Over the past four years, threat actors have targeted K-12 institutions’ computer systems to spread ransomware, interrupt access, render systems unusable, and steal students’ and staff’ financial, medical, and Social Security numbers.
The K-12 Cybersecurity Act of 2021 directed CISA to review cyber risks to elementary and secondary schools, evaluate challenges schools and school districts face in securing information systems, provide recommendations on improving system protection, and develop an online training toolkit for school officials.
Most K-12 education stakeholder organisations lack the time and resources to secure information systems and sensitive student and employee records or implement cybersecurity protocols.
Most said that the breadth of cybersecurity information—news coverage, conference panels, webinars, and more—only confused matters. According to CISA, “Nearly all said that they wanted simplicity, prioritising, and resources targeted to the unique needs and context of K-12 organisations”.
CISA recommends establishing multi-factor authentication (MFA), fixing known vulnerabilities, making backups, and implementing cyber incident response plans and cybersecurity training programmes.
The agency’s investigation into K-12 cybersecurity found that many school districts lack IT resources and cybersecurity capacity, which can be addressed by using free or low-cost services, asking technology providers for strong security controls at no additional cost, migrating IT services to more secure cloud versions, and taking advantage of the State and Local Cybersecurity Grant Program (SLCGP).
K-12 institutions cannot detect and prioritise new threats, risks, and vulnerabilities alone, thus CISA recommends they join relevant cooperation groups, work with other information-sharing organisations, and collaborate with CISA and FBI regional cybersecurity specialists.
The organisation advises K-12 institutions to invest in the most effective security measures to eventually develop a mature cybersecurity plan. CISA’s Cross-Sector Cybersecurity Performance Goals should guide their investments (CPGs).
CISA’s Digital Toolkit includes these suggestions’ resources and assistance for stakeholders. The toolkit contains extra materials to help stakeholders create, administer, and sustain a robust cybersecurity programme at their institution.
Info source – Securityweek