Summer is over and schools are back in session across the country. If you missed the chance to prepare and test your cybersecurity protocols while students were living their best lives on summer break, there are actions you must take at the start of the school year to get your programs in shape.
Teachers and administrators are ready to kick off a great year of learning, but must match that same preparedness to ensure their cybersecurity safety house is in order.
While not an exhaustive list, here is a checklist of 10 areas that deserve the most attention and that you can get started on (or even complete) immediately. Keep in mind, cybersecurity often touches physical security, too, so some of the recommendations make important cross-functional impacts, including helping you secure and maintain your insurance coverage.
1. Do you have an expert security advisor?
It’s imperative you have someone qualified advising you on your security program. This could be an internal or external resource, paid or free, as long as it’s someone who is a bona fide security expert. If you don’t know someone like this, you can always reach out to your local university and ask if they have senior students or a professor who might be able to help you.
2. Have you completed a risk assessment?
Without completing a formal risk assessment, you can’t accurately know what’s going on in your world, security-wise. And if you don’t know what the threat is, you can’t protect yourself from it. A risk assessment can give you all the information needed for an effective security program, including what you need for continuity disaster recovery and incident response planning.
3. Have you designed and implemented security controls?
Once you perform a risk assessment, you’ll know which security controls should be put in place, whether they’re administrative, physical, or technical. This also includes tackling the issue of access control. Do you know who’s coming and going? Have you designated which groups should have access, and to what? Your security controls should be reviewed on a bi-annual basis at worst, quarterly at best.
4. Do you know what you have, and where you have it?
This pertains to asset inventory, in terms of your people, process, technology and data. What devices are connected to your network? What people have access to which systems? Do you know where your data is? If you signed an End User License Agreement (EULA) with a software provider, for example, you may have agreed to having your data sent to third parties. When all is said and done, it could end up in far more places than you anticipated. So, you need to take stock of your inventory, including what’s in the cloud (which isn’t guaranteed to be secure). Know what you have and where it is.