Resources

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats.

On any team, there is someone who has the vision and sets goals, and there is someone on the ground who makes sure those things happen. No team can be successful if the person responsible for getting things done is not working towards the same goal as the person at the top.

As we mentioned in our last bulletin, in January 2023 CISA published a report “Partnering to SafeGuard K-12 Organizations from Cybersecurity Threats”. In that report, CISA suggested that schools start their Cybersecurity journey by implementing six of the Highest-priority security measures.

We have been talking a lot in these bulletins about the increase in Cybersecurity incidents and what can be done to mitigate that risk. Congress also recognized this heightened risk environment and enacted the K–12 Cybersecurity Act of 2021 (“The Act”), which required the Cybersecurity and Infrastructure Security Agency (CISA) to report on cybersecurity risks […]

I am sitting here at 6 a.m. doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight and there were lots of noisy UPSes, but thankfully it was a pretty boring morning.

Today it seems everything is connected to the internet in some way. At home, you have doorbells, garage doors, TVs, and a myriad of other things. School networks also have a long list of vendors and vendor devices sharing their network.

Today’s Tidbit should be quite simple once you get going. NIST requires data to be encrypted in transit and at rest. Probably you have a number of staff and techs who have laptops that leave the district.

Imagine you’ve been hit by a Cyber Attack. Your network is locked by ransomware and all your data is compromised. What now? Many people rely on their backups as a way to restore their data.

In August of 2021, CISA added “Single Factor Authentication” to its list of practices it considers “exceptionally risky” as it exposes you to an “unnecessary risk from threat actors”. As a result, you may start to see requests from multiple sources to implement multi-factor authentication (MFA) strategies.

I watch a lot of Cybersecurity presentations. Ransomware is on everyone’s lips as a major concern. Here are two interesting tidbits of information. Many Law Enforcement Agencies and CyberSecurity Analysts are now recommending that if you don’t pay the ransom, you keep your encrypted data and backups anyway.