The New York City public school system was hit by the biggest hack on a single district in U.S. history, according to reports published this week. The incident is just the latest in a string of increasingly sophisticated cyberattacks on K-12 schools.
Experts say there’s no magic formula for districts to completely protect themselves from these incidents, but there are ways to reduce risk.
Here are 8 quick tips for preventing cyberattacks:
- Start with a risk assessment. That means asking questions, such as: What kinds of data does your district store that would be tantalizing to a hacker?
- Have a technology and cybersecurity plan in place, to roll out quickly in the event of an attack. Practice it with relevant staff members, just like you would a fire drill or an active shooter drill.
- Put in place multi-factor authentication so that staffers and students need more than just one username and password to access school computer systems. Some multi-factor authentication systems may text a code to the user’s cellphone, for instance, to confirm the person’s identity.
- Make sure employees understand that they should not use the same passwords on multiple sites, share them, or make them easily guessable.
- Teach employees how to spot a phishing email, especially one in which criminals posing as someone in the district, or a vendor, may ask for their login credentials. Be sure they know they should immediately report any suspicious emails to the IT department.
- Back up your data. This remains good practice even though cybercriminals are getting better at infiltrating back-ups.
- Don’t forget about vendors. These days, nearly every organization a school district relies on for services uses technology in some way, down to the local dairy that provides milk for school lunches. Make sure that they have proper security measures in place. It should be a part of the district procurement process.
- Recognize that cybersecurity is not just the IT department’s problem. It’s everyone’s responsibility, and top district leaders need to not just support it but take ownership of making it happen too.