Cybersecurity Planning for Next School Year

cybersecurity planning
(Image credit: Future)

In this virtual roundtable, Dr. Kecia Ray talked cybersecurity planning with Matthew Baird, Network Security Manager, Santa Fe Public School District, Tom Ryan, Chief Information and Strategy Officer, Santa Fe Public School District, Dave Lemmon, Senior Director, North America, ContentKeeper Technologies, and Vince Scheivert, Assistant Superintendent for Digital Innovation, Loudon County Public Schools. 

The discussion touched upon subjects such as keeping data private, cybersecurity concerns, and monitoring online activity to make sure students are safe and content is appropriate.

See the on-demand version here

Key Takeaways

Finding balance. School IT personnel have to find the balance with providing security and promoting educational access. “The mission isn’t security,” said Tom Ryan, Chief Information and Strategy Officer, Santa Fe Public School District. “The mission is supporting the teaching and learning in a secure environment.” Having a cross-functional team helps IT teams to set the policies and standards to keep the balance that allows great teaching and learning.

Threat awareness. “Cyber attacks are not unlikely to happen, they are likely to happen,” said Ryan. To that extent, you have to increase awareness of cyber threats among your end users, added Matthew Baird, Network Security Manager, Santa Fe Public School District.

Also understanding that threats are imminent should encourage leaders to proactively work with cyber insurance advisors, who can help in making informed decisions regarding issues such as ransomware attacks -- should you pay or not? Having these conversations ahead of time can help in creating a plan of action rather than waiting until you’re under attack. Districts should also stay connected with local and national security resources.

Vulnerability management. Having fringe protection isn’t enough, especially with so many devices at home, said Baird. Having a good vulnerability management system is key, as it can help you accurately determine the risk level of certain vulnerabilities. It’s also important to test your ability to restore from backups -- you don’t wait until an attack has happened to see if you can rebuild a network. By testing regularly, if something does happen, you’ll know that your backups are working properly. 

Visibility and protection. “If you don’t see it, you can’t control it,” said Dave Lemmon, Senior Director, North America, ContentKeeper Technologies. You need to see all web activity to protect students, including a view of every device a school owns. Districts need to secure all sources of web traffic. Students sometimes make themselves anonymous and then poke a hole through the firewall, which creates an opening for malware or ransomware. Administrators need to be aware of what’s happening in order to protect students. For example, protecting students from accessing the dark web -- “No one knows you’re 13 on the dark web,” said Lemmon. “You have access to everything, but everyone has access to you.” Trouble will eventually find students.

Control is key. Having tools such as sub-domain control builds harmony between IT and academics, said Lemmon. That level of control allows students to access certain sites or the only parts of a domain that they need, which can keep them out of trouble. It’s also important to have safety alerts that use contextual analysis. For example: If a search is doing a search with the word “kill” --  ‘To Kill a Mockingbird’ should not trigger an alert, but a search for ‘How do I kill myself?’ should. 

Re-herd the cats. When remote learning started, many educators found all sorts of new platforms and software to use for remote learning, but often those tools were not properly vetted by a district, said Vince Scheivert, Assistant Superintendent for Digital Innovation, Loudon County Public Schools. “How do we re-herd the cats?” asked Scheivert. “How do we bring everyone back into the safe resources and tools we use?” That’s been the goal of his team for Fall, to have everyone using the same approved resources, including video conferencing platforms. “Just like vampires can’t get into your house without being invited in, no one should get into your video conference without an invite,” said Scheivert. 

cybersecurity planning

(Image credit: Tom Ryan)

Team effort. “Cybersecurity is everyone in the district’s job,” said Scheivert. “Everyone has a role to play.” That includes teachers, students, and parents, and everyone aware of the various cyberthreats. “There is no minimum amount of security, there’s just the maximum that you can afford,” he added. “Safety and security should support innovation, not impede it.”

Special populations. How do you make special population students and parents aware of cybersecurity threats and best practices? Ryan suggested partnering with the educators who work with these students to look at what’s the appropriate way to communicate the message. Often, the educators can better communicate than IT with their students. 

Lunch 'n Learn with Tech & Learning

This report is part of Tech & Learning's District Leadership Lunch ‘n Learn Roundtable series, hosted by Dr. Kecia Ray. In this series, districts from across the U.S. share their strategic plans, the challenges they are facing, and the creative solutions they are using to support students and teachers. Access previous webinars and register for our upcoming events here

More from T&L: Lunch 'n Learn roundtable recaps 

Ray Bendici is the Managing Editor of Tech & Learning and Tech & Learning University. He is an award-winning journalist/editor, with more than 20 years of experience, including a specific focus on education.