Schools in Texas are now enhancing their cybersecurity plans, according to the new state regulation, in order to prevent cyberattacks. Last week, the technology leaders from Round Rock Independent School District shared their plans on developing cybersecurity plans from staffing to risk management at the Texas Association of School Administrators midwinter conference hosting in Austin. According to their presentation, schools are the second largest pool of ransomware victims nationwide. Local governments rank at the top while healthcare organization ranks the third. In addition, they revealed that the education industry ranked worst in cybersecurity.
Last year, Texas lawmakers passed legislation to enhance the cybersecurity requirements for school districts. Senate Bill 820 requires districts to craft a cybersecurity policy to “secure cyber infrastructure.” Districts must also perform risk assessments and implement “mitigation plans”. Superintendents will designate a cybersecurity coordinator as a liaison between the district and the state and parents. According to the Texas Education Agency, the cybersecurity coordinators appointed by the local education agencies will report incidents to TEA via email. A TEA official said correspondence will go to an inbox specifically designated to receive incident reports.
House Bill 3834 requires certain state and local government employees and state contractors to complete a cybersecurity training program certified by the Texas Department of Information Resources. Gabehart said school staff and even school board members fall under that category because of their access to sensitive data. Gabehart said he is working on a student data privacy initiative that Texas would adopt a statewide data sharing agreement for all districts to use and “force vendors to make sure they do a better job of protecting our data.”
In order to defense cyberattacks, schools need to pay attention to the following aspects:
- Hyperlink Security: Install a spam filter on the mail server to filter spam, phishing emails, restrict macro scripts in emails, and scan inbox emails.
- Unknown Devices: Schools should strengthen protection at the network level in order to secure all devices connecting to the school network, including BYOD devices.
- Outdated System: Many victim computers of ransomware attacks did not update and patch in time. All networked devices should update the system and network firewall rules timely.
- User Misoperation: Set different file access permissions for different users, turn on the user login authentication service, and set a file access whitelist.
- No Backup: Regularly sets up disaster backups on the system to prevent irreversible damage to files.
Solving Your Cybersecurity Issues