They should also focus on services that are most critical. If there is an attack, which of these services needs to stay up and running? Consider bus scheduling, online or on-premise learning systems and payroll. Make sure these services and any systems that house personally identifiable information are protected with access controls like MFA, and limiting administrative access only to a small, well-trained, few.

Lastly, and this will be a frequent theme, cybersecurity isn’t any one person’s job, and school districts certainly don’t have to navigate this minefield alone. They should invest in year-round cybersecurity training for everyone: staff, students, parents, administrators, and technology support staff. In fact, organizations with strong people, processes, and technology see a 3.5 times performance increase in their detection and response outcomes. To do this, they can partner with federal, state, and local governments to apply for funding to support cybersecurity efforts.

At the federal level, the Biden Administration signed the “K-12 Cybersecurity Act” last year. This law requires the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) to team up with the Federal Bureau of Investigation (FBI) to investigate all attacks in K-12 schools. The bill also requires these agencies to produce comprehensive cybersecurity toolkits in an effort to help educate school IT professionals, teachers, faculty, and students.

Detection

If an attack does break through protections, it should be detected and identified. Again, this doesn’t have to be done alone. The Center for Internet Security Multi-State Information Sharing and Analysis Center is a great resource to receive real-time threat information. Data indicates that teams who use threat intelligence are twice as likely to report strong detection and response capabilities. After all,  it is a lot easier to detect a threat if you know what you’re looking for. Teams also need security that is integrated throughout a school’s connected systems. You can’t respond to threats you can’t detect, so a good place to start is a strong extended detection and response (EDR) solution that enables teams to monitor and identify potential issues.

Response

School systems practice drills for physical campus threats, severe weather threats, and potential fire dangers. They should also be practicing for cyber incident responses using Incident Response playbooks. Strong data backup strategies can help minimize downtime from things like ransomware attacks, while having mobile device management (MDM) capabilities can enable schools to quarantine or completely wipe compromised devices.

A third time – just for good measure – school districts aren’t in this alone. Cyber insurers, the FBI, state response groups, and the private sector all have a role to play in supporting how school districts respond to cyber emergencies. The specific strategies employed will vary based on the capabilities and maturity of the school’s security program.

Creating a Plan

No industry is immune to the cybersecurity threats. Schools must protect student data and maintain critical services that serve a vulnerable population. Working with trusted security providers to create a plan that prevents, detects, and responds to cyberattacks is more important than ever.