Home CTO/CIO Cybersecurity Resources for Planning, Prevention, and Safeguarding Data

Cybersecurity Resources for Planning, Prevention, and Safeguarding Data

by Miguel Guhlin
phone, pencil, earbuds, and eyeglasses

As Cybersecurity Month 2021 looms, I am reminded of two incidents that occurred under my watch as a technology director. The first was a ransomware attack due to a Yahoo email attachment. At an elementary school, the ransomware knocked the point of sale food service computers offline. The problem had hit right after lunch. But no one reported it until late in the day. Consequently, I scrambled the team and descended on the campus at 4 p.m. on a Friday afternoon. Then, the second ransomware attack came. As a result of this attack, five years of federal reporting data went missing. With a data protection impact assessment or privacy impact assessment, the issues might have been lessened. It was all preventable if only district staff had listened to recommendations.

“I don’t think there’s a school district in America that doesn’t have important digital assets sitting on a computer somewhere that needs to be protected,” said Michael Kaiser, executive director of the National Cybersecurity Alliance. “We know schools sometimes don’t like to report incidents. Responding right away and bringing in law enforcement should be encouraged.”

Source: Cybersecurity in K-12 education

Recent Cyber Incidents

In August of 2021, there were 84 cyber incidents worldwide. Those accounted for 60,854,828 breached records (source). Here are a few more in the last few months, which affected school districts in the United States:

September 2021 wasn’t looking any more promising than August. For example, at the time this blog entry was written, North East ISD in San Antonio, Texas reported a potential breach as well. Would anyone argue that there isn’t a problem?

Have You Seen This?

If you go to StopRansomware.gov, you will access a resource from the United States Government. Once there, you can access resources, a newsroom, see alerts, and report ransomware.

NBC News Reports Leaked Children’s Data

In their article Hackers Are Leaking Children’s Data — and There’s Little Parents Can Do, NBC News reported data breaches for over 1,200 school districts in 2021. Here is just some of the harrowing information from the article:

“Some of the data is personal, like medical conditions or family financial statuses. Other pieces of data, such as Social Security numbers or birthdays, are permanent indicators of who they are. Their theft can set up a child for a lifetime of potential identity theft.”

“One of those [files], still posted online, is an Excel spreadsheet. It lists approximately 16,000 students. That is, roughly, the combined student population of Weslaco’s 20 schools last year. It lists students by name and includes entries for their date of birth, race, and gender.  Social Security number is indicated as well as whether they’re an immigrant, homeless, marked as economically disadvantaged. It also flags those potentially dyslexic.”

cybersecurity week

Safeguarding Sensitive Data

What can students and their parents do? Check out some suggested steps, including freezing student credit while they are still underage.

You can also get a copy of my free guide Safeguarding Sensitive Data: Data Breach Prevention and Response Plan. It’s available as a Google Doc or an electronic ebook (ePub format). In it, you will find suggestions on prevention. You will also find policies to put into place which I developed to guide my school district’s efforts. Is your organization ready for ransomware and data breaches?

Explore Relevant Resources

In the meantime, what can school districts do? Focus on prevention with proactive measures instead of being reactionary. Most importantly, safeguard against ransomware and cyberattacks. In addition, provide professional learning for all staff on how to protect sensitive data. Finally, take the time to review cybersecurity resources and guides like the resources I provide here.

cybersecurity week

Resource #1: The Cybersecurity Workforce Training Guide

Not sure where to start? Explore the Cybersecurity Workforce Training Guide released in August of 2021. The guide helps professionals develop a training plan. It also provides over 100 training resources and certification prep courses for technical support. The guide is interactive and available online. At the very least, it suggests that this topic requires study.

Resource #2: National Standards for Districts

In August of 2021, the K12 Security Information Exchange (K12 SIX) shared resources that include protective measures every school district should put in place.

cybersecurity week

Resource #3: Cybersecurity K-12 Fact Sheet

Need assistance in selling the message? Grab a copy of the Cybersecurity K-12 Fact Sheet. It can help you explain the complexities of protecting your school’s data assets. For this purpose, it covers a wide variety of topics, including cyber insurance. Another great resource to consider is The Data Breach Survival Guide.

Resource #4: Statewide Cybersecurity Awareness and Training

Looking for a starting point aside from what has been shared above? Take a look at Texas’ Statewide Cybersecurity Awareness Training website. You may also find the Texas Cybersecurity Council resources worth looking into. As you may not know:

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees to complete a certified training program. The statute also requires state and local government employees to complete a certified training program.

School districts only need to have a cybersecurity coordinator to receive the training. A reporting form is available online.

Start the Work

Cybersecurity Month (October 2021) may be the time your organization takes cybersecurity, protecting against data breaches, seriously. If not, consequently, the next major network news source may find your district’s student confidential data on the dark web.


Did You Know?

TCEA offers an online, self-paced course to prepare you to protect your own and district data. It is geared towards individuals who may want to learn more about safeguarding sensitive data. Register now for TCEA’s Data Guardian course.

Feature Image Source

Photo by Dan Nelson on Unsplash

You may also like

Leave a Comment

You've Made It This Far

Like what you're reading? Sign up to stay connected with us.

 

 

*By downloading, you are subscribing to our email list which includes our daily blog straight to your inbox and marketing emails. It can take up to 7 days for you to be added. You can change your preferences at any time. 

You have Successfully Subscribed!