Cybersecurity Awareness Month: Strengthening Digital Defenses in Education and Local Government
As the leaves change color and the air turns crisp, it’s clear that October has arrived. Along with the festive decorations and cooler weather, October also brings Cybersecurity Awareness Month. Since 2004, this month has been dedicated to raising awareness about the importance of cybersecurity, with both the public and private sectors working together to educate and protect. This year’s theme, Secure Our World, as emphasized by the Cybersecurity and Infrastructure Security Agency’s (CISA’s) cybersecurity awareness program, highlights the importance of shared responsibility in ensuring cybersecurity.
The Evolution of Cybersecurity
When the Department of Homeland Security first launched Cybersecurity Awareness Month, the landscape of IT security was vastly different. Back then, cybersecurity was a niche concern, mostly confined to IT departments. Fast forward to today, the threat landscape has evolved dramatically. Cyberattacks are on the rise across all sectors, and the use of artificial intelligence by cyber criminals has added a new layer of complexity to the challenge.
Cybersecurity in Educational Institutions
The Vulnerability of Schools
Educational institutions are facing a growing wave of cyberattacks. Ransomware, phishing, and other tactics pose significant threats to disrupting learning environments and compromising sensitive data. As schools increasingly adopt digital tools for virtual classrooms and online file sharing, the risk of cyberattacks continues to rise.
A recent report by Infosecurity Magazine highlights the severity of the issue: In 2023, 29% of attacks on educational institutions were attributed to vulnerability exploitation, while 30% originated from phishing campaigns targeting K-12 schools.
Incident Response Plans
Without a detailed incident response plan, schools may struggle to survive a cyberattack. These plans provide a blueprint for maintaining cyber resilience during an attack or natural disaster. However, a 2023 CoSN survey revealed that only 41 percent of K–12 schools have implemented an incident response plan. Given the increasing prevalence of cyber threats, it’s more important than ever for schools to prioritize cybersecurity.
Practical Cybersecurity Tips for Schools
Here are some key strategies schools can implement to strengthen their defenses.
1. Start with a Comprehensive Vulnerability Assessment
The first step in improving school cybersecurity is to evaluate and assess potential vulnerabilities that could compromise security. CISA offers tools to help districts identify gaps in their security systems. A thorough assessment establishes a baseline, enabling districts to pinpoint specific vulnerabilities and prioritize areas for improvement. This foundational step is crucial for creating a targeted cybersecurity plan that addresses both immediate and long-term needs.
2. Enable Stronger Authentication
One of the most effective ways to safeguard school networks is by implementing multi-factor authentication (MFA). MFA adds an extra layer of security by requiring users to provide multiple forms of verification before gaining access to accounts. This step significantly reduces the risk of unauthorized access, especially when combined with strong password practices.
3. Create Strong Passwords and Update Regularly
Encouraging students and staff to use complex, unique passwords is essential in protecting accounts from cybercriminals. Passwords should include a mix of numbers, symbols, and letters, and should be changed regularly. Additionally, using different passwords for different accounts can prevent multiple breaches if one account is compromised.
4. Keep Devices and Systems Updated
Outdated software and operating systems are vulnerable to cyberattacks. Schools must ensure that security software, operating systems, and web browsers are regularly updated to protect against known vulnerabilities. Automatic updates should be enabled wherever possible, and school IT teams should actively monitor for security patches.
5. Be Cautious with Links and Suspicious Emails
Phishing attacks remain one of the most common ways cybercriminals infiltrate school networks. School staff and students should be trained to avoid clicking on suspicious links or opening unexpected attachments, even if they appear to come from a known source. Raising awareness about phishing tactics is key to minimizing these types of attacks.
6. Secure Wi-Fi Networks
An often overlooked vulnerability is the security of school Wi-Fi networks. Schools should change default usernames and passwords on wireless routers and use strong encryption methods to protect their networks. Unsecured networks make it easier for unauthorized users to gain access to sensitive information.
7. Limit Personal Information Sharing
Educational institutions must encourage staff and students to limit the personal information they share online. Privacy settings should be utilized to control what information is publicly accessible, reducing the risk of identity theft and other cybercrimes.
8. Establish Clear Cybersecurity Guidelines
District leaders must establish clear cybersecurity policies that outline best practices for online safety. This includes guidelines on setting strong passwords, recognizing phishing attempts, and reporting suspicious activity. Regular updates on emerging threats, such as ransomware, should be provided to keep everyone informed. To further protect against attacks, districts should consider investing in cyber insurance, which can mitigate financial losses caused by breaches.
