Let’s take a look at a few key factors:
School systems, especially now that they are providing technology to students, can be larger than most corporations. For example, a county school system with over 27,000 admin, teachers and students can have over 40,000 devices. That is comparable to the largest corporation in Alabama, having just over 29,000 employees.
Hackers are after data and disruption. The data is extremely valuable and is sold on the dark web. The PII (Personal Identifiable Information) of a child is far more valuable than an adult.
And the all important. . .Why?
The child’s credit, generally, won’t be checked until they reach 18 years old. That means that the information can be used for years without detection. Did you know: The most valuable information is that of an infant.
Where Schools fall short:
Not Adequately Prepared
Compare the preparedness, take the investment made and overall cybersecurity profile of any large corporation and compare that to most school systems. Large corporations understand the risk and make investments in people, processes, and tools to ensure a level of cybersecurity, yet they have vulnerabilities. School Systems tend to not emphasize the importance of cybersecurity to the same level as corporations do; therefore, the vulnerabilities can be exponentially larger and generally not as well addressed.
Views on access tend to be more relaxed in education systems than in corporate entities, as well.
Open Trust vs Zero Trust Access
Taking a Zero Trust approach to security means you start with granting no one access to anything. Then you allow permissions based on need to know or need to do. Zero Trust can be a difficult proposition because people tend to take things personally: You don’t trust them versus understanding it is about securing the data.
Taking the Open Trust or even the Convenience Approach is where you give permissions to just about everyone until you are given a reason not to or for just those ‘certain’ files. This approach is adopted, so people aren’t inconvenienced when they need or want to obtain information, add an application or software to their device etc. This leaves too many open doors that can be exploited and has data stored in too many places that could be compromised.
School Systems should realize their overall size and what is at risk. They need to assess their security profile and landscape, search for vulnerabilities and take remediation steps to strengthen their security landscape. They should review their policies and procedures and compare them to “best practices” for entities similar in size.
Have a question? Reach out today! (256) 513-8206
PCS Provides Total Secure IT Services
When is the last time you considered exactly what is at risk within your business? What’s in your Cyber stack? These questions and more will be answered in our upcoming blog.