Why is cybersecurity important to Education?

Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily available documentation from Microsoft or Google. Additionally, the frameworks on which these guides are based are freely available via the National Institute of Science and Technology (NIST).

It’s important to note that the educational community is a target for cybercriminals and not just from a ransomware angle. Primary educational institutions still face off against students attempting to manipulate grades or just create random chaos on systems with the purpose of causing a delay or canceling school. The research conducted by secondary institutions is also a target, especially by nation-state actors.

DevOps Connect:DevSecOps @ RSAC 2022

All institutions should take steps to secure their environments. The best way to do this is to follow the proven guidance of the Center for Internet Security’s Critical Controls, particularly with regards to the six Basic Controls. Most K-12 school departments will already have #1 and #2 covered, but #3 through #6 might be a challenge depending on available resources and budget allocations.

Let’s have a look at how educational institutions can implement all six of these basic security measures.

Figure 1 CIS Controls™ v7.1

To get the most out of the CIS Controls™, it is important to understand your organization’s classification. Most K-12 schools tend to have a small staff, often sharing a single person between multiple schools. CIS® would classify this type of organization as Implementation Group 1 (IG1), “small to medium-sized with limited IT and cybersecurity expertise to dedicate toward protecting IT assets and personnel.” The main focus (Read more...)