Tips for School IT Leaders
Education Cybersecurity Weekly is a curated weekly news overview for those who are concerned about Education industry. It provides brief summaries and links to articles and news across a spectrum of cybersecurity and technology topics that are specific to the industry.
Questions IT leaders need to ask about cybersecurity
e-School News on August 22, 2018
Educational institutions are not immune to cyber attacks, and addressing them comes at a price for the U.S. economy. The IT leaders should be proactive in asking the following questions to ensure that data security is taken seriously:
Q1: Are your password procedures up to speed?
Q2: Do you have a procedure for when people leave?
Q3: Does each employee have access to only what they need?
Q4: Do you provide proper training at all levels?
None of the procedures is expensive. Nonetheless, none will prove effective if schools and higher education organizations are not able to maintain control over its systems.
Florida’s latest cybersecurity training center
EdScoop on August 22, 2018
Florida’s latest cybersecurity training facility that is intended to help fill professional cybersecurity gaps opened on the campus of the Miami Dade College.
The training is ready for students, companies, and public sector organizations to certify cybersecurity professions. MDC’s cybersecurity center joins similar institutions at the University of South Florida and the University of West Florida.
Companies always value graduates with work experience, but in the world of cybersecurity its importance is tenfold.
Antonio Delgado, a dean at Miami Dade College in the release.
76 universities from 14 countries become victims
Indipendent on August 24, 2018
Universities and academic institutions around the world are targeted as part of a major campaign launched by Iranian hackers. The attackers aim to steal unpublished research and gain access to intellectual property.
Security experts discovered a series of attacks presumably performed by Cobalt Dickens group. Among victim organizations, there are 76 universities from 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States. Some of the affected institutions listed in the Times Higher Education Top 50. Within margins of the campaign, hackers created fake websites resembling login pages of the targeted universities. In case a user accidentally filled in their account name and passwords to the spoofed login pages, the credentials would have been passed to the malefactors.
The investigation is still ongoing into the security incident. Earlier this year, nine Iranians were charged by the US Justice Department for conducting a giant cyber theft campaign on behalf of the Iranian government. It remains unclear if these nine alleged cyber criminals took part in the previous attacks.
Bringing tech in the classroom
EdTech Focus on K-12 on August 27, 2018
A lack of student engagement originates from the fact that most teachers do not have the educational background of technology. Nonetheless, a more modern style of teaching demands the integration of classroom technology and empowers students to take hold of their own education.
Administrators should help teachers learn new educational tools to succeed in delivering innovation programs. For example, teachers are engaged in Chromebook training during the spring at Beekmantown Central School District in New York, giving them more time to learn the new technology.
Integrating tools separately is essential as teachers must have an opportunity to master one solution at a time.
Managing cyber risk
Education Dive on August 27, 2018
Some of the previous overviews touched upon the privacy issue every educational organization faces due to the amount of sensitive data its systems process. Therefore, this environment is highly regulated. The Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA) are not the only regulations. A school, which receives funds from the Education Department, must comply with the Family Educational Rights and Privacy Act (FERPA).
Term violation can result in tremendous penalties such as loss of federal funds. In addition,many universities must comply with the standards of the National Institute of Standards and Technology (NIST) when handling specific data.
CISOs (Chief Information Security Officers) in higher education can communicate cyber risk and improve their institutions’ security posture.