9. Implement Identity and Access Management (IAM) Systems
Identity and Access Management (IAM) systems play a critical role in safeguarding school networks by managing who can access certain systems and data. According to Juniper Research, IAM systems authenticate users and control their access to ensure that only authorized individuals can view or modify sensitive information. Implementing an IAM system not only protects against unauthorized access but also allows schools to manage and secure student devices remotely.
10. Provide Ongoing Cybersecurity Training
Cybersecurity is a shared responsibility. CISA is actively training K-12 schools on cybersecurity, aiming to reach 300 additional schools in 2023. Regular training for school staff is important, covering topics like threat recognition, data protection, and safety measures. Programs like Google’s “Be Internet Awesome” can equip students and teachers with the knowledge needed to stay safe and responsible online. By investing in cybersecurity training, schools can significantly reduce the risk of data breaches and protect their digital assets.
Cybersecurity in Municipalities and Local Governments
The The Rising Costs and Risks of Schools
Schools are not the only entities facing cyber threats—local governments are also in the crosshairs of cybercriminals.
According to the Sophos State of Ransomware 2024 survey, 59% of organizations were targeted by ransomware in the past year. While the overall frequency of attacks has decreased, the impact on victims has intensified, with average recovery costs soaring to $2.73 million—a 50% increase from the previous year.
Local governments are particularly vulnerable to these threats and are facing rising costs for cybersecurity protection. Skyrocketing insurance premiums have forced many public sector entities, particularly smaller municipalities, to seek alternative solutions. As a result, cyber risk pools have emerged as a more affordable and collaborative approach to managing cybersecurity risks. These pools not only provide lower-cost insurance but also foster mutual support among public sector organizations in their efforts to enhance cybersecurity defenses.
Best Practices for Local Governments
As the public sector faces increasing risks, it’s important that local governments take proactive steps to reinforce their cybersecurity measures. Below are nine best practices every local government should consider:
1. Develop a Comprehensive Plan
Include basic, foundational, and organizational controls to protect, detect, and respond to cyber incidents. Resources from CISA can be invaluable.
2. Thoroughly Assess Processes
Periodically evaluate your cybersecurity posture and training efforts. Free resources such as the Department of Homeland Security’s Infrastructure Survey Tool and Cyber Resilience Review can provide valuable insights.
3. Utilize NIST Resources
Follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which includes identify, protect, detect, respond, and recover.
4. Invest in Cyber Insurance
Despite rising premiums, cyber insurance remains essential. Policies that cover privacy liability, network interruption, and errors and omissions can provide much-needed financial safeguards in the event of an attack.
5. Stick to the Basics
Implement regular software updates and secure backups. Follow best practices for password protection and ensure all personnel comply with standard security methods like data encryption and multi-factor authentication (MFA).
6. Train, Retrain, and Train Again
Conduct comprehensive staff training to ensure everyone can identify and respond to threats. Adopt a mindset that cybersecurity is everyone’s business.
7. Offer Internships
Collaborate with local colleges and universities to bridge the cybersecurity skills gap and build relationships in the community.
8. Stay Informed
Keep up with the latest cybersecurity trends and threats. Cybersecurity threats are constantly evolving. Municipalities must stay informed of the latest developments and adapt their security protocols accordingly.
9. Outsource Security Operations
Many local governments are outsourcing cybersecurity operations to manage costs and gain access to specialized skills. This approach allows municipalities to leverage expertise without the burden of maintaining in-house resources.
Arizona's Cybersecurity Initiatives
Arizona has established a comprehensive Cybersecurity Plan that outlines the state’s commitment to improving cybersecurity across local jurisdictions. The plan includes organizational roles, funding strategies, and best practices for managing and monitoring cybersecurity efforts. Key components involve implementing MFA, enhancing logging practices, and migrating to the .gov internet domain. By aligning with NIST principles and promoting safe online services, the plan aims to bolster the cybersecurity posture of all state entities.
Conclusion
The escalating cyber threats facing schools and local governments require immediate and sustained attention. Cybersecurity Awareness Month serves as a reminder that the digital world is fraught with risks, but with careful planning, robust training, and the right tools in place, public sector entities can protect themselves.
Whether it’s a school developing an incident response plan or a municipality leveraging NIST’s cybersecurity framework, the time to act is now. As Cybersecurity Awareness Month reminds us, safeguarding our digital environments is not just a responsibility for October—it’s an ongoing commitment that requires vigilance and collaboration throughout the year. With the right strategies, our schools and local governments can build a future where they not only survive but thrive in the digital age.
GMI is proud to be part of an initiative that prioritizes online safety and education. We’re committed to helping organizations of all sizes stay safe online. Our comprehensive security solutions are designed specifically for educational institutions, municipalities, and state governments to build a strong security posture.
For more details on our services, call us at (480) 998-0555 or visit our website today.