[ad_1]
This voice is auto-generated. Please let us know if you have any feedback.
This column is part of an ongoing series. For previous installments, click here.
The best advice comes from people who live it. With that in mind, K-12 Dive asks superintendents, principals, or other groups of administrators each month for insights and best practices on the biggest challenges facing public schools.
For this month’s question, we asked five tech leaders from our districts.
Adam Fial
Director of Technology and Media Services, Newton County School System, Georgia
The people part is the biggest security issue. Implementing things like multi-factor authentication for users is one of the things he does to help keep networks and systems as secure as possible. One of the other major factors is definitely having a backup of your data. An off-premises in-cloud backup solution is definitely going to be important for all types of systems.
Current situation with K-12 — I don’t want to be pessimistic, but I can’t keep up with all the villains out there and how they attack. there is not. So the structure and resources can be put in place to keep things safe, but the point of view is to be able to get everything back to normal as quickly as possible if compromised by a ransomware attack or attack. should also be considered. villain out there.
Can be as secure as NORAD [North American Aerospace Defense Command] It’s a balance between giving users access to what they need, when they need it, and protecting the same information at the same time. This is a tightrope that we his CIO, CTO, and technical lead must walk constantly, a fine line between security and accessibility to the end-his users.
Rob Dixon
Chief Information Officer, Wichita Public Schools, Kansas
There are so many factors weighing on the district today. One is how to handle risk and meet the growing demand for cybersecurity insurance.This is difficult because you will be implementing security features To instead of staff When they.
Another is lack of resources. Most school districts are in the midst of hybrid or cloud. [deployment] Providing the necessary resources to ensure that your data is not only good both on-premises and in the cloud, but good in transit is an ever-changing goal.
I think the most important of these is end-user digital literacy and citizenship. If we can help people pay attention and be aware of how they operate digitally, the entire organization can operate better and safer.
Cathy Christie
Director of Technology, Neshamini School District, Pennsylvania
Districts should begin to consider the resources they may or may not have in place to protect their networks. Compensation is not considered when staff acquire these new skill sets. Most senior managers see this as just part of their current job scope.
Dealing with these silent problems requires running a 24/7 shop. If something happens, it’s almost certain that no one fully understands how it happened and what it takes to eradicate it. As you can see, only she can finish it all by herself.
You need knowledgeable people dedicated to understanding network structure, what they’re looking for, and how to proactively make changes to the network to combat what might change on a daily basis.
We are in a technology boom in that everything is created and used on the network. [with] As we continue to add more and more network devices, there will be more entry points. IT understands the need to make something convenient, and uses technology to make it happen.But just ask the staff to install [multifactor authentication] Not convenient. The pressure he puts on IT directors to ensure the safety of staff and students is immense, and he will only be held accountable if something goes wrong.
Todd Wesley
Chief Technology Officer, Lakota Regional School District, Ohio
There are so many lenses for which I could answer this, this is certainly not an exhaustive list.
- Training, updates, cyber/data security alerts for all staff and more specialized training for technology staff.
- Right-sized cybersecurity-focused staffing resources and/or partners.
- Proven deterrents and mitigations (i.e. multi-factor authentication, endpoint and data loss protection, network/system segmentation and monitoring, asset management and scanning, access control, regular backups, etc.).
- Collaborate with other districts on what works and what doesn’t.
- Efficient centralized patching in line with cyber alerts and vendor releases.
- Working with industry recognized controls and groups such as CISA [Cybersecurity and Infrastructure Security Agency].
- Create/test incident response in line with policy.
- cyber insurance.
- Regular security assessments by third parties and adjustments accordingly.
- Ability and willingness to continuously learn, grow, adjust and support each other while simultaneously supporting teaching and operations.
Joe Cuzo
Director of Technology, Quakertown Community School District, Pennsylvania
I strongly believe that not all software and hardware in the world can protect against inadequate attacks. It’s a designed network, so it’s always a good idea to start with what you can change.in many Unless, of course, you need engineering support, which you may not have the ability to do in-house.
Diverse and fragmented networks are the key to protecting us. Identify each device/user/purpose and ask “What if?” What if Network A’s students are compromised? What are they currently vulnerable to?Then identify what changes you can make to “lock” it [network] As such, these devices only communicate as minimally as possible.
Most student devices do not require network access, other than outbound internet. They don’t need to see your internal infrastructure at all, so don’t allow them. Repeat this process for all types of devices.especially [Internet of Things]Restrict IoT devices to vLANs based on vendor and allow only what is needed.
Planning for the event: What happens if you’re breached? If you can afford it, we recommend a business continuity plan that includes redundant data centers and cloud-based options. Can you create a remote cloud-based environment so that basic business functions can continue if it might go down? and having a framework for action is key to agile response.
[ad_2]
Source link