You May Be Your School’s Greatest Risk

You love your school. I know, every organization has its days where you may not love it as much, but our love for our school, our students, families and staff is really what keeps us going. The joy of students learning fills our hearts. The satisfied pride and humbling honor that comes from a parent telling you that your school changed their child’s life can bring us to our knees. This is why we do what we do. But this doesn’t just happen on its own. School leaders are constantly working in the background, often thanklessly, on important foundational needs, such as facilities, finance, maintenance and security. All of the “good stuff” we are seeking ultimately requires a necessary precondition of comfort and trust.

Transparency and open communication are powerful allies in growing comfort and trust in our communities. New tools in communication and information make it easier for us to share, collaborate and build together. This is good. It feels right, and it is so consistent with the goals of developing educated, prepared and happy children. However, it comes with a threat that can strike a terrifying blow to the very foundation on which that trust rests. The more information you have access to, the bigger the threat you are.

Many of us are aware that cybersecurity and data protection are a threat, but too often, school leaders see this as something they can outsource to their tech director or an outside vendor to “solve for them.” They are partially correct. Many technology tips and tools can be implemented to mitigate risk. However, technology stands little chance of protecting your community against what could be its greatest threat, you.

Sounds ominous, doesn’t it? 

This isn’t an attempted scare tactic, and I will discuss remedies to this threat below, but it is important that as school leaders and privileged data users we understand the threat we individually present. In order to do our jobs, many school leaders and privileged data users, such as registrars, counselors, executive assistants, have access to lots of sensitive information. According to our Technology Impact and Efficacy Assessment, most independent schools have reasonably strong technology tools and best practices in place. However, 1 in 3 of those schools reported experiencing negative impacts as a result of a cybersecurity incident. This was a 90% increase over the previous year!

Scams using social engineering have led many independent school leaders to give up passwords and bank accounts. School leaders have unintentionally installed software that gives bad actors access to their email accounts, student information systems, and advancement software. It is one thing to stop hackers at the door, through good firewall protection but it is another issue entirely, when we openly (albeit unintentionally) invite them in.

I have heard some school CFO’s say, “I have cyber insurance. I’m good.” They are partially correct. Cyber insurance can cover the direct financial impact of your incident which can be enormously helpful. We strongly recommend schools get cyber insurance. However, the hit to the foundations of comfort and trust can not be replaced with insurance. When families believe their information is (or could be) at risk in your community, this can have a negative impact on enrollment, collaboration and trust.

Start taking a comprehensive look at data and cybersecurity.

If you have not already done so, take time to review the Cybersecurity Best Practices, developed by the Association of Technology Leaders in Independent Schools (ATLIS). As a group of school leaders that work together to help other schools, we at Educational Collaborators have gone a step further. We assemble a team of a senior school leader, risk manager (often the business manager), privileged data users (often registrar and advancement services) and someone from IT. We guide that team through the ATLIS recommendations and ask them to respond to a self-reported assessment of cybersecurity best practices. We then score the responses to identify the greatest risks and “lowest hanging fruit” and put this into a Cyber Risk Dashboard. Our school cyber experts then design a roadmap for cybersecurity risk mitigation to get the school off and running in reducing their risk. 

The cybersecurity landscape is often changing and the road to protection is long. However, often, the hardest step is the first one. That first step is school leadership recognizing that data protection and cyber risks are foundational to their success with collaboration and trust. They must understand and act in ways that advance good data protection as a part of everyday life in a school. If you are not there yet, please get yourself there quickly!

In an effort to help schools move quickly, we are offering a special on the facilitation of our Cybersecurity Assessment and Dashboard to schools with enrollment under 500. This is only offered during October, which is Cyber Awareness Month. More details can be found at www.educollaborators.com/smallschoolcybermonth.

Whether you get help from Educational Collaborators, someone else, or tackle this on your own, I wish you the best in your journey. Your school needs this!

About The Author

Alex Inman

Founder and President of Educational Collaborators with over 20 years experience as teacher, tech director and senior administrator. NSBA “20 to Watch” and global presenter.