Protect Your Institution and the Students You Serve

Steven Miller, director of Cybersecurity for the non-profit watchdog organization Digital District says “On a scale of zero to 10, with 10 being districts that have done a good job of protecting their networks and databases, I’d say the general score nationwide is close to zero, maybe 1 to be generous.”

Miller also adds “I’m not just talking about small districts, but most medium-sized ones too. School districts tend not to have specialized staff for information technology until they get very large or very wealthy. A middle-sized district might have a person or two. A small district might have a principal or other administrator handle IT just another part of their job.”

Cyberstone understands what schools are up against technology- and security-wise and that it is sometimes better for districts to reach out to an objective third-party, especially when cataloging cybersecurity risk and developing an actionable game plan for remediation.

Cyberstone offers comprehensive cybersecurity services for educational institutions of any size. Learn more about our services and how we can help below, and please get in touch with us if you would like to discuss your school’s needs in more detail.

The Top 5 Cybersecurity Issues We've Found In Schools Are Listed Below

 Least privilege, a central concept for effective security, is not usually implemented well. This concept means people are only given access to what they need to do to perform their job. Students don’t need access to admin networks. VLANing internal resources is critical. Also, the district’s “back office” should be segregated from each individual school.
 Patch management is lacking. Schools often have Windows patches in place but often fail to consider third-party applications such as Adobe Reader and Google Chrome. Most cyber threats enter school districts through phishing emails or emails with malicious web links. Once inside, most modern malware then “looks for” old versions of software or software missing patches. It is there that criminals start their journey toward privilege escalation and ultimately capturing student and staff information.

 The attack surface is unnecessarily large. School districts allow almost anything to go to the Internet. If a system doesn’t absolutely need to be online, don’t connect it to the Internet. This includes printers, cameras, TVs, and any other internet-of-things (IoT) devices. It may also mean denying student devices (smartphones and laptops) access to the internet, depending on your district’s unique rules.
 Employees are adding to the risk of a cyber breach. Employees who click emails without thinking twice are often the single most significant contributor to schools getting breached. All employees who touch technology should be regularly trained in topics such as password hygiene, safe browsing, and physical security.
 There isn't a plan. Technology is in place. Firewalls and antivirus software are installed and up-to-date. But there just isn’t a plan. Every school system needs to have a cybersecurity incident response plan in place so they can effectively discover and recover from a breach. Having a plan also means the district won’t lose reputation points with the public and will be able to get back online quicker.

Invest in Cybersecurity to Protect Your Students

School looks much different now than it did even just one decade ago. Tablets and laptops are now integrated into classrooms, and distance learning is more common than it’s ever been before. In fact, many students are now able to complete entire semesters without touching a single sheet of paper. Given the changing technological landscape we’re seeing in the education sector, it’s more important now than ever before to make sure that your students’ information is safe. In addition to the exposure of sensitive information and reputational damage you could face, you could find your institution liable for fines and other penalties.

Whether your staff can no longer keep up with the demands of a changing landscape or you would simply like the peace of mind that comes from knowing that your school’s information is safe and secure, you can count on Cyberstone to provide you with top-to-bottom security that meets your needs and fits within your institution’s budget.

If you come to us, we’ll help you identify weaknesses and blind spots in your current security measures before developing actionable strategies that provide you with top-of-the-line protection and, ultimately, peace of mind.

Cybersecurity regulations and best practices are not static — previously secure systems and protocols are outdated quickly, and it’s vital to ensure that your customers are staying current. Cyberstone’s penetration testing services will help your customers comply with the following regulations:

• PCI Requirement 11.3.1 & 11.3.2
• New York State Department of Financial Services 23 NYCRR 500 §500.05(a)(1)
• Gramm-Leach-Bliley Act §501(b)
• Federal Trade Commission 16 CFR Part 314 §314.4

Cyberstone carries out internal and external penetration testing according to the globally-recognized NIST SP-800 115 standard. Phases of penetration testing are listed below.

1. Establish rules of engagement
2. Attack surface reconnaissance
3. Exploitation
4. Analysis and reporting
5. Closeout meeting

Once we’re finished, your customers will have a thorough understanding of their infrastructure’s internal and external risk factors.

Contact Us to Learn More About External and Internal Penetration Testing

Given the financial and reputational costs of dealing with a breach of information, it’s important to work with a cybersecurity company that puts your needs first and provides comprehensive security assessments with actionable solutions. We work with businesses in a wide range of sectors and provide unique, customized assessments that provide your customers and their clients with peace of mind.

Cyberstone Security offers competitive pricing by leveraging a network of channel partners across the United States. No matter where you are or what you do, you can count on our team to provide you with the absolute best in cybersecurity services.