ship in the storm and what you do after the storm that matters most.
We reached out to Craig Barnum who was executive director of digital literacy and information technology for the Cedar Rapids Community School District when Cedar Rapids experienced a cyberattack. When he told the story it started like most cyberattack stories do during the most inopportune time. What stuck out to me with Craig’s story was how they navigated out of the storm and what they did after. They rebuilt instead of restoring. They built not only to rebuild but also become a resilient enterprise. They stayed unified as they rebuilt, and Craig said he never felt like the IT staff was blamed for the incident. One of the poignant things Craig said was he always thought that teaching and learning should come first. Then after the incident he reflected on this and how his thinking shifted. Now it should be security first and then teaching and learning.
With budgets shrinking, unfunded mandates, staffing shortages, and inflation, planning where educational funding goes can be quite challenging in today’s landscape. Do you buy the new reading program that is researched based and extremely effective, or do you allocate the funds to cybersecurity and creating a more secure environment?
When you are sailing through the storm remember to support your cybersecurity staff. Be reflective in your practice and learn from this experience. If you are facing an attack or preparing for a safer future you need to make security a main priority.
-Document: Documentation is key. Document changes you make to your environment to heighten security. Refer to the NIST Framework for guidance.
-Prepare an incident response plan, business continuity plan, and disaster recovery plan that are functional and can be followed by staff outside of the IT team. Make sure to have contacts listed with updated phone numbers and email addresses. Make sure they are saved in a secure place and make sure you have a printed copy stored in a safe place that can be accessed if you lose access to your network.
-Review acceptable use policies, password policies, data governance, etc.
-Participate in tabletop exercises to prepare for certain situations. These tabletop exercises should be inclusive of administration and stakeholders outside the IT team.
-Be familiar with your cybersecurity insurance policy and have a relationship with a cybersecurity company that your cybersecurity insurance company will partner with. Do this ahead of time and see if there is potential for a retainer so that you do not need financial approval in the middle of a cybersecurity attack.
-If an incident arises seek legal counsel so that you are in compliance with regulations and have a communication plan in place ahead of time.
-Participate in Cybersecurity Assessments and penetration testing. Make sure there is funding budgeted for this as well as allocations for remediation.
-Be aware of funding sources and grants that are available to use towards cybersecurity.
-Have agreements in place with outside agencies and vendors and understand fully how they will be interacting with your data and PII as well as access to your network and facilities.
-Review your cybersecurity tools and make sure you have them updated, the right security settings in place, and enough cybersecurity in place to secure your environment. (Firewalls, filters, MDR, SOC, EDR, XDR, encryption, multifactor authentication, log retention, Email security, cybersecurity training and phishing simulations, etc.)
-Cybersecurity awareness training is so important and should involve everyone, not just your IT staff. Knowledge is powerful and human error is involved in a majority of breaches.
Remember just like we would not blame our custodian for our full garbage can in our room, we need to support our cybersecurity and IT staff. As we increase the safeguards in our environment, procedures may become more laborious and inconvenient. But they are there for a reason.
Author: Catie Cahill, CoSN Early Career Graduate, CoSN Cybersecurity Committee
Edited by: William Brackett, CoSN Cybersecurity Committee, Director of IT Services, Oak Park Elementary District 97 (IL)
Published on: October 29, 2024
CoSN is vendor-neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.