A brief discussion with Andrea Tejedor, Educational Strategist at Bluum
Five million, eight hundred and forty-three thousand, four hundred and eighty (5, 843,480). That's the number of devices in the education industry that have reported enterprise malware encounters in the last 30 days, according to Microsoft Security Intelligence. This makes education the largest affected industry in front of retail, healthcare and high-tech. Undoubtedly, hackers are constantly sharpening their skills and the common cyber threats they cause are evolving.
With schools adopting new EdTech tools and creating more innovative learning environments, digitally responsive educational organizations are encouraged to be more vigilant in strengthening their cybersecurity defenses to deal with new and emerging attacks. Digitally responsive educational organizations (schools, districts, colleges and nonprofits) are those that have leveraged their digital resources to respond to the pedagogical, technological and organizational needs of the learning community.
While cybersecurity continues to be an essential component of this digital response, appropriate cybersecurity policies, procedures, and practices are needed to help ensure teachers, staff, and students have the access and resources they need while maintaining the privacy and security of data and networks.
To provide some expert insights on this, we spoke with Dr. Andrea Tejedor, MeEd, educational strategist at Bluum. Andrea shared how educational organizations can address cybersecurity and what they need to do to protect themselves from attacks.
Question: How can teachers, parents and students address cybersecurity?
Andrea: Cybersecurity is not just an IT problem.; Shared ownership and accountability need to be established within the learning community. To accomplish this, a collaborative process that involves representatives from all areas of operation in the district is required to design, implement and improve key contingency management practices. This process includes:.
- Creating cyber governance structures by identifying key personnel to operate a cybersecurity program that supports the district's cyber needs and implements contingency management plans.
- Designing incident response plans to guide implementation of a standardized response process during cybersecurity incidents.
- Developing and implementing business continuity plans for continuity in the execution of essential business functions during emergencies.
- Establishing disaster recovery plans with instructions on restoring systems or assets affected by cybersecurity incidents.
Question: What should educational organizations do to protect themselves from attacks?
Andrea: Digitally responsive educational organizations can take various actions to prevent, protect from, mitigate the effects of, respond to and recover from cyberattacks. To prepare for attacks, educational organizations can do several things.
- Develop proactive policies using the K12 Six essential series that establishes baseline cybersecurity standards for U.S. school districts and provides guidance and tools to support their implementation
- Provide cyber hygiene training for staff on cyber threats and online security issues, like phishing emails and password security practices.
- Teach students best practices for online safety. Many states have adopted digital fluency standards that outline age-appropriate targets for cybersecurity.
- Take advantage of the K-12 Cybersecurity Learning Standards developed by Cyber.org that schools can use to enrich students' skills and knowledge around three core concepts: Computing Systems (CS), Digital Citizenship (DC), and Security (SEC).
Question: How is Bluum protecting digitally responsive educational organizations from attacks?
Andrea: Educational organizations should select a partner with capabilities to pinpoint vulnerabilities, define actions to close security gaps and build resiliency to prevent the loss of instructional time and money. Bluum protects digitally responsive educational organizations from attacks by:
- Facilitating workshops to help the districts create the core documents to establish and test the contingency management practices successfully.
- Identifying the organizational structures the district has in place related to cyber governance.
- Reviewing policies the district has adopted for contingency management. Then working through developing the incident response, business continuity and disaster recovery plans.
- Using a Business Impact Analysis (BIA) to build the business continuity and disaster recovery plan and working with the district to create an asset listing and restoration sequence.
- Leveraging the NIST Cybersecurity Framework (CSF) or the CIS Controls – based on the district's preference – as the foundational cyber framework for contingency management for the district.
- Facilitating a tabletop exercise to test and drill key aspects of the incident response plan that also references and connects to the disaster recovery plan. This helps the district appreciate a holistic view of contingency management.
- An after-action review session follows the tabletop drill to continue to learn and evolve the planning documents and the institutional knowledge.
Digitally responsive educational organizations should avoid these trends in K-12 cybersecurity threats by engaging in the processes outlined above and defining the cyber governance structures in their district. They can also identify ways to train staff on cyber hygiene and their role in protecting data and digital assets.
Want to assess your technological resources to detect, prevent, and recover from potential cyber threats?