Help Your Customers Pinpoint and Address Security Vulnerabilities
Steven Miller, director of Cybersecurity for the non-profit watchdog organization Digital District says “On a scale of zero to 10, with 10 being districts that have done a good job of protecting their networks and databases, I’d say the general score nationwide is close to zero, maybe 1 to be generous.”
Miller also adds “I’m not just talking about small districts, but most medium-sized ones too. School districts tend not to have specialized staff for information technology until they get very large or very wealthy. A middle-sized district might have a person or two. A small district might have a principal or other administrator handle IT just another part of their job.”
Cyberstone understands what schools are up against technology- and security-wise and that it is sometimes better for districts to reach out to an objective third-party, especially when cataloging cybersecurity risk and developing an actionable game plan for remediation.
Cyberstone offers comprehensive cybersecurity services for educational institutions of any size. Learn more about our services and how we can help below, and please get in touch with us if you would like to discuss your school’s needs in more detail.
Least privilege, a central concept for effective security, is not usually implemented well. This concept means people are only given access to what they need to do to perform their job. Students don’t need access to admin networks. VLANing internal resources is critical. Also, the district’s “back office” should be segregated from each individual school.
Patch management is lacking. Schools often have Windows patches in place but often fail to consider third-party applications such as Adobe Reader and Google Chrome. Most cyber threats enter school districts through phishing emails or emails with malicious web links. Once inside, most modern malware then “looks for” old versions of software or software missing patches. It is there that criminals start their journey toward privilege escalation and ultimately capturing student and staff information.
The attack surface is unnecessarily large. School districts allow almost anything to go to the Internet. If a system doesn’t absolutely need to be online, don’t connect it to the Internet. This includes printers, cameras, TVs, and any other internet-of-things (IoT) devices. It may also mean denying student devices (smartphones and laptops) access to the internet, depending on your district’s unique rules.
Employees are adding to the risk of a cyber breach. Employees who click emails without thinking twice are often the single most significant contributor to schools getting breached. All employees who touch technology should be regularly trained in topics such as password hygiene, safe browsing, and physical security.
There isn't a plan. Technology is in place. Firewalls and antivirus software are installed and up-to-date. But there just isn’t a plan. Every school system needs to have a cybersecurity incident response plan in place so they can effectively discover and recover from a breach. Having a plan also means the district won’t lose reputation points with the public and will be able to get back online quicker.
School looks much different now than it did even just one decade ago. Tablets and laptops are now integrated into classrooms, and distance learning is more common than it’s ever been before. In fact, many students are now able to complete entire semesters without touching a single sheet of paper. Given the changing technological landscape we’re seeing in the education sector, it’s more important now than ever before to make sure that your students’ information is safe. In addition to the exposure of sensitive information and reputational damage you could face, you could find your institution liable for fines and other penalties.
Whether your staff can no longer keep up with the demands of a changing landscape or you would simply like the peace of mind that comes from knowing that your school’s information is safe and secure, you can count on Cyberstone to provide you with top-to-bottom security that meets your needs and fits within your institution’s budget.
If you come to us, we’ll help you identify weaknesses and blind spots in your current security measures before developing actionable strategies that provide you with top-of-the-line protection and, ultimately, peace of mind.
You can choose any cybersecurity services provider — what makes Cyberstone different?
We know that no two educational institutions are alike, and that’s why we’ve developed templated approaches that can scale with your school’s needs. Whether you need one or two of our services or a host of cutting-edge solutions, we’ll help you find the right services for your needs.
We have more than 165 years of experience in the industry and have spent countless hours keeping up with the latest laws and regulations in the industry we serve, including education. We take a client-first approach and do everything we can to ensure that our clients understand what we’re doing and why. When you choose to work with us, you’re choosing to work with a cybersecurity company with a track record of success and exceptional results in a variety of fields.
No matter how large or small your institution, you’re shaping the future by educating your local community. Instead of handling your cybersecurity needs yourself, choose to work with a team who will put your needs first so that you can focus on your students and day-to-day operations.
We would love the opportunity to discuss your facility’s needs with you in more detail. Reach out to us by filling out the form below or by calling our office.
We look forward to speaking with you!