How Cybersecurity Relates to Risk Management
School boards must manage other risks in addition to cyber threats that can often take priority over cybersecurity efforts. However, in the digital age we all live in, cyber risk is everywhere and is likely tied to other risks, like reputational risk, complying with laws and requirements and student safety. School boards that choose to use insecure tools for collaboration and communication are putting themselves and the district at large at serious risk. Public file-sharing apps create many problems for public education boards. While they might save money and store data in an easily accessed forum, they also make your sensitive board information a soft target for cybercriminals.
Already one of the most targeted groups for cyberattacks, school boards can’t afford the added risk that insecure file-sharing apps inevitably present. Finding a way to incorporate cybersecurity into risk management to create a strong cyber risk management framework is an effective way to safeguard district information and bring more efficiency to the boardroom through the right digital tools.
How the Right Technology Improves Cybersecurity
School boards often must work within tight budgets that can restrict their options when it comes to paperless meeting technologies, also known as board management software. While some boards may just decide to live with the bare minimum features and functionality that free board management software affords, they are doing themselves a huge disservice by drastically increasing their risk of cyberattack. There are numerous dangers associated with free board management software and it can end up costing boards more money in the long-run.
School boards are public entities and therefore must readily provide required information to the public on a regular basis, which often includes meeting agendas, meeting minutes, meeting location and details and other public announcements. When operating within an entirely paper-bound system, however, leaving paper trails can be extremely risky and leave room for more private information – like that of students, their families and other sensitive data – to get into the hands of the wrong person. Similarly, when operating within an insecure board management system, while paper trails are eliminated and some aspects of board work are automated, school boards simply do not have enough of a safeguard to protect against any cyber threats that might occur. Going digital is a smart decision for school boards, but ensuring that the digital tools are actually secure and effectively protect the district from cyber risk is even more important.
Establishing Board Cybersecurity Trainings and Policies
Towards the end of 2018, the San Diego Unified School District had ten years’ worth of records containing personal identifying information on 500,000 students and staff hacked into and stolen. This incident marks one of the all-time largest data breaches of a school district, and the damage is still running deep. In order to first develop and then comply with an effective, defensive technology policy, school board members need a proper cyber training program. Cybersecurity trainings that align with sound cyber policies position school boards to be more nimble when responding to an attack. Once the right policies are in place, this will also prevent school boards from leveraging any insecure online board meeting tools that don’t meet required cybersecurity standards.