October is National Cybersecurity Awareness month, presenting school districts across the state of Wisconsin with the opportunity to reflect on, review, and improve cyber security practices and policies. With many incidents caused by end-users clicking on something they shouldn’t and giving up credentials, cyber security is no longer the sole responsibility of school districts’ technology departments: it is a shared responsibility and #everyoneslift.
According to the Department of Homeland Security, last year, an estimated 3.2 billion dollars were lost as a result of cyber threats. It only takes one person to create a data breach. While “hacking” has not gone away, those perpetrating cyber crimes are increasing the use of social engineering skills to compromise school districts.
At a time when cyber security is more important than ever and simultaneously school district budgets and labor forces are stretched thin, how can school districts improve cyber security?
A simple solution is to do what educators do best: educate. Phishing and even phone scams prey on district staff and students by looking or sounding official and gaining the trust of unsuspecting uninformed end-users. There is no better defense of cyber threats than being informed and educated, and working cohesively to protect yourself and your school district.
What Can You Do?
From the playground supervisor to the 6th-grade teacher, to the superintendent, everyone likely has an email address and access to a school district’s network. This seemingly harmless privilege puts everyone at risk while setting everyone up to be cyber security champions at the same time.
Practice the following actions to prevent unnecessary loss of data, time, and money:
Communicate: Avoid blindly sharing things by thinking before you click. Look into what you may want to share to make sure it is legitimate and safe. If you see something, say something. If you receive a suspicious email, help raise the caution flag by alerting the proper staff in your organization. Just because you did not fall victim to a phishing attack does not mean your colleague won't.
Collaborate: Talk to others about what you want to use online and research what information is being used. Talk to stakeholders in your district, other districts, and your community. Work together to understand the resources and approaches that are successful in combating cyber security.
Educate: Teach each other and students to stop using items that share data, especially with free resources. One easy method to find out if your information is shared is by clicking on a product’s terms of service, often found at the bottom of a web page and usually called “Legal,” “Terms and Conditions,” “Terms,” or “Terms of Service.” Make time every year to inform and educate staff on the nuances of phishing and how to spot and report suspicious emails, and to never give out your credentials.
Want to learn more? The DPI will be hosting webinars on cyber security throughout Cybersecurity Awareness Month. Information for the first webinar is below. Follow @WisconsinDPI on Twitter for further updates.
Teacher Training on Student Privacy and EdTech, October 2, 10:00 a.m.
Host: The Future of Privacy Forum and the Law & Economics Center at George Mason University Antonin Scalia Law School
Panelists: Associate Professor of Law; Director, Program on Economics & Privacy, George Mason University Antonin Scalia Law School, James Cooper; Assistant Principal for Teaching & Learning, St. John’s Prep; Director of K-12 Education, ConnectSafely.org, Kerry Gallagher; Chief Technology Officer, San Mateo County Office of Education, Lorrie Owens; Director of Youth and Education Privacy, Future of Privacy Forum, Amelia Vance Register for this webinar