Skip to content

An open letter to K-12 leaders

An open letter to K-12 leaders

Since the beginning of the pandemic, school districts nationwide have made significant investments to expand technology options for students and teachers. Although this increase in capability has positive implications it also compounds the challenge of safeguarding the computer network. Each new technology component is an asset in the teaching and learning process but should also be viewed as a potential liability if not properly secured.

The start of the school year has been met with a nationwide surge in attacks on K-12 networks. Several high-profile cases involve foreign actors exploiting vulnerabilities in common operating systems and applications to disrupt school operations under ransom demands. District’s that don’t capitulate to these demands find their stolen data released online and are left to rebuild at a high expense.

Questeq is working diligently with partner districts to employ best-practices in safeguarding and network security. Unfortunately, there is no single solution that can render a network impenetrable, rather it requires vigilance from all stakeholders. With that in mind, we believe there are several questions that district administrators and technology leaders should consider as a precursor to a more comprehensive security assessment:

1. Do all network users participate in security awareness training?

2. Does the district have an Enterprise Anti-Malware solution that can be actively monitored and updated on all servers and endpoints (computers, laptops, etc.)?

3. What is the frequency for patching server operating systems and network appliance firmware?

4. Are all critical business systems backed up according to the 3-2-1 model, with 2 copies of the backup local and one copy of the backup offsite?

5. Is remote access secured (VPN, RDP, NAC) at the port of entry and limited to essential roles in efforts to minimize exposure?

6. Are security best-practices such as intrusion detection, acceptable use policies, strong passwords, and multi-factor authentication in use?

7. Does the technology team and other personnel with elevated system permissions employ separate accounts with appropriate privileges, distinct from their everyday personal user accounts, to reduce exposure in the event of a breach?

8. Is there a Business Continuity Plan including disaster recovery procedures that specify the contact and functions of support resources (Questeq / Infrastructure Management, MS-ISAC, Broadband Carrier, Cybersecurity Insurer, FBI, local law enforcement, etc.)?

Each day, districts are tasked with striking a workable balance between flexibility and restriction. In the context of cybersecurity this is a formidable challenge with no quick fix. Those who are most effective approach safeguarding as a long-term commitment, strengthened by communication and planning. Vigilance and ongoing collaboration amongst technology support staff and network users is the best defense for today’s classrooms.

Back To Top