An open letter to K-12 leaders
as we begin the 2022-2023 school year
An open letter to K-12 leaders as we begin the 2022-2023 school year
Since the beginning of the pandemic, school districts nationwide have made significant investments to expand technology options for students and teachers. Although this increase in capability has positive implications it also compounds the challenge of safeguarding the computer network. Each new technology component is an asset in the teaching and learning process but should also be viewed as a potential liability if not properly secured.
The start of the 2022-23 school year has been met with a nationwide surge in attacks on K-12 networks. Several high-profile cases involve foreign actors exploiting vulnerabilities in common operating systems and applications to disrupt school operations under ransom demands. District’s that don’t capitulate to these demands find their stolen data released online and are left to rebuild at a high expense.
Questeq is working diligently with partner districts to employ best-practices in safeguarding and network security. Unfortunately, there is no single solution that can render a network impenetrable, rather it requires vigilance from all stakeholders. With that in mind, we believe there are several questions that district administrators and technology leaders should consider as a precursor to a more comprehensive security assessment:
1. Do all network users participate in security awareness training?
2. Does the district have an Enterprise Anti-Malware solution that can be actively monitored and updated on all servers and endpoints (computers, laptops, etc.)?
3. What is the frequency for patching server operating systems and network appliance firmware?
4. Are all critical business systems backed up according to the 3-2-1 model, with 2 copies of the backup local and one copy of the backup offsite?
5. Is remote access secured (VPN, RDP, NAC) at the port of entry and limited to essential roles in efforts to minimize exposure?
6. Are security best-practices such as intrusion detection, acceptable use policies, strong passwords, and multi-factor authentication in use?
7. Is there a Business Continuity Plan including disaster recovery procedures that specify the contact and functions of support resources (Questeq / Infrastructure Management, MS-ISAC, Broadband Carrier, Cybersecurity Insurer, FBI, local law enforcement, etc.)?
Each day, districts are tasked with striking a workable balance between flexibility and restriction. In the context of cybersecurity this is a formidable challenge with no quick fix. Those who are most effective approach safeguarding as a long-term commitment, strengthened by communication and planning. Vigilance and ongoing collaboration amongst technology support staff and network users is the best defense for today’s classrooms.