Cybersecurity has dominated the headlines in recent months, and with good reason. Organizations in a range of industries have been victimized by cyberattacks, costing millions of dollars and exposing sensitive information.Unfortunately, K-12 school districts have been frequent targets. There have been 350-plus cyber incidents in K-12 since 2016, and, somewhat shockingly, only seven percent of K-12 CIOs polled in a recent CoSN report said they’ve “never” been hacked.
The good news is that there are strategies K-12 schools and districts can and do use to fend off cybercriminals. Anti-virus software continues to improve, and new cloud-based solutions offer an extra layer of protection for users and data on the move.
Ultimately, however, technology can only go so far. The human element is also an important—yet often underappreciated—part of keeping data secure.
Brandon Swafford, the Chief Technology Officer of User and Data Security at Forcepoint (a leader in the industry), explains: “We have to remember that it wasn’t aliens who created all this new technology,” Swafford says. “It was people. And it’s really up to us to understand how people interact with it.”
The Relationship Between People and Data
K-12 students and staff keep personal information in many places: on devices, on private and public clouds, and in various servers and databases.
Cyberattacks are often caused by hackers that have compromised users by stealing their passwords or login information. Understanding the human role in cybersecurity starts with getting a grasp on how, why, and where the people in your district come across and interact with personal data:
- How do users access data?
- What do they do with it?
- Why are they using it?
This knowledge can help you develop a strategy to deal with vulnerabilities before breaches happen. New products and technology hit the market all the time. Focusing on the one constant — your district’s people — can go a long way toward managing risk.
Understanding Risky Behavior
It’s easy to fall into the trap of thinking that bad actors are responsible for all cyber incidents. But that’s not always the case. There are multiple reasons why someone in your district may cause a cybersecurity issue. It may be an accident, a user may be compromised, or someone may in fact be acting maliciously.
Accidental breaches are, as one might expect, caused by honest mistakes. Maybe district staff or students don’t have the right training. Maybe they don’t follow a certain security protocol to the letter. Maybe they are simply negligent or lazy and, say, don’t follow best practices for password management.
Compromised users are those who don’t mean to cause problems, but whose systems have been infected or login credentials stolen. The majority of data breaches are caused by weak or stolen passwords.
Malicious users are employees who have a bone to pick with the district — and the knowledge and know-how to do damage. A disgruntled employee may delete data on the way out the door, steal proprietary data or property, or make purchases without permission.
All users follow normal patterns of behavior at school: Every day, a teacher or student may access the same applications or files in class. Understanding when and why your district’s users are normally interacting with important data can help you easily spot atypical behavior that may put that data at risk — and can help you create a plan to prevent it from happening.
Control Your Environment with a Blended Approach
To be clear, using a human approach to keeping data safe doesn’t mean that you ignore technology. Instead, it’s about taking a more holistic approach to security that includes software, district-wide data policies, culture changes, and intelligent systems.
Forcepoint focuses on three primary areas to accomplish this goal:
- Cloud Security and CASB (Cloud Access Security Broker): Make sure your users’ information doesn’t get in the wrong hands, and keep your users from being compromised as they use the web and email from any location, on any device.
- Network Security: Give visibility into people’s actions throughout the network and keep attackers out of data centers, offices, and cloud environments.
- Data & Insider Threat Security: Identify high-risk users and behaviors that require further investigation and, eventually, implement of safeguards and controls. This includes solutions that use human-centric behavior analytics to determine risk. That knowledge can help administrators focus on only the alerts that matter.
With this combination of best practices, software solutions, and knowledge, K-12 districts can improve their approach to protecting information.
Learn More
How can your school or district benefit from the human-centric approach to cybersecurity, and what steps can you take to get protected today?
Join Forcepoint CIO Meerah Rajavel in the on-demand webinar, “Take Control of K-12 District Cybersecurity with the Human Approach.”
You’ll learn how to:
- Ensure trusted use of data and systems with a behavior-based approach to cybersecurity
- Quickly understand, prioritize, and respond to changing levels of risk
- Understand user risk to react to compromised, accidental, and malicious behavior
- Provide an environment that allows connected users the freedom to learn and teach with the highest level of user and data security