MFA Task Force Evaluates Options for K-12 Districts

The 2020 Pandemic flipped the world upside down and to find any semblance of normalcy, the world turned to technology even further. Every industry was affected by this pivot and arguably none more than Education. And what more, cybercriminals and their threats dramatically rose to meet the unplanned technology changes across schools worldwide. And because of this, Forward Edge looked into what they could do, to help schools limit their exposure to this increased threat.

Problem

Education typically has less funding and less hardened infrastructure against cyber threats than other industries which leads threat actors to prey on the easier target. Given that schools work with sensitive student data every day, schools must find solutions to better protect that data for their future and more importantly, the futures of their students.

  • The best possible solution would include a massive upgrade to their entire infrastructure and a dedicated cybersecurity team focused on the protection of their schools but the cost of such a solution would be unattainable for a majority of organizations.
  • A common solution is cybersecurity insurance, so in the aftermath of cyberattacks, schools can lean on their policies to recover from those threats, but this doesn’t necessarily resolve their problem.
  • Because of the increased threats worldwide, even the insurance landscape has evolved and will continue to do so. And those looking for this protection will require implementing cybersecurity initiatives to keep up with insurance requirements over time. Without these changes, schools could lose access to this protection.

Development

So what can school organizations do to protect themselves from increased levels of cyber threats and maintain a balance with their budgets to meet these threats?

  • While schools can’t fully fund vast solutions to protect themselves and their students, they can look to forecast changes and budgets over time to find a healthier security posture.
  • Amongst the options in security postures, lies one that can help prevent rampant exploitation and none more accessible or more cost-efficient than Multifactor Authentication.
  • Multifactor Authentication (MFA) is a method that requires a user to provide two or more steps of verification to gain access to a resource. Through this method, any organization can decrease its vulnerability to a cyberattack.

Analysis

Through the concentrated efforts of several experts from the team at Forward Edge, School representatives, and many 3rd-party solutions, we pulled together a task force to focus on the problems faced by K-12 organizations and answer those pivotal questions.

  • Can MFA be used to better secure school resources and provide better protection against sensitive data for students and staff? Absolutely. It provides a more secure layer of protection for access and acts as an additional deterrent for would-be attackers.
  • Can we find or determine realistic solutions that wouldn’t break the bank for schools and wouldn’t overwhelm their current culture and practices? Could we also find a solution to help deter the future would-be threats?
  • And lastly, what solution could we find that would satisfy a majority of cyber insurance requirements and allow for long-term viability? Could we find a solution that could support an organization and continue meeting future changes to insurance policies?

Solution

Through a long process of research and development, Forward Edge was able to land on a solution that provided the above needs for the current schools they support and future potential schools. The following methods supported our process of finding that solution.

  • The task force spent time looking over current and past trends of attack vectors on school organizations and how they were successful in their attacks. The most common being the ability to exploit untrained staff and easy-to-crack account passwords. Other trending methods included Phishing and Malware.
  • The task force spent a significant amount of time testing several different solutions from one extreme to the next, some new, some old, all the way to the most popular to figure out which solution best fit the culture and infrastructure of a school organization.
  • Based on the fact-based trending needs of organizations and the solutions tested, the task force then built a grading rubric and matrix for all these solutions to help determine the best possible solution to fit the current needs of an organization and the ability to fulfill current insurance requirements now and into the future.

Conclusion

As the predatory actions of cybercriminals continue to focus on the Education sector, school organizations are forced to look into finding better practices or solutions to support their infrastructure and the protection of their students. Through the focused research and collaboration of the Forward Edge task force, we were able to determine that to better serve schools, we must find solutions that can not only protect school organizations through better security posture practices but also find solutions that can meet insurance requirements for the long term.

As the world becomes more saturated with technology, so does the burden of cybercriminals and their focus on easy prey, so to better protect ourselves it is best to continue spending efforts on finding solutions that best fit particular industries because not all solutions fit all.