Security breaches are happening everywhere. We read about them every day in the news, in our newsfeeds, and on social media. Its happening so much that we’ve almost become desensitized to it. The reality is schools are a target, and its an issue that must be addressed to operate in today’s world.
There are many myths floating around about school cybersecurity, and it’s important to separate fact from fiction. We’ve gathered seven of the more common ones here and explained why they are false.
Myth #1: Cybersecurity will have a negative impact on our school community. Truth: If done correctly, implementing Cybersecurity standards doesn’t have to be a drag. A solid, positive marketing campaign for both employees and families coupled with incremental changes will go a long way towards achieving your goal, without making life hard on everyone.
Myth #2: Our SIS is hosted in the cloud, so we’re covered. Truth: Being hosted in the cloud means nothing. You have to do your part. Know who is hosting your data, what their security policies are, what your contract says, what their backups and breach reporting requirements are, and make sure you’re using all the security features they offer. Think beyond your SIS and core databases too – even small free websites or apps teachers use should be reviewed.
Myth #3: All of our data is in our SIS and Core Databases. Truth: You likely have data all over your devices and cloud software. There are individual apps and websites that teachers or staff sign up for and upload information to do grading or email, and people saving data files on their local computers. Knowing where your data is and who has access to it is critical.
Myth #4: Our IT Department is handling security. Truth: Cybersecurity in a private school should be led by the school’s Board. The impact of a security breach on a school’s future means that it should be led from the top down and involve everyone at the school. While IT may have a direct role in the planning and implementation of cybersecurity, this type of initiative cannot be run from the IT department for it to be effective.
Myth #5: We can’t afford cybersecurity – our budget is too tight. Truth: Fixing a security breach after the fact is going to cost a lot more in terms of damaged reputation, loss of enrollment and donations, replacing devices and systems, and low employee morale. While many schools operate on a tight budget, just like you have a line item for insurance coverage you should have a line item for cybersecurity.
Myth #6: Cybersecurity is mostly technical work. Truth: At least 2/3 of security is policy, procedure, planning and training. Designing password policies, training on identifying suspicious emails, requiring approvals before uploading information to websites, defining file storage and backup requirements, and much more is not technical work. Making the effort to both define how to prevent a breach as well as what to do if one occurs will direct the technical efforts rather than the other way around.
Myth #7: We don’t have the time or staff to address cybersecurity. Truth: Unless you can afford to hire someone full-time that knows cyber security, you need to outsource your efforts here to some degree. Cyber security is best done with a team of experts who know the field. While you will still need to dedicate some internal staff time to this, the demand will be greatly reduced and you’ll get much better leadership.
The reality is that every school needs to have plans for improving their defenses to prevent an attack or breach, as well as a plan for how to address one if it does happen. If it seems overwhelming to consider, take one step at a time and do something different, such as change a password that you’ve used on several websites or implement multi-factor authentication. Doing something, even if it’s small, is better than standing still.
If guiding your cybersecurity needs are beyond the time or skillset you or your staff have, reach out to us. LeadershipOne Technologies can act as your project manager, developing a timeline, soliciting security vendors, leading an internal staff team, and developing an implementation plan that considers all aspects of your school. Let us make sure that every area is addressed in a way that provides a smooth process for your school.
