Cybersecurity: 4 Tips to Reduce the Risk of Malware and Other Intruders at Your School District

CPAs & Advisors

Timothy Crosson Jr.
Timothy Crosson Jr. CPA Principal CPAs & Advisors

Print Friendly, PDF & Email

School district technology teams continue to face numerous challenges as information technology and its risks develop rapidly. Students and teachers likely use various equipment and operating systems, including Windows, macOS, Chrome, Android and iOS, each with its own security risks and vulnerabilities. Software requires frequent monitoring for updates and patches, which may have unknown effects on other hardware or software the school district uses. Many users accessing the school district’s network will be legitimate users, but additional remote users and publicly accessible wireless networks make the school district vulnerable to intruders.

Although your school district likely has some controls in place to monitor these risks, your technology team cannot rely on best practices of the past. Failure of your technology team to focus on changing technology and controls can have serious consequences. For example, cybersecurity insurance is a common tool school districts use to mitigate loss related to malware and loss of data. However, the latest trend is that insurers provide coverage based on risk; a school district that cannot sufficiently demonstrate a response to significant information technology risks could be denied coverage or face a substantial increase in cost. Also, malware that locks your files in exchange for money continues to become more aggressive. In the past, backups were the best way to avoid having to pay to restore access to files, but malware has demonstrated the ability to infect network-connected backups.

The controls and infrastructure to mitigate information technology risks can be comprehensive and specific to each school district’s software and hardware environment. However, your technology team could use several simple and cost-effective tools to reduce the risk of malware and network intruders.

  • Enforce passwords meeting minimum complexity requirements, including minimum length and a combination of lower and uppercase characters, numbers and special characters for software and network access. Passwords should automatically require changing at reasonable intervals.
  • For most software and website access, passwords alone are not enough. The school district should require the use of multi-factor authentication, preferably via an authentication app on a phone, whenever possible. This reduces the risk that an intruder would gain access to secure information if a password were to be compromised.
  • Automatic backups should occur frequently and at regular intervals. Keep a backup offline and away from network access in the event malware affects your network and your automatic backups. Backups should be tested and restored regularly to ensure they function as intended.
  • Educate your employees on what risks they face and how their actions can impact their data and the school district’s data. Hackers can invade your systems and bypass security with malicious emails that look legitimate but instead lock files or gain access to sensitive information. Programs such as KnowBe4 offer low-cost training via short videos that help employees detect red flags and delete the emails before clicking on them. Contact your Yeo & Yeo professional if you would like more information about the Security Awareness Training program.

Want To Learn More?

Connect with one of our professionals today.