asbointl.org SCHOOL BUSINESS AFFAIRS | FEBRUARY 2020 21 • Use good data encryption services, features, and fire- walls that focus on cloud application security, as well as network or endpoint security, and continuously monitor for vulnerabilities and potential breaches. • Use additional security measures that are included with purchased software packages in conjunction with other security measures your IT team has put in place. • Have IT specialists conduct a forensic audit of your school district’s technical systems with assistance from third-party experts. • Collaborate with other area school districts to get technical expertise and IT security advice to help pro- tect your IT environment. • Insist that IT staff members implement the latest cybercrime and industry deterrents and security features. • Back up all databases daily and verify that backups will properly restore all data in the event of a breach. • Establish a breach protocol so your district knows what to do and how to quickly restore services and data and to notify users should a breach occur. • Provide ongoing staff training on email, messaging, browser, and cybersecurity. In addition to these measures, districts should consider the cost-effectiveness of obtaining a cybersecurity insur- ance policy with a deductible the district can afford. The question is not whether a school district will experience a cyber threat, it’s when it will experience a cyber threat and how it will recover. Best and Worst of Times Now is definitely the best of times for technology users who can take advantage of the many advances that enhance workforce productivity, such as applications in the cloud, collaborative technology tools, connections of personal devices to corporate networks, and the availability of data to many end users at the touch of a button. Education-oriented cloud technologies like Google’s G Suite and Microsoft 365 are as essential to 21st-century K–12 education as composition notebooks and pencils were in the past. However, without good data safety and security measures, it can also be the worst of times as increas- ingly innovative hacking schemes improve the odds of a school’s data finding their way into the hands of criminals. When many users access data from the school’s cloud, the school risks increased exposure to hackers. Students or staff may even click on a phishing link at home and inadvertently grant hackers access to the district’s cloud environment. Pre-emptive Strikes Data loss prevention must be a priority in every school district. Data security and privacy requirements are man- dated by numerous statutes (e.g., Family Educational Rights and Privacy Act, Children’s Internet Protection Act, Children’s Online Privacy Protection Act, and Health Insurance Portability and Accountability Act) and under some of those regulations, school districts can be fined for each lost or stolen record. When schools are forced to shut down for days because of ransomware attacks, the academic achieve- ment of students is compromised. It is up to school administrators to balance the best of our technologi- cally advanced time with the worst this era has to offer. School districts that focus on prevention strategies that ensure data safety and security will stop hackers before they can do harm. References Coats, K. 2019. The Cyber Threats Every Company Should Know About. Forbes Councils Blog , August 16. www.forbes.com/sites/ forbestechcouncil/2019/08/16/the-cyber-threats-every-company- should-know-about/#e12200210c21. Morgan, S. 2019. 2019 Official Annual Cybercrime Report. www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG- 2019-Official-Annual-Cybercrime-Report.pdf. Powell, M. 2019. 11 Eye-opening Cyber Security Statistics for 2019. CPO Magazine . June 25. www.cpomagazine.com/ cyber-security/11-eye-opening-cyber-security-statistics-for-2019. Terri Carson is director of finance for Arlington Public Schools, Arlington, Virginia. Email: firstname.lastname@example.org Leslie Peterson is assistant superintendent for finance and management service for Arlington Public Schools, Arlington, Virginia. Email: email@example.com The question is not whether a school district will experience a cyber threat, it’s when it will experience a cyber threat and how it will recover.