Learning
Some weeks we will take the time to focus on a single subject or concept and provide learning resources that can help you. This week, our topic is the importance of cybersecurity governance in your school division.
Why do we talk about cybersecurity in schools? What's the big deal? We have nothing to hide and we have nothing of value. Well, that's simply not true. In fact, educational targets are some of the most valuable targets. Our schools hold data on thousands of people that includes demographic, financial, health, participation, discipline, and privileged data.
Fear is powerful. It is often used to affect change. Fear is very often used in cybersecurity to get companies and individuals to act. We are constantly seeing horror stories of lost data, breached data, large payouts, and the looming threat of more attacks on the horizon. Fear can be a motivator, but I embrace the concepts of culture and recognition.
We must recognize that schools are a target and we are have responsibilities to act. During the coronavirus pandemic, the education sector is leading the country in the shift to virtual work while still holding the responsibility of protecting some of the most sensitive and valuable data available: the personal information of students. We are particularly vulnerable to cyberthreats because this momentous change has happened rapidly and without a roadmap of how to proceed. Microsoft Security Intelligence is reporting that education is the most affected industry by malware. Google is reporting that it blocks 100 million daily phishing emails and within one week alone they blocked 18 million COVID-19 related phishing scams. It is imperative that we continue to navigate this time period with mindful and careful precision. Of course, this isn't meant to scare you. It's meant to show that the threat is real and we can do something about it.
Cybersecurity isn't something that only the computer support folks handle. Cybersecurity is a culture. Your school culture will need to embrace cybersecurity concepts and use them in many existing environments if we want to protect our data. From Board meetings to grade level meetings, the concepts of sharing and protecting data should resonate. We can't rely on a single person in a school division to be the cyber guru. It's long been said and acknowledged that the biggest threat to any computer system is the authorized users of that system. A company's own users are a bigger threat than outside hackers. This is due to negligence, nonchalance, complacency, and transference of risk.
Everyone has a responsibility to protect the data assets of a school and in the coming weeks we will discuss how to change the culture of your schools and create something amazing.
|