The bells in Saskatchewan classrooms may have gone quiet this summer, but the ring still sounds following news of a cyberattack at Regina Public Schools.
The whole issue is cause for alarm, on a variety of fronts.
As of this writing, the school division is “assess[ing] the nature and scope of the attack and to ensure that the school division’s systems can be safely brought back online.”
While it may be frustrating to hear such little information about the event being shared, it’s by design. If thinking of a breach in the context of a building, you wouldn’t want to advertise which door was (or remains) propped open.
Unfortunately, “fixing” this isn’t as easy as removing the object and closing the door — while the door might be shut, the locking hardware may still be an issue, especially if a single key is being used.
Cybersecurity incidents aren’t limited to servers in a data centre. They’re costly and extremely disruptive events which affect both individual users and stakeholders. Plus, the effects reverberate, causing issues we wouldn’t typically think about.
Take printing, for example. A tweet shared following the cyber event reports of a “shortage of toner for the photocopiers used by Regina Public Schools.” According to the source, “Some schools have not had photocopying abilities for weeks.”
Making matters worse, the user adds, “due to the recent hack of our [Regina Board of Education] systems, only one photocopier in our building was ‘unlocked’ for use so we can’t even try the ONLY OTHER COPIER that may have toner.”
It seems the move toward “going paperless” has gone literal. We can only imagine how frustrating this must be for teachers, staff, and students. If getting through the effects of the pandemic weren’t enough, now schools are being faced with containing the spread of malware.
This is just one example. There are many others. The question remains: What can we do about it?
5 Things School Administrators Can Do to Help Fix this Problem
My post-secondary background happens to be a Bachelor of Education with a major in Secondary Business, Technology, and Media Education. So, with this in mind, I thought I’d dust off my lesson planning skills.
I’ve created a list of the top five things school administrators can focus on if looking to explore cybersecurity as planning sessions take place throughout the summer:
- Complete an inventory of key systems: Identify the “Crown Jewels” of information attackers would want to take; consider what safeguard(s) should be in place to keep these data safe.
- Complete an inventory of users and permissions: Identify user and system accounts; prune access permissions as necessary, and enforce Multi-Factor Authentication (MFA). Start with privileged accounts, or those with the highest amount of permissions — you might even find cost savings with licensing in doing so!
- Convene a governance meeting specific to cybersecurity ASAP: Explore bringing someone in 😉 to help start a conversation on cybersecurity at the governance level. The dialogue shouldn’t be focused on gloom and doom about securing the Crown Jewels; let the benefits and business value emerge.
- Engage with your stakeholders: Work in collaboration with teachers, administrators, and students to determine the individual capabilities they need to achieve success while also remaining secure.
- Consider bulk procurement: Engage with the education sector to explore procuring software and services. This approach can also help reduce instances of “Shadow IT,” where educators may resort to storing data using free or paid services outside of central IT’s control.
Here’s hoping this general advice can be used to help address some of the issues we’re seeing across sectors, including education.
Last, but not least, it still isn’t too late for Saskatchewan to establish an Advisory Panel on Critical Infrastructure and Cybersecurity. Doing so would be a great way of getting key stakeholders at the table to help solve this complex puzzle.
Tackling the challenges of cybersecurity will take teamwork. Ringing in the new school year safely and securely depends on it.
Disclaimer
The Information provided on this website is for general educational and informational purposes only. It is not meant to serve as professional advice. Further information regarding this disclaimer may be found on the General Disclaimer page.
0 Comments