October 1, 2022

Rom Hendler is the CEO and co-founder Trustifyprovider of SaaS-based email security and encryption.

K-12 districts across the country are still recovering from pandemic disruptions, where administrators have been tasked with deploying remote environments with unprecedented urgency. These districts did not have the option of closing down as some in the business community did; they were obliged to continue educating our children. Many districts were forced to implement whatever technology was available to adapt to these new circumstances.

Because of these barriers, technologies such as district laptops, open wireless access points, unsecured IP devices, and student management systems were often enabled with only basic security controls. Sophisticated hackers have often found ways to access student management systems looking for address information, social security numbers, parent email contacts and login credentials. Many schools lacked the current funding for the level of security operations, oversight and expertise needed to address the issues their organization might face.

“Traditionally, K-12 schools are not equipped to identify network security breaches and are not fully aware of how best to respond,” confirmed Jennifer Tisdale, associate director at security services provider GRIMM Cybersecurity, as reported by the US Senate Committee on Homeland Security and Governmental Affairs. Malicious hackers, on the other hand, are often very sophisticated and adaptable when it comes to exploiting a crisis, and many have turned their nefarious skills to K-12 environments.

Some of the most prominent school districts in the United States have been hit by ransomware attacks in recent years. Baltimore Public Schools, for example, spent nearly $9.7 million to fix a breach that led to weeks of academic disruption as their instruction was turned entirely into virtual learning. The attack required teachers and students to turn in their laptops for inspection or replacement, causing widespread confusion over which equipment was affected by the breach.

Other disturbing incidents included cybercriminals directly targeting parents with ransom demands, threatening to lock students out of their online courses, deleting submitted work or defacing student projects by inserting obscene language. Cyber ​​attack on Fairfax County Public Schools it included the release of the Social Security numbers of both students and district staff, which were made public. All this happened while anxious parents were trying to cope with the pandemic, take care of their health and master new distance learning technologies together with their children.

Implementation of encryption and automation

Schools will benefit from a simple and intuitive ability to encrypt outgoing email to protect them from the impact of these costly attacks. Automated “one-click” compliance solutions allow administrators to set up their security solution so that all emails sent through the system comply with a list of regulations of the administrator’s choosing. This takes the burden of deciding which emails are subject to compliance regulations and reduces the risk of breaches through human error.

However, encryption must be easy to use, otherwise users will give up on encrypted messages. Teachers often communicate with parents, school officials and internal services, conveying sensitive information about students. Many legacy email encryption solutions require these users to log into a separate portal to send or receive. If such a system is too complex and cumbersome, users will bypass encryption and abandon encrypted mail. School IT help desks receive many support tickets from users who have difficulty encrypting messages.

Improving resilience through data protection

As we move toward what some economists define as a recession, more districts could face budget crises or eventual austerity conditions. Even in a strong economy, it’s rare that any district could sustain the kind of financial damage associated with a significant security breach. A report from a consumer research site Comparitech estimates that cyberattacks cost American educational institutions across the network more than $3.5 billion “in downtime alone” in 2021. These losses also have consequences for taxpayers, who bear the burden of increasing district budgets.

Many high-profile breaches involve the infiltration of an organization’s email system. This means that districts at least have the ability to protect their email systems with a cybersecurity email protection solution. However, not all solutions are created equal, and agile hackers have developed ways to bypass many common approaches to protecting email data.

For example, traditional SEG (Secure Email Gateway) based solutions scan and block emails based on known malicious IP addresses. However, they cannot discern more sophisticated scammers and “social engineering” attacks impersonating legitimate staff. However, some of the established security brands depend on this method. More advanced email security solutions use technologies like artificial intelligence and optical character recognition to identify and quarantine well-crafted phishing messages that trick students and teachers into revealing their usernames and passwords and encourage victims to download malicious attachments

Districts should evaluate their solutions based on how many of these more sophisticated technologies are incorporated, which can reduce their exposure to potentially devastating fraud attacks. Additionally, administrators should do a cost analysis comparing the bigger name (and often more expensive) solutions to different competitors. Benchmarking will sometimes identify vendors that offer a lower cost per seat but deliver impressive capabilities that equal or exceed well-known brands.

IT administrators should demand features like AI-based scans, one-click automation and compliance, user-friendly encryption, and comprehensive malware protection, all of which are vital to securing a district’s email network. This investment ultimately delivers ROI, bypassing costly compliance penalties, ransom fees, downtime, and other damages associated with compliance violations. Finally, a security solution should be easy to implement, manage and use to alleviate additional stress on the internal IT team, staff and students.

Ultimately, no district can afford to go without protecting the most targeted part of their network: their email data system. And building resilience is an especially welcome strategy in an uncertain post-pandemic economic environment.

Forbes Technology Advice is an invitation-only community for world-class CIOs, CTOs and CTOs. Do I qualify?

Source link

Leave a Reply

Your email address will not be published.