ReportWire

Tag: IT leadership

  • Resilient learning begins with Zero Trust and cyber preparedness

    [ad_1]

    Key points:

    The U.K.’s Information Commissioner’s Office (ICO) recently warned of a surge in cyberattacks from “insider threats”–student hackers motivated by dares and challenges–leading to breaches across schools. While this trend is unfolding overseas, it underscores a risk that is just as real for the U.S. education sector. Every day, teachers and students here in the U.S. access enormous volumes of sensitive information, creating opportunities for both mistakes and deliberate misuse. These vulnerabilities are further amplified by resource constraints and the growing sophistication of cyberattacks.

    When schools fall victim to a cyberattack, the disruption extends far beyond academics. Students may also lose access to meals, safe spaces, and support services that families depend on every day. Cyberattacks are no longer isolated IT problems–they are operational risks that threaten entire communities.

    In today’s post-breach world, the challenge is not whether an attack will occur, but when. The risks are real. According to a recent study, desktops and laptops remain the most compromised devices (50 percent), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Once inside, most attacks spread laterally across networks to infect other devices. In over half of these cases (52 percent), attackers exploited unpatched systems to move laterally and escalate system privileges.

    That reality demands moving beyond traditional perimeter defenses to strategies that contain and minimize damage once a breach occurs. With the school year underway, districts must adopt strategies that proactively manage risk and minimize disruption. This starts with an “assume breach” mindset–accepting that prevention alone is not enough. From there, applying Zero Trust principles, clearly defining the ‘protect surface’ (i.e. identifying what needs protection), and reinforcing strong cyber hygiene become essential next steps. Together, these strategies create layered resilience, ensuring that even if attackers gain entry, their ability to move laterally and cause widespread harm is significantly reduced.

    Assume breach: Shifting from prevention to resilience

    Even in districts with limited staff and funding, schools can take important steps toward stronger security. The first step is adopting an assume breach mindset, which shifts the focus from preventing every attack to ensuring resilience when one occurs. This approach acknowledges that attackers may already have access to parts of the network and reframes the question from “How do we keep them out?” to “How do we contain them once they are in?” or “How do we minimize the damage once they are in?”

    An assume breach mindset emphasizes strengthening internal defenses so that breaches don’t become cyber disasters. It prioritizes safeguarding sensitive data, detecting anomalies quickly, and enabling rapid responses that keep classrooms open even during an active incident.

    Zero Trust and seatbelts: Both bracing for the worst

    Zero Trust builds directly on the assume breach mindset with its guiding principle of “never trust, always verify.” Unlike traditional security models that rely on perimeter defenses, Zero Trust continuously verifies every user, device, and connection, whether internal or external.

    Schools often function as open transit hubs, offering broad internet access to students and staff. In these environments, once malware finds its way in, it can spread quickly if unchecked. Perimeter-only defenses leave too many blind spots and do little to stop insider threats. Zero Trust closes those gaps by treating every request as potentially hostile and requiring ongoing verification at every step.

    A fundamental truth of Zero Trust is that cyberattacks will happen. That means building controls that don’t just alert us but act–before and during a network intrusion. The critical step is containment: limiting damage the moment a breach is successful.  

    Assume breach accepts that a breach will happen, and Zero Trust ensures it doesn’t become a disaster that shuts down operations. Like seatbelts in a car–prevention matters. Strong brakes are essential, but seatbelts and airbags minimize the harm when prevention fails. Zero Trust works the same way, containing threats and limiting damage so that even if an attacker gets in, they can’t turn an incident into a full-scale disaster.

    Zero Trust does not require an overnight overhaul. Schools can start by defining their protect surface – the vital data, systems, and operations that matter most. This typically includes Social Security numbers, financial data, and administrative services that keep classrooms functioning. By securing this protect surface first, districts reduce the complexity of Zero Trust implementation, allowing them to focus their limited resources on where they are needed most.

    With this approach, Zero Trust policies can be layered gradually across systems, making adoption realistic for districts of any size. Instead of treating it as a massive, one-time overhaul, IT leaders can approach Zero Trust as an ongoing journey–a process of steadily improving security and resilience over time. By tightening access controls, verifying every connection, and isolating threats early, schools can contain incidents before they escalate, all without rebuilding their entire network in one sweep.  

    Cyber awareness starts in the classroom

    Technology alone isn’t enough. Because some insider threats stem from student curiosity or misuse, cyber awareness must start in classrooms. Integrating security education into the learning environment ensures students and staff understand their role in protecting sensitive information. Training should cover phishing awareness, strong password practices, the use of multifactor authentication (MFA), and the importance of keeping systems patched.

    Building cyber awareness does not require costly programs. Short, recurring training sessions for students and staff keep security top of mind and help build a culture of vigilance that reduces both accidental and intentional insider threats.

