The pandemic has completely shifted the cybersecurity landscape that we must navigate to protect the data of our students and staff. A few years ago – when students did the majority of their learning from the school building – education technologists focused on keeping their campuses and networks secure. Now, with more students and staff using their school-issued devices outside of school, the “perimeter” that we need to keep secure has expanded immensely. Even the way in which bad actors conduct cybersecurity attacks has changed. And it’s more important than ever to ensure that you have the right process and procedures in place to protect your district.
We checked in with Vince Scheivert to learn more about how the pandemic has shifted cybersecurity and how education technologists need to constantly be monitoring and improving their security — with support from district leadership — to keep bad actors (cyber attackers) at bay.
With more than 20 years of experience, Scheivert understands that a “set it and forget it” model for cybersecurity is not effective when it comes to keeping school districts’ data safe. “You have to understand, evaluate, and assess overall cyber risk to make good decisions,” said Scheivert.
Sound decision making is a key ingredient to keeping your school system safe. It’s essential for your organization to consider your cybersecurity risk and what’s important to you now. For many school systems, that can be a difficult conversation to have. For example, Telos provides the capability for an organization to understand and evaluate their overall risk and risk posture and identify what things they need to take into consideration.
Bad actor strategies of today are different than those of yesterday and tomorrow
Why do you need to know what to prioritize when it comes to your district’s security? Because bad actors are constantly changing how they attack. “If you’re planning for a ransomware attack from two years ago, then you’re not planning for today,” said Scheivert. He went on to explain that a pre-pandemic malicious actor would typically attack your system using a “land and expand” method, in which a virus would infect your system and encrypt it as fast as possible, and then ask you to pay for it. Now, that actor will gain access to your environment, sit on your data and collect information about you to assess your ability to pay. They’ll collect secrets to embarrass an organization or employees of the organization, and it becomes more of a true ransom, Scheivert explained. Then, they’ll cause a disruption. “It’s a billion-dollar business,” said Scheivert. “It’s not a kid sitting in his grandma’s basement who’s going to make $50. These payouts are in the millions.”
Think of cybersecurity protection like keeping your home safe. Education technologists need to keep innovating because, at some point, bad actors may try to get the keys to the house. So, you need to keep your house key on a rotation to stay ahead and make it difficult for someone to get into your house. “You need to be flexible and agile — you need to understand that cybersecurity is a continual cycle of improvement,” said Scheivert. “It’s not a finish line.” Many education technologists may think that after an assessment, they are good for a year, but Scheivert said that that’s not the case. Everyone can have a bad day — do you know how to mitigate your risk?
How to gain leadership support
If your school district hasn’t prioritized cybersecurity as much as you need to or you don’t have leadership support, “transparency and communication are paramount for anyone starting out,” said Scheivert.
It’s imperative to same-page with leadership because when you don’t see eye-to-eye on cybersecurity is when you might be keeping the front door to your district’s data wide open. “Whenever there’s a discrepancy with your risk posture and the Superintendent or the school board or the community, that’s where bad things happen to good people,” said Scheivert. “Make sure that you understand your risk posture, communicate it with leadership, and have a shared expectation of what you’re capable of implementing.”
Prioritizing cybersecurity with pandemic lessons learned
The pandemic has changed school systems in many ways from eliminating their perimeter to the types of cybersecurity threats that can be executed. Due to weakening security postures of most school divisions, they’ve become a more attractive target for malicious actors. During that time, many school districts were working fast to get devices and connectivity to people — but now is the time to go back and evaluate your cybersecurity processes and procedures, securing your doors, Scheivert shared. “We can no longer say cybersecurity is not for us, that it’s too much, too complex, too difficult for us to implement,” said Scheivert. “If we’re going to take the responsibility of providing devices and connectivity, then we should have the ability to also do that safely and securely. Otherwise, one without the other is just irresponsible.”
Author: Stephanie King, Driving K12 Innovation
Thank you Vince Scheivert, VP of Technology Sales Telos, Gold Sponsor
CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.
