How to evolve your school’s cybersecurity approach

How to evolve your school’s cybersecurity approach

This article was produced in partnership with Dell Technologies.

Dell Technologies (NYSE: DELL) helps organisations and individuals build their digital future and transform how they work, live and play. The company provides customers with the industry’s broadest and most innovative technology and services portfolio for the data era.

by Trenton Coburn, ANZ K-12 Education Lead, Dell Technologies

New models of learning, such as hybrid, blended, and remote, have led to more accessible education for many. However, with devices moving out of schools and into the often less-secure homes of students, teachers, and administrators, threats to the education sector have become more prevalent. The digitalisation of schooling has created an environment that gives cybercriminals even more opportunities to target primary and secondary schools.

The real-world impact on children, parents, and teachers when an attack succeeds is concerning. Vulnerable information can be compromised, and given school teachers rely on emails and other crucial online learning tools to plan programs; an attack can bring education to a halt.

Reflect: conduct a risk assessment, adopt a cybersecurity framework, balance risk

It’s essential to reflect on what areas need to be improved and what areas are already in a good place. Analysing systems, assets, data, and capabilities properly identifies risks, so security professionals can formulate a plan of action to improve a school’s cybersecurity posture.

The focus should be placed on primary and secondary schools' cybersecurity preparedness with a strong emphasis on developing an incident response plan encompassing multiple scenarios, such as ransomware and other attacks.

The Australian Cyber Security Centre’s Information Security Manual is a starting point for building a new cybersecurity plan or strengthening an existing one. It can help to determine the appropriate level of rigour for a cybersecurity program and is often used to communicate risk appetite, mission priority and budget.

Tools that provide access to information or encourage collaboration benefit students and faculty but can challenge many IT security professionals. Taking on that challenge is essential to advancing many school programs, enabling students to be competitive in the ever-changing digital world. By seeking solutions that benefit both parties, schools can continue providing excellent educational opportunities while minimising cyber risks.

Refresh: educate students and faculty on cybersecurity

With cybersecurity incidents and attacks becoming more frequent in the news, the need for good cybersecurity practices is evident. Still, it’s always helpful to re-emphasise the need for good practices and refresh education.

Everyone plays a role in cybersecurity, so it’s essential to maintain a secure environment with minimal risks. Scheduling regular training with your school’s security professionals will build a culture of understanding the threats, risks and mitigation efforts.

Reset: implement monitoring programs

Strong monitoring and protection solutions ensure timely detection and response against active threats to minimise the risk of a successful attack.

Many adoptees of cloud-based solutions have found that they can further use intelligent software with artificial intelligence to detect unusual patterns, create remote alerts and have another layer of protection against cyber threats.

Revamp: seek the right talent

Schools should evaluate ways to revamp their cybersecurity human resource capacity when possible. These are hard conversations for school leadership to have. The potential of dedicating funding to new, difficult-to-hire, highly valued professionals can be at the expense of important programs. However, it can save budget in the long run as cyber-attack recovery is a costly endeavour.

Part of human capacity evaluation should explore adopting new operating models, such as incorporating “as-a-service” offerings that seamlessly extend the capabilities of the cybersecurity practice through qualified service providers. This is paramount to the detection and response phases of an attack, though also highly impactful in the case of recovery.

Supporting teachers and young minds

Remote learning isn’t going anywhere anytime soon, and we will continue to see even more changes in our school environments. While schools have limits in terms of funding and resources, what’s important right now is flexible and scalable solutions that will limit cyber breaches and support teachers and the young minds they educate.