In today’s digital age, educational institutions face a three-fold challenge: opening up the world of knowledge and learning to all students while also safeguarding sensitive data and protecting against cyberthreats, all with very limited resources. As reliance on technology in classrooms increases, so does the need for robust education cybersecurity measures.
Although edtech prioritizes cybersecurity, the issue persists in needing more resources and qualified experts to combat attacks. According to the 2022 State EdTech Trends survey and report, only 8% of respondents said their state provides enough funding to mitigate cybersecurity threats, while 40% receive very little. And only 24% report receiving cybersecurity tools or resources. However, in 2022, officials reported monetary losses to school districts ranging from $50,000 to $1 million due to expenses caused by a cyberincident, including the replacement of computer hardware and enhanced cybersecurity measures to prevent future attacks. Recognizing this urgent need, the Cybersecurity Coalition for Education has set three key goals educational institutions should follow to address school districts’ security challenges.
Goal 1: Clarify expectations of education cybersecurity
Educational institutions must establish clear, well-defined expectations to bolster cybersecurity defenses. The coalition strongly emphasizes the importance of formulating comprehensive standards and guidelines that serve as the education cybersecurity framework. This approach enables school districts to implement best practices, fostering a secure digital environment for students, faculty and staff.
Clear guidelines provide a solid foundation for cybersecurity measures, enabling educational institutions to set a security protocol and procedure baseline. These guidelines should include expectations around:
- Network security
- Data protection
- Access controls
- Incident response
- Employee training
By clearly defining these expectations, educational institutions ensure that all stakeholders know their responsibilities and the necessary actions to safeguard sensitive information and critical infrastructure. Establishing specific standards also fosters a culture of education cybersecurity awareness by promoting a shared understanding of its importance and encouraging proactive measures to mitigate risks. Building a resilient and secure ecosystem is paramount and requires a collective effort.
Goal 2: Implement self-review resources for internal accountability
The coalition proposes schools use a cybersecurity self-service rubric to assess their preparedness and mitigate risks. Educational institutions can access the coalition’s Cybersecurity Rubric, a free PDF and easy-to-use assessment tool designed to help schools plan for improvement.
The rubric provides a framework to evaluate education cybersecurity practices, assessing domains via well-defined indicators to identify areas of strength and opportunity. It encourages accountability and continuous improvement while empowering educational institutions to own their cybersecurity posture.
By embracing the rubric, educational institutions can spotlight potentially overlooked vulnerabilities and implement proactive measures to enhance their defenses. This self-assessment process helps schools:
- Make informed decisions about protecting sensitive data.
- Preserve the privacy of students and staff.
- Provide a secure digital environment for learning.
- Foster a culture of continuous improvement.
Schools can track their progress over time and enforce necessary adjustments to stay ahead of emerging threats and challenges.
Goal 3: Create new career pathways
The education sector must also leverage its talent and provide staff with cybersecurity training opportunities and defined career pathways. Encouraging employees to specialize in cybersecurity will lead to a skilled team that can effectively manage evolving threats.
Look for education cybersecurity programs and initiatives offer training in:
- Risk assessment
- Vulnerability identification
- Incident response
- Data protection
This gives schools access to qualified professionals who can assess and improve their cybersecurity measures.
To effectively address the urgent issue at hand, educational institutions should not only focus on developing long-term career paths in cybersecurity but also take immediate action. One way to do this is by partnering with reliable cybersecurity service providers who can implement and oversee critical infrastructure and services. These may include managed firewalls, distributed denial of service mitigation, and managed intrusion detection and prevention systems. By adopting this approach, schools can bridge the gap between their available technical resources and security requirements, ensuring a more robust cybersecurity posture.
Michael McKerley is a part of the Cybersecurity Coalition for Education, a group of leading edtech organizations committed to making cybersecurity preparedness and training more accessible for schools. As Zayo’s senior vice president for managed services, he leads aspects such as product strategy, engineering and architecture, service delivery and service assurance.
Opinions expressed by SmartBrief contributors are their own.