Rom Hendler is the CEO and co-founder TrustifySaaS-based security and email encryption provider.
K-12 districts across the country are just recovering from the disruption of the pandemic, where administrators were tasked with deploying remote environments with unprecedented urgency. Some of these districts did not have the option of closure like the business community; They were forced to continue educating our children. Many districts were forced to implement some of the technologies available to accommodate these new circumstances.
Because of these barriers, technologies such as district laptops, open wireless access points, unprotected IP devices, and student management systems are often enabled with only basic security controls. Sophisticated hackers often find ways to access student management systems by trawling data for addresses, social security numbers, parent email contacts, and login credentials. Many schools lacked the immediate funding for security operations, monitoring and the level of expertise needed to manage the problems their institutions might face.
“Traditionally, K-12 schools are ill-equipped to detect network security breaches and are not fully aware of how to best respond,” affirms Jennifer Tisdale, associate principal of security services provider GRIMM Cybersecurity. Report of the US Senate Committee on Homeland Security and Governmental Affairs. Malicious hackers, on the other hand, are often very sophisticated and adaptable in taking advantage of crises, and many turn their nefarious skills into K-12 environments.
Some of the most prominent school districts in the United States have suffered ransomware attacks in recent years Baltimore Public SchoolsFor example, it cost nearly $9.7 million to restore a breach that caused weeks of academic disruption because their instruction was completely transitioned to virtual learning. The attack required teachers and students to test or swap their laptops, causing widespread confusion in determining which devices were affected by the breach.
Other troubling incidents involve cybercriminals targeting parents directly with ransom requests, threatening to lock students out of their online courses, deleting submitted work or defacing student projects by inserting profanity. This is a cyber attack Fairfax County Public Schools Involved in the disclosure of social security numbers of students and district employees, which were posted publicly. All this happened while anxious parents were trying to navigate the pandemic, look after their own health and master new distance learning technologies with their children.
Implementation of encryption and automation
Schools will benefit from a simple and intuitive outgoing email encryption capability to protect them from the effects of these costly attacks. Automated, “one-click” compliance solutions allow administrators to set their security solutions so that all email sent through the system adheres to a list of administrator-preferred rules. This takes the burden of deciding which emails are subject to compliance rules and reduces the risk of breaches through human error.
Encryption must be easy to use, or users will abandon encrypted messages. Often, teachers communicate with parents, school officials and internal services, transmitting sensitive student information. Many legacy email encryption solutions require these users to log into a separate portal to send or receive. If such a system is too complex and cumbersome, users will bypass encryption and abandon encrypted mail. School IT help desks receive many support tickets from users having trouble encrypting messages
Improving resilience through data protection
As we move into what some economists are defining as a recession, more districts may face budget crises or eventual austerity. Even in a strong economy, it is rare that any district can sustain the type of financial loss associated with a significant security breach. A report from a consumer research site Compartech It is estimated that cyberattacks will cost US educational institutions more than $3.5 billion in 2021 “in downtime alone.” These losses also have implications for taxpayers, who bear the brunt of the district budget increase.
Many high-profile breaches have been traced back to the intrusion of an organization’s email system. This means that districts at least have the option of protecting their email systems with a cybersecurity email protection solution. However, not all solutions are created equal, and agile hackers have developed ways to circumvent many traditional approaches to protecting email data.
For example, traditional, SEG-based (Security Email Gateway) solutions scan and block emails based on known malicious IP addresses. However, they don’t understand more sophisticated fraudsters and “social engineering” attacks that impersonate legitimate workers. Still, some more entrenched security brands rely on this approach. More advanced email security solutions use technologies such as AI and optical character recognition to help identify and isolate well-crafted phishing emails that lure students and teachers into revealing their usernames and passwords and encourage victims to download malicious attachments.
Districts should evaluate their solutions based on how many of these more sophisticated technologies are incorporated, which can minimize their exposure to potentially devastating fraud attacks. In addition, administrators should conduct a cost analysis comparing big-name (and often high-priced) solutions to various competitors. A comparison will sometimes identify suppliers that offer lower per-seat costs yet still offer impressive capabilities that equal or exceed well-known brands.
IT administrators should demand features like AI-powered scans, automation and one-click compliance, user-friendly encryption, and comprehensive malware protection, as these are critical to securing a district’s email network. This investment ultimately delivers ROI, protecting against costly compliance fines, ransom fees, downtime and other damages associated with breaches. Finally, a security solution should be easy to deploy, manage and use to reduce additional stress on internal IT teams, staff and students.
Ultimately, no district can afford to go without protecting the most targeted part of their network: their email data system. And building resilience is an especially welcome strategy in an uncertain post-pandemic economic landscape.