Rom Hendler is CEO and co-founder trusta SaaS-based security and email encryption provider.
Getty
K-12 school districts across the country are just recovering from the devastation of the pandemic, where administrators are tasked with deploying remote environments with unprecedented urgency. These areas don’t have the option of closing like some business communities; they have an obligation to continue educating our children. Many regions are forced to implement whatever technology is available to adapt to these new conditions.
Because of these barriers, technologies such as district laptops, open wireless access points, unprotected IP devices, and student management systems are often enabled with only basic security controls. Sophisticated hackers often find ways to gain access to student management systems to obtain data on addresses, Social Security numbers, parents’ email contacts and login credentials. Many schools lack direct funding for the security operations, monitoring, and level of expertise needed to deal with issues their organizations may face.
“Traditionally, K-12 schools have not been equipped to identify cybersecurity breaches or fully understand how to best respond,” confirms Jennifer Tisdale, deputy principal of GRIMM Cybersecurity, a security services provider. According to a report by the U.S. Senate Homeland Security and Governmental Affairs CommitteeMalicious hackers, on the other hand, are often very sophisticated and adaptable when exploiting crises, with many turning their nefarious skills to the K-12 environment.
Some of the nation’s most prominent school districts have been hit by ransomware attacks in recent years. Baltimore Public SchoolsFor example, they spent nearly $9.7 million to fix breaches that disrupted academics for weeks as their teaching fully transitioned to virtual learning. The attack required teachers and students to hand over their laptops for inspection or exchange, leading to widespread confusion in determining which devices were affected by the attack.
Other disturbing incidents involve cybercriminals who have directly targeted parents for ransom, threatening to lock students out of their online classes, delete assignments submitted or sabotage student projects by inserting obscene language.Network attacks Fairfax County Public Schools Involves the public release of social security numbers for students and district personnel. All of this comes as busy parents try to navigate the pandemic, focus on their own health and master new distance learning technologies with their kids.
Implement encryption and automation
Schools will benefit from simple and intuitive encryption of outgoing emails to protect them from these costly attacks. An automated “one-click” compliance solution allows administrators to set up their security solution so that all emails sent through the system comply with an administrator-selected list of rules. This takes the burden of deciding which emails are subject to compliance regulations and reduces the risk of breaches due to human error.
However, encryption must be easy to use, or users will abandon encrypted messages. Often, teachers communicate with parents, school officials and internal services to pass on sensitive student information. Many traditional email encryption solutions require these users to log in to a separate portal to send or receive. If such a system is too complex and cumbersome, users will bypass encryption and give up encrypted mail. The school IT help desk received many support tickets from users who had difficulty encrypting their messages.
Improve resiliency with data protection
More regions could face a budget crisis or eventual austerity as we head toward what some economists define as a recession. Even with a strong economy, few regions can afford the financial losses associated with major security breaches.Reports from consumer research sites Compare techniques Cyberattacks are estimated to cost U.S. educational institutions more than $3.5 billion in “downtime alone” by 2021. The losses also have an impact on taxpayers, who bear the brunt of increased regional budgets.
Many high-profile breaches can be traced back to the infiltration of an organization’s email system. This means school districts have at least the option of securing their email systems with a cybersecurity email protection solution. Not all solutions are created equal, however, and agile hackers have developed ways to circumvent many traditional email data protection methods.
For example, traditional, SEG (Secure Email Gateway)-based solutions scan and block email based on known malicious IP addresses. However, they were unable to identify more sophisticated imposters and “social engineering” attacks impersonating valid people. However, some more entrenched security brands rely on this approach.More advanced email security solutions leverage technologies such as artificial intelligence and optical character recognition to identify and isolate crafted phishing emails that trick students and teachers into revealing usernames and passwords and encourage victims to download malicious attachments
Districts should evaluate their solutions based on how many of these more sophisticated techniques are available, which can minimize their exposure to potentially damaging imposter attacks. Additionally, administrators should perform a cost analysis comparing larger-named (and often higher-priced) solutions with various competitors. Comparisons sometimes reveal suppliers that offer lower cost per seat but offer impressive capabilities that match or exceed well-known brands.
IT administrators should demand features like AI scanning, automation and one-click compliance, user-friendly encryption, and comprehensive malware protection, all of which are critical to securing the district’s email network. This investment ultimately pays off, avoiding costly compliance fines, ransom fees, downtime and other breach-related losses. Finally, security solutions should be easy to deploy, manage, and use to relieve additional stress on internal IT teams, employees, and students.
Finally, no region can fail to protect the most targeted part of its network: their email data system. Building resilience is an especially popular strategy in an uncertain post-pandemic economy.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs, and technology executives. Am I eligible?
