The Situation
The January 30, 2021 ransomware attack on the Victor Central School District located near Rochester, New York, was an unwelcome reminder of the looming cyber threats that can impact education at any moment. In recent years, malicious actors have viewed schools as prime targets, hoping to steal student data and sell it on the dark web or hold it hostage until a ransom is paid. The results can incapacitate an entire school community for weeks and even derail the credit scores and financial security of those whose data was stolen for years to come.
The Challenge
School districts in Central New York face growing challenges with securing sensitive data from similar attacks, especially as budgets tighten and security threats escalate. In addition to the work school districts are doing daily to combat potential cybercrimes, they are also working to implement the NYSED data privacy regulations including the NIST (National Institute of Standards and Technology) framework. As such, while district IT leaders are scrambling to patch vulnerabilities and block phishing emails, they are simultaneously trying to implement better governance to move their organizations to a stronger security posture. This creates a challenging environment that requires ample time, resources, and skill to navigate.
The Solution
M.A. Polce has developed a new security service that allows school districts to customize a program that addresses both NYSED compliance and immediate threat prevention. This was the result of collaboration with school district administrators and technology coordinators. The cornerstone of the service is a comprehensive NIST assessment that starts the process toward greater awareness of the organization’s security risks. It includes vulnerability tests to identify weaknesses in the technology infrastructure and a detailed analysis that rates the benefits of mitigating an issue against the financial impact of doing so. This allows district administrators to prioritize the work that needs to be done. Engineer hours that can be used for assistance with fixing high-risk vulnerabilities are included, as well as a 24x7x365 retainer to call on M.A. Polce security specialists should a critical security event arise. The service was built with a “security partnership” in mind so districts are not alone in the fight to keep instruction running and their data secure.
