What should I do?
Complete a Free Cybersecurity Self-Assessment
Cybersecurity is a collective effort that starts with a commitment from district administration and requires buy-in from support staff and teachers. While complete protection is not realistic for any organization, developing a strong security posture can be achieved by understanding the nature of your risks and by implementing best practices to mitigate your exposure. In lieu of waiting for potential guidance from the outcome of The K-12 Cybersecurity Act of 2019, K-12 school districts are adopting one of the existing cybersecurity frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) or the Center for Internet Security Top 20 (CIS 20). A great starting point is to complete the K-12 Cybersecurity Self Assessment. It’s a free, quick, useful, private, and anonymous self-assessment – based on NIST CSF – for school district IT leaders created by school district IT leaders.
This is a 20-minute, 50-question assessment intended to help school districts identify and prioritize cybersecurity controls. This assessment is based on the NIST CSF, adapted for U.S. K-12 school districts and focused on practical, relevant examples. Completing the questionnaire will generate a printable-report with customized, detailed feedback. The report can be used to communicate priorities to district leadership, as well as to help provide a roadmap for school district IT leaders seeking to shore up their district’s cybersecurity controls.
A Work In Progress
The United States Government has taken notice of this severe threat to our nation’s schools. In December 2019, U.S. Senators Gary Peters (D-MI), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, and Rick Scott (R-FL) introduced bipartisan legislation to implement stronger cybersecurity protections for K-12 educational institutions across the country. The K-12 Cybersecurity Act of 2019 would help educational institutions bolster their cybersecurity protections by instructing the Department of Homeland Security (DHS) to examine the risks and challenges that schools face in securing their systems. DHS would also be charged with creating a set of cybersecurity recommendations and other voluntary resources for schools to use when implementing their cybersecurity solutions.
The K-12 Cybersecurity Act of 2019 directs DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to work with other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to sensitive student and employee records. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity systems. These voluntary tools would be made available on the DHS website with other DHS school safety information.
What is the government doing to help?
How can I learn more?
K-12 Cybersecurity Resource Center Year In Review
The cyber terror network has correctly identified that a large percentage of school districts are vulnerable to cyber attacks and are unprepared to respond accordingly. The K-12 Cybersecurity Resource Center, www.k12cybersecure.com, is a great resource to stay informed about the nature, frequency, and location of K-12 cybersecurity-related incidents.
Technology Resource Advisors, Inc. has partnered with EdTech Strategies to enable the production of “The State of K-12 Cybersecurity: 2019 Year in Review. Please contact us below if you would like to receive your copy of this report.
CyberCare – TRA’s Cybersecurity as a Service Offering
TRA’s CyberCare Framework is an adaptable set of services that will strengthen the school district’s security posture based on your defined objectives. Our team of security experts will assist with the creation, implementation, and management of your school district’s cybersecurity plan. TRA has purpose built our CyberCare Framework to facilitate the identification and implementation of applicable core controls of the NIST CSF, which is one of the most widely adopted cybersecurity frameworks in the United States.
TRA CyberCare subscribers will receive dedicated compliance coaching, bi-annual compliance reviews, and an annual Cybersecurity roadmap. In addition, TRA CyberCare includes a base set of services to eliminate the burden of researching & vetting required security services, to accelerate the implementation of these required security services, and to alleviate the ongoing management of these required security services. In the event of a security breach, TRA’s incident response team is available to provide remediation on demand. Contact us to learn more about TRA CyberCare!