Are You Prepared for the Next Cyber Attack?
Labor Day 2022—instead of the usual beginning-of-the-school-year exercises, Los Angeles Unified School District administrators had to deal with a ransomware attack that shut down its computer systems.
During the edLeader Panel, “Cybersecurity in Today’s Learning Environments: What School Leaders Must Know and Do,” superintendents and a chief technology officer said not only is the attack not surprising, but all districts should be preparing themselves for the next cybersecurity breach because whether for money or just because hackers can, there will be more attacks.
According to EdTech Trends and Funding: A CoSN Member Survey 2022, cybersecurity is the number-one pain point in districts, and network security is the area in need of the most improvement. That’s because cybercriminals aren’t stopping, said the panelists. They identified five key attacks targeting schools:
- Distributed Denial-of-Service
- Data Breach
- IOT (Internet of Things) Vulnerabilities
Since hackers are constantly looking for new ways to disrupt systems, districts must constantly analyze and update their plans. As part of its EmpowerED Superintendents Initiative, CoSN identified five key areas to address regarding cybersecurity.
- Liability–Cyber-attack insurance is becoming inaccessible due to the depth and number of attacks, and hackers could target any person or system in the building. However, the panelists said it’s not that teachers and staff don’t know that there are cyber threats, but they don’t always understand the implications of their actions. They found it helpful to talk with staff about how and why they protect their personal devices and then draw connections to the school environment.
- Legal Requirements–Similar to liability, all teachers and staff need to have at least a basic understanding of the legal requirements—it can’t just be the purview of the IT department or legal. However, a quick session during an in-service isn’t enough. The training needs to be ongoing—especially because states are constantly adding and updating the requirements. In addition, even if the staff member (or student) isn’t quite sure what’s going on, they should know where and how to report a potential issue.
- Reputation–Unfortunately, district leaders can’t do much about public perception at the moment of attack. And no matter how the attack began, superintendents should take responsibility for how the schools handle it. However, superintendents can move public opinion by how they respond to the crisis. That means having an incident plan—which has the buy-in of all departments—ready to implement, communicating the plan to the community, and constantly updating them on the progress. By being transparent about what schools know and what will happen next, they can regain some public confidence.
- Teaching and Learning–Again, this is all about planning. Schools rely on so much technology for instruction, from attendance to collecting assignments, and for day-to-day operations (e.g., school lunches). Administrators must know how the school will operate in case of an emergency. Of particular concern are students who use any form of assistive technology.
- Student Digital Records–The panelists noted that some people ask why someone would want student information. One reason is that younger students aren’t often checking their credit records. But when they apply for a loan when they’re older—or even try to open a bank account—they discover their identity has been stolen. Thus, the panelists advocate for strict vetting procedures for all technology. (Don’t let teachers download that app!)
Finally, the panelists offered their key takeaways for protecting digital assets.
- Make cybersecurity an organizational issue
- Employ continuous monitoring and schedule regular audits to make sure you are staying a pace of potential threats
- Provide continuous training for teachers, staff, students—anyone associated with the school
Learn more about this edWeb broadcast, “Cybersecurity in Today’s Learning Environments: What School Leaders Must Know and Do,” sponsored by ClassLink and co-hosted by CoSN and AASA.
Join the Community
Super-Connected is a free professional learning community for school superintendents, district leadership, and aspiring district leaders.
AASA is the premier association for school system leaders and serves as the national voice for public education and district leadership on Capitol Hill.
CoSN (the Consortium for School Networking) is the premier professional association for school system technology leaders. CoSN provides thought leadership resources, community, best practices and advocacy tools to help leaders succeed in the digital transformation. CoSN represents over 13 million students in school districts nationwide and continues to grow as a powerful and influential voice in K-12 education.
ClassLink empowers your students and teachers with instant access to their learning resources. ClassLink® LaunchPad includes a library of over 6,000 single sign-on apps and instant links to file folders at school and on Google, Office 365, Dropbox, and Box cloud drives. ClassLink Roster Server easily and securely delivers class rosters to any publisher using open technology standards. ClassLink Analytics gives decision makers the usage data they need. ClassLink is ideal for 1 to1 and BYOD initiatives.
Blog post by Stacey Pusey, based on this edLeader Panel