    Breaches are inevitable, but disasters are optional

    Breaches are inevitable. Disasters are not. The difference lies in preparation. For resource-strapped districts, stronger cybersecurity doesn’t require sweeping overhauls. It requires a shift in mindset:

    • Assume breach
    • Define the protect surface
    • Implement Zero Trust in phases
    • Instill cyber hygiene

    When schools take this approach, cyberattacks become manageable incidents. Classrooms remain open, students continue learning, and communities continue receiving the vital support schools provide – even in the face of disruption. Like seatbelts in a car, these measures won’t prevent every crash – but they ensure schools can continue to function even when prevention fails.

    Latest posts by eSchool Media Contributors (see all)

    [ad_2]

    Gary Barlet, Illumio

    Source link

  • The looming threat that could worsen the digital divide

    The looming threat that could worsen the digital divide

    [ad_1]

    Key points:

    In an era where technology plays a pivotal role in education, the expiration of the E-rate program’s Emergency Connectivity Fund (ECF) funding poses a significant threat to underserved schools and libraries. This funding, which was crucial in bridging the digital divide, now stands at a crossroads, potentially leaving many educational institutions grappling with outdated technology and hindering access to the digital resources necessary for effective learning.

    While the stakes are high and a potential crisis may be looming, there are several solutions to mitigate the impact on underserved areas as we transition to a post-ECF era.

    The role of ECF funding in schools and libraries

    For context, the E-rate program, established in 1996 as part of the Telecommunications Act, aimed to ensure affordable access to modern telecommunications and information services for schools and libraries. Over the years, the ECF component of E-rate emerged as a lifeline for schools and libraries, particularly in economically disadvantaged communities. This fund addressed the digital divide by providing financial support for broadband connectivity, Wi-Fi hotspots, and connected devices such as laptops and tablets.

    ECF funding has played a pivotal role in transforming underserved schools and libraries into tech-savvy hubs of learning. It enabled these institutions to acquire up-to-date technology, offering students and community members access to a wealth of information and educational resources. This funding helped level the playing field, especially during the COVID-19 pandemic, ensuring that students from all backgrounds had equal opportunities to excel when digital education was the only option to continue learning.

    The expiration threat

    Now, with the expiration of ECF funding, it brings with it myriad challenges, primarily centered around the potential exacerbation of the digital divide. Without continued financial support, schools and libraries may struggle to maintain or upgrade their technological infrastructure. This could result in a regression to outdated systems, hindering the ability of students and community members to engage in new and evolving educational needs.

    Concern also has been raised about the potential lack of access to technology becoming a far-reaching consequence for underserved communities. If educational opportunities become limited, students’ ability to develop essential digital skills necessary for success in the workforce may be hindered. Moreover, the potential digital divide is likely to extend beyond the classroom, affecting adults who rely on these institutions for access to online job searches, healthcare information, and government services. The long-lasting effects could perpetuate a cycle of poverty and limit the socio-economic growth of these communities.

    Solutions to bridge the gap

    To address the impending digital crisis, several solutions can be explored. Advocacy for the extension or renewal of ECF funding is a critical step. Policymakers must recognize the fundamental role that technology plays in education and prioritize continued support for underserved areas. Additionally, partnerships between private and public sectors can contribute to sustainable funding models that ensure ongoing access to technology for these institutions.

    Another innovative approach involves the recycling and upcycling of technology. Instead of disposing of outdated devices, schools and libraries can explore programs that refurbish and repurpose technology. Technology trade-in partners can be a valuable resource and help schools put funds back into budgets to cover the cost of new technology purchases. They are able to conduct a comprehensive assessment of a school’s device inventory, taking into account the age, condition, and compatibility with the latest software to give a clear understanding of the potential value if upcycled. That means devices that still have useful life are refurbished and put into the hands of individuals and organizations who might not otherwise be able to afford the technology.

    Sustainability also is an important consideration and technology trade-in partners can develop sustainable technology plans for schools and libraires. These plans help organizations determine the right devices to purchase, when to sell them at the optimal point in their useful life, and how to reinvest those funds into new technology. The right decisions at each step in the process can put significant money back into budgets and keep the best technology in the hands of schools and libraires. Ensuring that the digital divide is closed, and students continue to elevate their education.

    Additionally, these initiatives also can be designed to engage students, teaching them about the importance of sustainability while providing hands-on experience in refurbishing electronic devices.

    The expiration of ECF funding poses a substantial threat to the strides made in narrowing the digital divide in underserved schools and libraries. It is imperative that stakeholders recognize the vital role technology plays in education and community development. Advocacy for continued funding and utilizing technology trade-in partners are essential components of a comprehensive strategy to ensure that these institutions continue to thrive in the digital age. By addressing these potential challenges head-on, we can work toward a future where all students, regardless of their economic background, have equal access to technology and educational opportunities.

    Latest posts by eSchool Media Contributors (see all)

    [ad_2]

    Diamond McKenna, Co-Founder, Diamond Assets

    Source link