Cybersecurity Recommendations
Independent schools are increasingly relying on technology and electronic data to manage every aspect of school operations, including many that involve protected information. Activities that involve protected or sensitive data include making admission and financial aid decisions, guiding college searches, managing payroll, and reaching alumni. Independent school leaders must act to protect the school’s resources and information. The risks of reputational harm and financial losses following a cybersecurity breach have been made clear in recent years.
Further, independent school leaders must monitor developments in state laws requiring that school-collected data be safeguarded. The primary obligation for protecting data is assigned to the school, not to the company or organization the school selects for storing or managing data (e.g. a software company, data backup service, offsite storage, etc.). ATLIS is pleased to offer a Cybersecurity Recommendation guide for the community.
Join industry experts to hear the latest information about this critical topic.
Fall 2021 Cybersecurity Update
November | 3pm EDT
Spring 2022 Cybersecurity Update
March 30 | 3pm EDT
CYBER SAFETY AND DATA PRIVACY
Updated August 5, 2021 SD
Ankura, A Guide to Securely Working from Home.
ATLIS, "Asking Vendors the Right Questions About Data Protection," ATLIS Blog, 11 December 2021.
ATLIS Cybersecurity Recommendations, (Revised October 2020).
Center for Internet Security.
CoSN, Cybersecurity.
Cybersecurity & Infrastructure Security Agency
The Daily Scam
Susan Davis and Christina Lewellen, "Cybersecurity and Technology" in Paula Livingston Gaudet, Pamela Livingston Gaudet. Like No Other School Year: 2020, COVID-19, Product Value Solutions, 2020.
Federal Trade Commission, Consumer Information, Most Recent Scam Alerts.
Federal Trade Commission, Consumer Information,Avoiding and Reporting Scams
Ryan Gallagher, "Best Practices for Securing Your Virtual Classroom," Zoom Blog, 27 March 2020.
Damien Barrett, Jimmy Cudzilo, Rebekah Daniell, Colleen McNeil, Ashley Reed, JC Rodriguez, Phil Zaubi, "Gamifying Cybersecurity," ATLIS Leadership Institute Project, March 2021.
Mary Beth Hertz, "Cybersecurity as Curriculum," blog, 25 February 2021.
The K12 Cybersecurity Resource Center, “The K12 Cyber Incident Map.”
Mitre ATT&CK Matrix
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
New Jersey Cybersecurity and Communication Integration Cell, "Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data” Joint Cybersecurity Advisory with the FBI, CISA, and MS-ISAC, 10 December 2020.
Michelle Pacansky-Brock, 6 Tips to Deter Zoom-bombers in Times of Disruption, Creative Commons document.
"People Are Less Concerned with Their Cyber Safety Despite Significant Rise in COVID-19 Related Attacks," Security, 20 October 2020.
SANS, Creating a Cybersecure Home, Securing the Human. Downloadable poster.
Stu Sjouwerman, "U.S. Homeland Security: Malicious Actors Expected to Focus Attacks On Teleworkers. Secure Your VPN," KnowB4 Blog, 14 March 2020.
Student Data Privacy Consortium.
Student Privacy Pledge.
US Department of Commerce, National Institute of Standards and Technology, NIST Cybersecurity Framework.
U.S. Department of Homeland Security, Defending Against COVID-19 Cyber Scams.
U.S. Government, Cybersecurity and Infrastructure Agency.
|
