This past January, GadellNet was pleased to host a number of technology, operations, and academic leaders from schools that we know and work with for a round-table discussion about security principles that are of the most importance to schools.
Given the increasing rate of school-focused cyberattacks, schools must take steps to …
- Educate their workforce and the children in their care
- Make policy decisions that begin to funnel the adoption of technologies through a vetting process
- Make configuration choices on devices and online systems that constrain user choices when it comes to approving, downloading, or installing applications, whether online or on devices
Our conversation seemed to focus on the following practical steps schools can take:
- Transition staff from saving passwords within their browsers to saving within a more secure password manager like LastPass.
- Evaluate password policy strength.
- Think about behavior change through the lens advocated by Chris and Dan Heath in their book “Shift” – lead the emotion, educate the reason, and shape the path. Security changes that can be implemented in seconds (like turning off the ability to save passwords in our browsers) are “shape the path” changes that can create havoc in terms of a person’s workflow and productivity. Connecting people to a cause that resonates with them, like child safety, is an important first step before security controls are put in place.
- Employ phishing training for staff, which builds productive paranoia of primary attack surface exploited by cyber criminals: email.
Our slide deck for the lunch and learn is below, complete with recommended frameworks and timely advice that Grant Schneider, CISO for the federal government, shared at two popular 2017 cybersecurity events.
We’re looking forward to our next school-focused technology lunch and learn!