During this back to school season, many education departments and universities have opted for remote learning or hybrid learning. This should not be an unfamiliar experience, per se. Even before the pandemic, there was a noted upward trend in distance learning. In 2019, 46% of faculty members said they have taught an online course for credit compared to a 39% in 2016. A year ago, nobody could have predicted the immense scale of adoption the country is experiencing now. Protecting students and staff’s personal information has become of utmost importance with such an increased attack surface for adversaries to take advantage of, such as laptops, tablets and other connected devices.
Recently, Blackbaud, a cloud software company with many clients in the education sector became a victim of ransomware. Many universities had private information accessed by these hackers including students’ personal information. Just a few days ago, Hartford schools had to postpone their start date due to a ransomware attack. Evidently, adversaries are not slowing down. There’s no better time than now for educational organizations to assess and secure themselves.
There are a number of resources outlining tips for this back to school time period. Education Week took an interesting approach and outlined tips for not only teachers and principals but also tech leaders. With virtual learning, these tech leaders will hold a very important role. Items outlined for tech leaders include uploading learning assets, bringing awareness to low-cost internet access and assessing tech products.
Virtual Learning, The Expanded Cyber Attack Surface
To deal with an expanded attack surface, tech leaders need to educate and bring awareness to these potential attacks. This may include workshops and presentations on rising threats and preventative measures such as updating your devices. Moreover, organizations need to assess or re-assess their cybersecurity management program to identify gaps and come up with viable solutions.
With more phishing attempts, ransomware attacks and malware attacks – organizations may consider putting more controls into place. However, before implementing controls organizations should asses their current cybersecurity management system including the efficacy of their current controls. NIST CSF is a reliable framework to use when assessing your cyber program. Educational institutions such as University of Pittsburgh saw success using NIST CSF. The framework helped university leaders prioritize their cyber decisions, enforce consistent standards across the university and allowed them to meet other compliance standards as a byproduct. And in 2019, the New York State Education Department implemented a NIST CSF requirement to secure their educational agencies. This is a good first step in making remote students, faculty and systems more secure as the country’s largest public education system.
Changing the Game with Axio360
Some may say, implementing a framework such as NIST CSF isn’t as easy as it sounds. It can be lengthy and resource-consuming, and they aren’t wrong. But with Axio360, we help you streamline the process. Our platform carries NIST CSF along with many other frameworks. You can easily assess your current cyber state within as little as a day with the right people in the room. Teams can leave notes within the platform in real time to facilitate communication. Axio360 presents you with a score of your current state to serve as a baseline from which you can grow. Our platform also contains a road-mapping tool to help you adapt and update your plans based on business needs.
Axio360 also has a benchmarking tool that allows organizations to see how they’re doing in comparison to their peers. Collaboration is essential, especially when working from home. Axio360 makes it easy to collaborate with your team right on our platform. You can assign action items, take notes and share assessments in real-time. With Axio360 you can embark on a journey towards a future-proof cybersecurity management system.