The Changing Face of Cyber Insurance in K–12 — THE Journal | #emailsecurity | #phishing | #ransomware


Data Security

The Changing Face of Cyber Insurance in K–12

If you’re relying on an insurance policy to rescue you in the event of ransomware or a data breach, it’s time to rethink your cybersecurity strategy.

Cybersecurity
insurance has become as complicated in K–12 as fire insurance in
rural California. You need it. Insurance carriers are giving a
jaundiced eye to how well prepared you are. And you may find yourself
receiving notification that you’re going to be dropped if the numbers
don’t pencil out or if you don’t prepare the way insurers expect you
to.

But unlike wildfire,
which can quickly grow beyond human control, cybersecurity is
something schools can get better at if they just give it the
attention it deserves.

According to K12
SIX, 2020 “saw a record-breaking number of
publicly disclosed school cyber incidents,… resulting in school
closures, millions of dollars of stolen taxpayer dollars and student
data breaches directly linked to identity theft and credit fraud.”
This year, the share of attacks on schools has
already grown an estimated 17%.




While in the past
many districts may have believed they were protected from feeling the
financial impacts of a cyber hit because they had cyber insurance to
cover the risks, “that model is no longer viable either for
organizations or for insurance providers, given the vast increase in
cybersecurity attacks,” according to Amy McLaughlin, a subject
matter expert in cybersecurity at the Consortium
for School Networking (CoSN).

Recently, McLaughlin
hosted a webinar
for CoSN members featuring a panel of district leaders, to look at
how cybersecurity insurance is evolving in an increasingly risky
environment.

‘Everything
Changed’

This year, when it
came to filling out cyber insurance paperwork, education has seen
“everything change,” said Rod Russeau, director of
technology and information services at Community
High School District 99, in Downers Grove, IL. From a
page of questions that were “relatively basic and pretty easy to
answer” in years past, this year’s questions took up multiple
pages, Russeau said. And there was a lot of “back-and-forth with
the insurance providers to clarify certain answers.”

The big areas of
focus were multifactor authentication (MFA), policies and procedures,
backup processes, user awareness and training and endpoint detection
and response (EDR) systems.

Tony Harvey, chief
information officer for Indiana’s Muncie
Community Schools, had to reckon with a lot of “not
typical” questions, such as whether data at rest and data in
motion were encrypted. “I wonder how many schools encrypt data
at rest and in motion or even know about it,” he said. “Those
were the kinds of questions asked that were not part of the last
questionnaire.”

Cybersecurity Resources

At the end of
October, CoSN will be hosting a three-day
virtual workshop on creating cybersecurity and incident response
plans.

CoSN just began its
latest course on advanced
persistent prevention for K–12. This program runs
for seven weeks and covers three areas: network security, risks and
controls, and vulnerabilities and mitigation.

Also, CoSN is
offering a recorded
version of the cybersecurity insurance webinar.
Additional cybersecurity resources are available on
the CoSN website.

MS-ISAC
offers free membership to any public K–12 school or district. Not
only will the organization help you prepare for an incident, they’ll
come to the rescue as advisors when you’ve had one.

K12
SIX is a membership of K–12 information security
professionals. While there is a fee to join, based on the size of the
district, the organization also issues publicly available resources,
including its most recent: a series of cybersecurity guidance and
best practice resources.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

six + = 11