New cybersecurity threats like AI-driven ransomware are on the horizon, along with other malicious threats. To mitigate these risks, there are four preventative tactics K12 technology leaders should practice now to ensure the safety of their students and staff.
School districts are often faced with budget constraints when addressing things like cybersecurity, new guidance from the Federal Communications Commission and the Department of Education suggests. However, several free and low-cost options help address some of the most crucial risks impacting K12 cybersecurity, which include:
- Compromised accounts
- Phishing tactics
- Exploited unpatched vulnerabilities in public-facing applications
Media headlines suggest these threats plague schools across the country. Last month, Richmond Community Schools announced a data breach from a ransomware attack, which forced the district to shut down its data services network to investigate the breach, WDTN reports.
Washington’s Highline Public Schools was also shut down last month after the district noticed unauthorized activity on its systems after a cyberattack, Security Magazine reports.
More from DA: No ESSER? No problem. Tap into these new tech-centered programs
Impactful cybersecurity solutions
The guidance highlights four strategies in particular that leaders can implement immediately. These include:
- Enabling multi-factor authentication
- Using strong, unique passwords for every account
- Recognizing and reporting phishing
- Updating software
“Second, schools and libraries should look for technology vendors that prioritize security from the earliest stages of development to ensure the products they deliver are secure against attackers by design by default,” the guidance adds.
In the meantime, we encourage you to check out these resources recommended by the FCC and Department of Education:
- Cybersecurity and Infrastructure Security Agency’s Cyber Hygiene Vulnerability Scanning Services, which assesses the health of a district’s internet-accessible assets by checking for known vulnerabilities and recommends ways to enhance security.
- Protective Domain Name Service (PDNS), which prevents access to domains known to be malicious.
