Issue link: https://nebusinessmedia.uberflip.com/i/1496993
16 HARTFORDBUSINESS.COM | APRIL 17, 2023 DOUG LEVIN is co-founder and national director of the K12 Security Information eXchange (K12 SIX), a national non-profit dedicated solely to helping schools protect themselves from emerging cybersecurity threats. Q: What are the top cyber threats for K-12 schools? A: K-12 schools face various cyber threats, including data breaches involving student, staff, and teacher data; ransomware attacks causing significant disruptions; defacement to deliver hate messages and divisive speech; and email-based phishing attacks, leading to identity theft and financial losses. Q: How can schools fight back effectively? A: To combat cyber threats, schools should implement baseline cybersecu - rity controls based on robust frame- works, seek out and utilize low-cost or free cybersecurity resources provided by the federal government or other sources, and collaborate with other school districts to share best practices, advice, and threat intelligence, fostering a collective defense approach. Q: How has remote learning al - tered the cybersecurity landscape for K-12 schools? A: Remote learning accelerated the adoption of digital technology, pushing schools to rely on technology for daily operations, classroom instruction, and back-office functions like facilities, transportation, and HR management. As a result, schools' attack surfaces have increased, making them much more vulnerable to cyber threats. Q: How can schools build a solid cybersecurity plan? A: It is important to recognize that K-12 schools face unique risks and challenges, which differ from those faced by state and local governments or small and medium-sized business- es. Schools can build a solid cyber- security plan by focusing on cyber hygiene steps such as patching, multi-factor authentication, backups, incident response planning, and fos- tering awareness through training. For a more comprehensive list, K12 SIX recommends a dozen protections that every school district should imple- ment, aligning with the best practices advised by cybersecurity experts. Q: What role do school leaders play in cybersecurity? A: Cybersecurity is an organizational risk, not just IT's responsibility. School leaders must set priorities, allocate budgets, and plan for cybersecurity risks, similar to physical security risks. They must ensure the cyber safety of the school community, including training, awareness, and practicing response plans. Q: How can schools protect against cyberattacks? A: Schools should have strong pass - word policies, multifactor authentica- tion, stay up-to-date with patching, and encrypt important files at rest. They should also consider deleting or archiving unnecessary data to reduce the potential exposure to risk. Q: How can schools encourage a cybersecurity mindset among students and staff? A: Schools should provide security and awareness training for staff, par - ents, and students. North Dakota, for example, requires students to receive cybersecurity lessons as part of their K-12 experience. Schools should im - part critical thinking skills, emphasizing cybersecurity awareness and training tips in regular communications. Q: How can schools reduce the damage of cyberattacks and bounce back quickly, especially from serious ransomware attacks? A: Cyberattacks affect school districts of all sizes and types nationwide. The best approach is to develop a cyber incident response plan. Most school districts have emergency operations plans for physical security events or extreme weather events, and they should do the same for cyber inci - dents. Having a plan in place helps school systems recover more quickly and gracefully from incidents. It is im - portant that plans address communi- cation. School districts must effectively communicate with their community about incidents, maintaining trust and managing expectations. Q: What should K-12 schools fo - cus on to protect themselves from future cyber threats? A: Schools should look for time-saving tools and solutions that help automate cybersecurity processes, such as SOAR and outsourced SOC solu - tions. AI can be both a concern and an opportunity. AI can make phishing attacks more sophisticated, but it can also help protect against cyber threats. However, it's crucial to imple - ment basic cyber hygiene practices, including multifactor authentication, robust backups, patching, cyber inci - dent response plans, and training. Q: Any final words or tips for schools to address cybersecurity issues? A: The K12 Security Information Ex - change (K12 SIX), a national nonprofit organization, offers free resources, threat intelligence, and guidance to help protect school districts from emerging cybersecurity risks. Schools can visit www.k12six.org to access valuable information and assistance in addressing cybersecurity challenges. © 2023 Cox Communications, Inc. All rights reserved. PAD108710-0006 coxbusiness.com You have what it takes. And we know what IT takes—from high-speed Internet to managed cloud options. No one crushes crunch time like you