During the webinar, “Cyber Nightmares: Attacks, Breaches, and Leaks,” Troy Neal, the executive director of cybersecurity and technology operations at Spring Branch Independent School District in Houston, stressed multiple times the importance of school administrators being in this together.
“‘See something, say something’ applies in technology, as well,” Neal said during the webinar. “(K-12 districts need) policies in place. Then communication, leadership and buy-in. They need to understand because we’re in this together.”
Lightspeed’s Vice President of Security and Cloud Operations John Genter said that threat actors recognize schools as more vulnerable, and they view student identities as highly valuable. He concurred with Neal in saying that communication is key, while stressing awareness is integral.
“People can be intimidated by cybersecurity and feel like they need to be experts,” Genter said. “I like for people to be cyber-aware but not cyber experts.”
A recent report by Lightspeed Systems revealed that the use of apps has proliferated since the onset of the COVID-19 pandemic, and both Genter and Neal stressed the need to update privacy policies regularly to keep ahead of potential ransomware, malware and other external threats used by cyber criminals.
Neal said it’s important to know what updates look like and to stay compliant with the latest regulations, and Genter called policies that haven’t been updated in two years “a red flag.”
“Updates need to be made regularly with changing laws. It can be an overwhelming process,” Genter said.
Lightspeed’s recent report noted that 91 percent of apps had at least one privacy policy change last year, highlighting the mounting threats from cyber attacks. The panelists said an easy precaution would be multifactor authentication.
“You have to have a strategy and a framework … . [Districts need to create] automation and processes to take the human element out of this,” Neal said, referring to incident response plans. “[Schools need to] identify your source systems for your organization and who owns them ... and then how do you vet those ... and how do you stay on top of that? It’s a village. We are all in this together. There is a vast resource of information and people to help you. Ask for help.”
“It’s a team effort. It’s multifunction and multidepartment. It’s the partnership that means everything,” Neal added.
Should a breach happen, however, Neal and Genter emphasized the importance of having a plan for who to call to be ahead of the game and limit downtime. This involves a communication process, Neal said, and chatting with neighboring districts and other colleagues is just the start.
“Invest in people. Get everyone, and students, involved,” he said. “Kids think differently than adults. Use that. Take advantage of their brain power and create a pipeline of internal talent.”