By KARIM FARID //
As the summer sun sets and students prepare to return to classrooms across Long Island, the focus on education is undeniable – but in an age when technology is deeply ingrained in our educational systems, the importance of cybersecurity has emerged as a pressing concern for school officials and parents alike.
As the IT manager at Intelligent CloudCare, I have witnessed firsthand the challenges schools face in safeguarding their digital environments.
In recent years, we have witnessed a significant increase in reported data incidents. In 2020, the chief privacy officer of the New York State Department of Education received 44 reported data incidents. By December 2022, this number had surged dramatically – a staggering 218 percent increase, with a total of 140 incidents reported.
The trend continued in the Education Department’s 2023 Annual Report on Data Privacy and Security, which documented 204 data incidents.
While many of these incidents resulted from human error, the rise in reports of unauthorized access to private systems, compromised networks and other data breaches has raised serious concerns within the educational community. This alarming trend underscores the urgent need for enhanced cybersecurity measures and awareness among all education stakeholders.
Karim Farid: Cybersecurity class is in session.
Cybersecurity is no longer just an IT issue; it is a fundamental component of a school’s overall risk-management strategy. Schools handle vast amounts of sensitive data, including personal information about students and staff, financial records and proprietary information. A breach can have devastating consequences, including legal liability, financial loss and irreparable harm to a school’s reputation.
An effective way for schools to enhance their cybersecurity posture is by adopting the National Institute of Standards and Technology Cybersecurity Framework. This framework provides a comprehensive set of guidelines for organizations to identify, assess and mitigate cybersecurity risks.
In addition to enhancing overall security, compliance can lead to significant cost savings for schools, particularly regarding cybersecurity insurance. Insurance providers often assess an organization’s cybersecurity maturity when determining premiums. By demonstrating compliance with recognized frameworks like CSF – including a well-documented cybersecurity strategy, regular risk assessments and a well-thought-out incident-response plan – schools can lower their risk profile, and by saving money on insurance costs, can allocate funds to other pressing educational needs.
To build a robust cybersecurity framework, educational institutions must adopt a proactive approach. This includes not only implementing technical controls but also fostering a culture of awareness among educators, administrators and students about cybersecurity best practices.
We encourage school administrators, educators and IT teams to find out what resources are available to help combat cybersecurity challenges and learn about adopting the NIST CSF. Nassau BOCES has selected Intelligent CloudCare to engage a range of cybersecurity services, including gap analyses to help the district understand its current cybersecurity maturity level in relation to the framework.
Rising fast: School-related data incidents in New York State are increasing at a dramatic rate. (Source: New York State Department of Education)
This analysis is critical for identifying vulnerabilities and areas for improvement, allowing schools to create a tailored action plan to enhance their cybersecurity strategies.
Identifying gaps in cybersecurity policies and practices is only the first step. It’s also important to have remediation support to help address these vulnerabilities effectively. Our team works closely with school districts to implement necessary security controls, such as multifactor authentication, data encryption and secure-access protocols. This may also include penetration testing or assisting in developing incident-response plans to ensure that schools are prepared to respond swiftly and effectively to potential cybersecurity incidents.
Continuous training and education are also important. By providing security awareness training for staff and students – covering topics such as recognizing phishing attempts, securing personal devices and understanding the importance of data privacy – schools can create a culture of vigilance and significantly reduce the chances of human error leading to a cyber incident.
As we prepare for the upcoming school year, it’s imperative that school administrators, educators and IT leaders prioritize cybersecurity as a critical component of their operational strategy. By leveraging the NIST Cybersecurity Framework and collaborating with local resources, we can create a safer and more resilient learning environment for our students.
Together, we can turn the tide against cyber threats and ensure that our schools remain a place of learning, growth and security. Let’s make this school year not only productive but also secure.
Karim Farid is the IT manager for Intelligent CloudCare in Hauppauge.
