discover
R
Director of IT Services, North American Division of Seventh-day Adventists
ecently, there have been a crescendo of cyber security incidents in the news, from Ransomware attacks, to hacks, breaches, and exploits. These attacks have been targeting businesses, large and small, and more recently schools. Virtually every day we hear breaking news of some industry or school or government agency that has been compromised. These online threats are growing exponentially, as much of the world has been operating almost exclusively in the digital space due to the pandemic.
And as a Church, we too have moved many of our operations online during the past year. As Covid has pushed our schools and our ministries online, we know that our exposure to cyber incidents has never been greater! How do we protect and secure our schools and our students?! What follows are 5 strategies and best practices to better secure our schools:
Finally, let’s not forget the most critical step we can take! And that is to commit all we do to the Lord, asking Him to safeguard and protect His schools and His kids! The truth is, no matter what cyber security plans we make, or what defenses we put into place, without the Lord protecting and sustaining HIS Work, HIS Church, and HIS Schools, all of our best efforts will be in vain. We are reminded of this fundamental truth in Psalms 127:1
It is our daily prayer that the Lord gives us wisdom, and a double portion of His Spirit, so that we may do all we can to safeguard and protect that which He has entrusted to us. Know that we are praying for you here at the North American Division.
Today, 94% of all malware is now delivered via email! Email! And Phishing (fake) emails now account for 80% of all reported security incidents. Our teachers and our school staff are under attack! Let’s give them the tools they need to defend their students and the school community! Programs such as KnowBe4 and Proofpoint are extremely effective in “inoculating” our staff against malicious emails and online threats. This is the first layer of defense, and it’s the most important!
Once a bad guy is on your school network, the battle is nearly lost! And worse yet, you likely will not know when the bad guy actually entered the network! One of the most common ways these maliciously minded people gain access to school networks is through default passwords. Having a default password is like having no password! Open or Unprotected Wi-Fi networks are a hacker’s playground! Let’s not let them play in our schools!
MFA has become the single most effective tool we can use to secure our online accounts, and prevent account hi-jacking. Before the North American Division office required MFA on all Office 365 email accounts, we experienced an account seizure almost once per month. Hacked email accounts are a huge problem for schools (and the Church!), as invariably reputational harm can result, not to mention the unauthorized disclosure of school and student information. Create a school policy that all school email accounts are protected by MFA, regardless of the email provider (Google, Office 365, etc.). This is the single most effective thing you can do to protect your online accounts. This is also true for your banking and business accounts as well!
This committee should define policies and procedures to protect and secure the school. The school’s cyber security committee should first identify what needs to be protected (student records, financial records, employee records, etc.) and create a strategy for protecting those resources. Above all else, have a plan! As they say, failing to plan is planning to fail! Your Conference, Union, and the North American Division can help you through this process. Relatedly, make sure that your conference has Cyber Security Insurance. Adventist Risk Management provides cost effective Cyber Security Insurance.
No security best practice list would be complete without patching! Set your Windows and Mac Desktop and Laptop computers to auto update. The vast majority of exploited operating system vulnerabilities have already been patched by the vender (Microsoft, Apple, etc.), but the exploit occurred on an unpatched computer! Automatic Updates are the answer! It takes only moments to enable “set it and forget it” automatic updating, and it can make a world of difference!
Top 5 School Security
Best Practices
Start a teacher and staff security awareness training program, such as KnowBe4 or Proofpoint.
Be sure to change default passwords to school Wi-Fi networks, routers, firewalls, etc.
Implement MFA (multi-factor authentication) everywhere!
Work with your School Board to establish a Cyber Security Committee
Keep your computers patched and updated!
1
2
3
4
5
Unless the Lord builds the house,
the builders labor in vain.
Unless the Lord watches over the city,
the guards stand watch in vain.” (NIV)
Fall 2021