Independent schools are increasingly relying on technology and electronic data to manage every aspect of school operations, including many that involve protected information. Activities that involve protected or sensitive data include making admission and financial aid decisions, guiding college searches, managing payroll, and reaching alumni. Independent school leaders must act to protect the school’s resources and information. The risks of reputational harm and financial losses following a cybersecurity breach have been made clear in recent years.

Further, independent school leaders must monitor developments in state laws requiring that school-collected data be safeguarded. The primary obligation for protecting data is assigned to the school, not to the company or organization the school selects for storing or managing data (e.g. a software company, data backup service, offsite storage, etc.). ATLIS is pleased to offer a Cybersecurity Recommendation guide for the community.

ATLIS members will receive a 25% discount on KnowBe4's KMSAT subscription levels. Additionally, ATLIS members will receive a 15% discount on PhishER and Compliance Plus purchases, and a 20% discount on KnowBe4 Compliance Manager (KCM) purchases. Members can log in here to learn more. 

Not an ATLIS member? Learn more or join now

CYBER SAFETY AND DATA PRIVACY CLEARINGHOUSE RESOURCES

Ankura, A Guide to Securely Working from Home.
ATLIS, "Asking Vendors the Right Questions About Data Protection
Center for Internet Security.
CoSN, Cybersecurity.

Cybersecurity & Infrastructure Security Agency

• Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
  
• Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data, 

• Cyber Risk Summary: Education Facilities Subsector, CISA, Findings and Executive Summary

The Daily Scam

• Scams Related to the Coronavirus Pandemic.

Susan Davis and Christina Lewellen, "Cybersecurity and Technology" in Paula Livingston Gaudet, Pamela Livingston Gaudet. Like No Other School Year: 2020
Federal Trade Commission, Consumer Information, Most Recent Scam Alerts.
Federal Trade Commission, Consumer Information,Avoiding and Reporting Scams
Ryan Gallagher, "Best Practices for Securing Your Virtual Classroom," Zoom Blog
Damien Barrett, Jimmy Cudzilo, Rebekah Daniell, Colleen McNeil, Ashley Reed, JC Rodriguez, Phil Zaubi, "Gamifying Cybersecurity," ATLIS Leadership Institute Project
Mary Beth Hertz,  "Cybersecurity as Curriculum," blog
The K12 Cybersecurity Resource Center, “The K12 Cyber Incident Map.”

Mitre ATT&CK Matrix

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

New Jersey Cybersecurity and Communication Integration Cell, "Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data” Joint Cybersecurity Advisory with the FBI, CISA, and MS-ISAC
Michelle Pacansky-Brock, 6 Tips to Deter Zoom-bombers in Times of Disruption, Creative Commons document.
"People Are Less Concerned with Their Cyber Safety Despite Significant Rise in COVID-19 Related Attacks," Security
SANS, Creating a Cybersecure Home, Securing the Human. Downloadable poster.
Stu Sjouwerman, "U.S. Homeland Security: Malicious Actors Expected to Focus Attacks On Teleworkers. Secure Your VPN," KnowB4 Blog
Student Data Privacy Consortium.
Student Privacy Pledge.
US Department of Commerce, National Institute of Standards and Technology, NIST Cybersecurity Framework.
U.S. Department of Homeland Security, Defending Against COVID-19 Cyber Scams.
U.S. Government, Cybersecurity and Infrastructure Agency.