Procurement teams continue to be tasked with the need to focus on prominent IT issues like ransomware and other threats to cybersecurity, while recognizing the importance of bolstering cyber posture. As you work to meet the needs of IT stakeholders, it can be beneficial to leverage a cooperative purchasing organization for a direct route to robust solutions for your school district or agency.
Serving state and local governments, The Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) reports that it expects an increase of as much as 86% in cybersecurity incidents aimed at K-12 school systems over the course of the current school year. Attacks on schools and government agencies have already spiked dramatically due to the prominence of distance learning and remote work. Having found some fairly easy targets, attackers are now piling on with threats like phishing schemes that can lead to ransomware, data theft and other criminal activity.
.png?width=1400&height=500&name=Critical%20Steps%20Procurement%20Can%20Take%20to%20Fight%20Cyber%20Threats%20(1).png)
Schools and government agencies are regularly attacked by hackers looking for a quick buck or worse, wanting to steal the personally identifiable information of staff, teachers and especially young students with blank slate credit histories ripe for exploit.
To safeguard your school district or agency, let’s explore 7 steps procurement and IT teams can take to protect data with the help of cooperative purchasing.
1. Make Cyber Hygiene Everyone's Top Priority
A recent IBM study shows that human error remains the main cause of 95% of cyber security breaches. That’s especially hard to overcome when we are talking about the behaviors of children.
For schools, the risks are compounded by the increased number of personal devices being connected into the school network, where hidden threats can quickly spread. Once hackers gain a foothold in the system, poor cyber hygiene also improves their ability to move laterally and escalate privileges as they go, compounding the damage.
Consequently, it’s especially important for K-12 organizations and state and local governments to prioritize cyber hygiene practices that can help limit exposure from pervasive attacks.
A lot of attempted attacks can be thwarted by simple actions like:
- Following prompt, effective patch management policies
- Running regular scans to detect and eliminate open ports to the internet
- Making it impossible for users o select easy-to-guess passwords like "password" instead of complex combinations of random numbers, letters and symbols
Good cyber hygiene ultimately comes down to buy-in from every individual from the top down, promoting a culture that takes cyber threats seriously — and is willing to act.
2. Require Multi-Factor Authentication (MFA)
Whether in the form of a one-time PIN sent to email or instant message, or proximity to a recognized device such as a smart phone, MFA offers an extra level of user verification.
3. Have a Solid Plan in Place Before an Incident
Train and drill staff on specific areas of responsibility and procedures for different “what if?” scenarios:
- How to proceed in mitigating or remediating an incident
- Whom to contact, and in what order
- What not to do
Even with good cyber hygiene, mistakes still happen. Attackers may still get in. So it is equally important to build up cyber resilience to defend against successful intrusions by working with your cooperative to find the best solutions.
4. Create and Test Frequent Backups
In addition to regularly backing up data, it’s also important to back up structures such as Active Directory, as well as the hardware housing the back-ups. Then test them at a regular interval to make sure they work reliably before you need them.
5. Consider Running "Chaos Engineering" Exercises
Randomly shut down servers or data centers to test the response. If your detection systems fail to register a problem, then your preparations have failed. This will reveal where you need to improve.
6. Establish and Nurture Critical Relationships
It’s good to have allies outside of your organization that you can reach out to in the event of an attack, including colleagues who can offer their material support and guidance. Through your cooperative, you can tap into assistance from the subject matter expertise of your supplier partner and cooperative advisors.
The right technology stack is of course integral to implementing these best practices. Outdated technology stacks make it much harder to perform these types of cyber resiliency actions. School districts need to leverage modern technology tools to effectively detect, resist and recover from attempted cyber attacks.
Because product options can seem overwhelming, it’s important to seek the right guidance to help you understand what those tools are, how they work and how to apply them most effectively.
7. Don't Leave Money on the Desk
Fortunately, for the first time, there is now significant federal funding available to help K-12 organizations address their increased cybersecurity needs. These funds go well beyond limited E-rate basics. The $2.2T Coronavirus Aid, Relief, and Economic Security Act (CARES Act) provides emergency funding assistance that K-12 schools can use to advance their technology capabilities for distance learning and ensure continuity of operations. A strengthened cybersecurity posture is essential to that purpose. In particular, the Elementary and Secondary School Emergency Relief Fund (ESSER) was allocated as part of the CARES Act Education Stabilization Fund provision, tying directly back to addressing cybersecurity concerns. Other funding is available under the American Rescue Plan Act (ARPA) and the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSA).
Under these special funding programs, K-12 organizations can deploy needed solutions for little to no money coming from their existing budget. More information can be found on each Act’s website. These are temporary relief programs, so there is no time to wait. There has never been a more critical time to safeguard schools’ and children’s digital lives.
World Wide Technology and OMNIA Partners
World Wide Technology is a Technology Solution Provider that focuses on helping government and education customers overcome their challenges and provide positive business outcomes. Through World Wide Technology's cooperative contract, agencies nationwide are able to simplify their procurement process while realizing deeper savings by leveraging the volume of OMNIA Partners.