After auditors highlighted security risks, one school was hacked, others left in fear.
Audits can be unpleasant. It's never fun to be judged. But it can be effective!
Schools in Baltimore County recently received their audit report. Later that same day, they got hacked.
“An incident like this becomes a case study,” - Spokesperson for Anne Arundel County Schools (Maryland)
This isn't the first time that a Maryland school has received a worrisome audit report. In fact, these audit findings quite commonly identify consistent security risks. Seems like an easy solution then, right?
Unfortunately, schools are notoriously tight on budgets. And educators are completely overwhelmed with the transition to online learning.
School systems lack the resources and support they need to adequately manage security risk.
After the Baltimore hack, Chip Stewart, Maryland's Chief Information Security Officer (CISO), received a steady stream of calls from IT chiefs from around the state.
Naturally, every IT manager wants to keep every employee and student safe. But they need a place to start. Cybersecurity is multi-layered, and it takes strong technology, policies and people.
Ultimately, the “first and last line of defense” is people. - Chip Stewart, Maryland CISO
We regularly see end user security training as a gap in audit reports. One point of good news is that this gap can be solved quite easily!
Whether you look at these audit reports, NIST's guidance or CISA's pointers, several items are clear:
1. End User Security Awareness Training
2. Two-Factor Authentication
(go deeper on these here)
These are items that consistently come up, and are your first steps to greater cybersecurity maturity in any organization.
The first step is training your team to avoid the initial Phishing email, the ones that school staff are getting every single day.
Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.
Start with a quick quote - hit us up