If you keep up with our blog regularly, you’ll remember our recent post about five great ways to introduce students to the world of Cyber Security. It can both start them down a path to great career opportunities and keep them safer in their personal digital activities. But it’s not just students who need help staying safe online. Everyone can benefit from Cyber Security training, including teachers, administrators, and other staff members in your school or district. As school employees, you have access to a great deal of very private, personal information, and we all need to arm ourselves with the best tools and habits to keep them secure.

 Macro Connect just launched a new training initiative in this very space. This program will help your teachers, administrators, and staff to better understand cyber risks, the tactics used by cyber criminals, and how to safeguard both your own personal information and that of your students and fellow employees. If your district is serious about digital security, we highly recommend that you consider a cyber security awareness program.

Just How Important Is Cyber Security?

Robust Cyber Security is critical to the safety and integrity of your school operations and student information. You’ve certainly heard about some of the major data breaches at financial and retail institutions over the last several years. In 2013, 40 Million US Debit and Credit card accounts were compromised by an attack on Target. In 2018, hackers stole the personal information, including passport and credit card numbers, of 500 Million Starwood Hotel guests.

It’s tempting to think that hackers wouldn’t bother with one school or a small school district, but there’s a well-documented increase in attacks on schools. 498 attacks since 2016 to be specific. Some scams redirect large contractor or partner payments to criminal bank accounts, costing schools and districts hundreds of thousands of dollars, not to mention the fear it creates in district stakeholders. One district in Texas lost over $2 million in an attack. Other attacks target the personal data of staff members, leading to payroll theft, identity theft, and even false tax returns.

Our New Cyber Security Staff Training Program

Macro Connect’s new Cyber Security Training Program is a robust curriculum of hands-on instruction as well as year-round monitoring, testing, and maintenance, with an emphasis on how day-to-day activities and habits can minimize cyber risk. The benefits are innumerable, especially considering the downsides associated with data breaches.  By participating in this program, you prove to organizational stakeholders that you’re acting and even being proactive about protecting staff and students. You also reduce your risk with metrics to prove it. Let’s take a deeper dive into the key activities and features of the program.

Key Risk Mitigation Activities

The program has four primary activities: Education, Prevention, Detection, and Response to Incidents. Together, these activities will give your school or district a strong Cyber Security framework and a powerful defense against attack. Each of these key activities has been developed through years of experience in dealing with Cyber Security issues and helping our partners across the region to build strong data protection systems.

• Education: Probably the most overlooked, yet most effective defense in Cyber Security is education. You can buy fancy tech at the network level, but over half of data breach incidents in 2018 were carried out by or directly caused by the actions of staff members. In short: user error. Everyone in your organization has a role to play in keeping data safe so we work to increase employee awareness of risks and train them in ways to avoid or reduce those risks. We couple onsite and virtual training to show staff the most common tactics used by cyber criminals and how to recognize them, avoid them, and report them. Cyber criminals have become very sophisticated, setting up elaborate ruses that can fool even savvy internet users. But with increased awareness of the risks, your staff will gain a certain level of suspicion that can help raise red flags much more quickly. It’s better to be safe than sorry.
• Prevention: Our security experts will be an ongoing resource for you as you make decisions and establish digital policies for your school or district. We’ll be there to identify gaps in new or even existing processes and help you close them to eliminate unnecessary risks. Our best practice guidelines and experienced team will also help design and maintain a hardware and software environment that is secure against intrusion even when some mistakes are made. Things like firewalls, password protection software, and data backups help guard against unavoidable human error.
• Detection: Advanced software and regular monitoring by our Support team will detect signs of malicious activity quickly so that we can try to stop it before damage is done. Monitoring measures also help identify gaps in the system so that we can secure them, avoiding issues from happening in the first place.

Response to Incidents: In the inevitable event of a cyber breach, rapid response is key. Identifying the processes, resources, and people within your response plan and actually practicing those activities minimize the potential for major damages.

Security Alignment Manager (SAM) Audits

Each school or district that enrolls in our Cyber Security program will have an assigned Security Alignment Manager. Part of that manager’s responsibility will be to conduct ongoing analysis and reporting of your system so that you have the information you need to make great decisions. We compare your data environment to industry standards and make recommendations to keep you one step ahead of the newest cyber security tactics and threats.

• Security Policy
• Asset Management
• Physical Environment
• Connectivity
• HR & Access Control
• Encryption
•  Incident Response 
• Email & IM
• Vulnerability Monitoring

An important part of this process is the presentation of results. One of our vCIOs translates the technical jargon into layman’s terms so you can understand how these risks affect your educational environment. This formal presentation also gives all stakeholders a quantitative measure of progress in each area, as improvements and training are implemented.

A Closer Look at Email Security

Fraudulent emails (phishing) are the most common form of attack. A full 65% of Cyber Security professionals said that their organizations dealt with a phishing attack in 2018 alone. Today’s cyber criminals know how to trick users into giving out personal information or passwords without anyone realizing what they’ve done. Our multi-pronged approach to keeping you safe includes phishing simulations that guide staff members through the warning signs, on-site training with staff members, and ongoing virtual training modules. Criminal tactics are always changing, so multiple touchpoints makes sure your staff is always up to speed.

The basis of the training program revolves around a 30+ question assessment of skills and habits that all staff members will complete on Day 1. It assesses awareness and vulnerability in phishing, public wifi, cloud security, working remotely, internet and email usage, removable media, social engineering, social media, secure passwords, mobile device security, and more. We then use the results of that survey to provide both general training to the entire staff and personalized online training based on the user’s needs.

To test everyone’s knowledge, we follow up on the training with our own staged phishing attacks using the same tactics used by criminals. People will get emails that simulate common scenarios like: an attachment shared by the Superintendent, a Google Doc link provided by a principal, a limited time offer from a vendor for discount school supplies, etc. At some point, they’ll be asked for personal information, sometimes two or three clicks deep into a very legitimate looking website. You’d might never realize it’s a scam. We follow up on these assessments with regular reporting of staff performance during our fake attacks as well as additional online training for users who fail. Over the course of the year, we document performance to show progress and identify areas of concern.