
Independent schools are increasingly relying on technology and electronic data to manage every aspect of school operations, including many that involve protected information. Activities that involve protected or sensitive data include making admission and financial aid decisions, guiding college searches, managing payroll, and reaching alumni. Independent school leaders must act to protect the school’s resources and information. The risks of reputational harm and financial losses following a cybersecurity breach have been made clear in recent years.

Further, independent school leaders must monitor developments in state laws requiring that school-collected data be safeguarded. The primary obligation for protecting data is assigned to the school, not to the company or organization the school selects for storing or managing data (e.g. a software company, data backup service, offsite storage, etc.). ATLIS is pleased to offer a Cybersecurity Recommendation guide for the community.

ATLIS members will receive a 25% discount on KnowBe4's KMSAT subscription levels. Additionally, ATLIS members will receive a 15% discount on PhishER and Compliance Plus purchases, and a 20% discount on KnowBe4 Compliance Manager (KCM) purchases. Members can log in here to learn more.

CYBER SAFETY AND DATA PRIVACY CLEARINGHOUSE RESOURCES
Ankura, A Guide to Securely Working from Home. ATLIS, "Asking Vendors the Right Questions About Data Protection Center for Internet Security. CoSN, Cybersecurity.
Cybersecurity & Infrastructure Security Agency
The Daily Scam
Susan Davis and Christina Lewellen, "Cybersecurity and Technology" in Paula Livingston Gaudet, Pamela Livingston Gaudet. Like No Other School Year: 2020 Federal Trade Commission, Consumer Information, Most Recent Scam Alerts. Federal Trade Commission, Consumer Information,Avoiding and Reporting Scams Ryan Gallagher, "Best Practices for Securing Your Virtual Classroom," Zoom Blog Damien Barrett, Jimmy Cudzilo, Rebekah Daniell, Colleen McNeil, Ashley Reed, JC Rodriguez, Phil Zaubi, "Gamifying Cybersecurity," ATLIS Leadership Institute Project Mary Beth Hertz, "Cybersecurity as Curriculum," blog The K12 Cybersecurity Resource Center, “The K12 Cyber Incident Map.”
Mitre ATT&CK Matrix
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
New Jersey Cybersecurity and Communication Integration Cell, "Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data” Joint Cybersecurity Advisory with the FBI, CISA, and MS-ISAC Michelle Pacansky-Brock, 6 Tips to Deter Zoom-bombers in Times of Disruption, Creative Commons document. "People Are Less Concerned with Their Cyber Safety Despite Significant Rise in COVID-19 Related Attacks," Security SANS, Creating a Cybersecure Home, Securing the Human. Downloadable poster. Stu Sjouwerman, "U.S. Homeland Security: Malicious Actors Expected to Focus Attacks On Teleworkers. Secure Your VPN," KnowB4 Blog Student Data Privacy Consortium. Student Privacy Pledge. US Department of Commerce, National Institute of Standards and Technology, NIST Cybersecurity Framework. U.S. Department of Homeland Security, Defending Against COVID-19 Cyber Scams. U.S. Government, Cybersecurity and Infrastructure Agency.
|