Top 4 Security Tips from Skyward’s Director of Information Security

#Security

Mike Bianco

by Mike Bianco

Mike Bianco Director of Information Security

Read time:

Listen to this article

It’s an unfortunate truth: Education is the most attacked industry sector, suffering a 114% increase in the last two years—double the rate of other industries. Security weaknesses are exploited daily, putting both data and dollars on the line.

The start of a new school year is the perfect time to reevaluate your security strategy and take steps toward making this year your most secure yet.

1. Implement a security awareness training program.

The majority of security breaches start with a successful phishing email. You can have the best security in place, but one click on a bad link can be detrimental to your district. It’s important to educate, educate, educate your employees on recognizing and reporting these traps.

At Skyward, we educate our team using KnowBe4. This training program not only sends videos and quizzes to our employees, but it also sends simulated phishing attacks, so we can see how well our team performs at recognizing these threats in their inboxes. We believe so strongly in the value of this program that we’ve partnered with KnowBe4. Skyward districts can now purchase it directly from us! For more information, reach out to IT Services.

2. Ensure all critical data is properly backed up.

Unfortunately, there often aren’t warnings before disaster strikes. That’s why it’s imperative your district is prepared by backing up your data to an immutable, air-gapped data backup that cannot be destroyed by bad actors.

If you’re housing your data on site, we recommend avoiding the basement (temperature fluctuations are often greater, as is the risk of water damage). Another important element to consider is power supply. It's best to have a generator dedicated specifically to your data. You’ll also need to make sure you keep up with software updates, hardware refreshes, and database maintenance. It can be a lot for any district to stay on top of, which brings me to my third tip...

3. If you host Skyward on-premises, consider migrating to ISCorp Secure Cloud Hosting.

Want to take the stress and worry out of data backups? Host your data with our trusted partner, ISCorp. Your district’s data will be securely backed up at the ISCorp data center. They’ll do all the updates and legwork for you. In the unfortunate scenario where your system goes down (whether it be from a natural disaster or a ransomware attack), ISCorp guarantees they'll have your data live within 24 hours of notification.

Having a solid data backup in place is not only key to a fast recovery, but it can also prevent your district from being faced with paying ransom to get your data back.

Check out this story about a Skyward district in Illinois that survived a ransomware attack thanks to their partnership with ISCorp.

4. Review your district security settings in Skyward.

If your district implemented Skyward years ago, this step is especially important for you. Take time to go back and review your district security settings to ensure they meet current standards.

Here are some things you’ll want to review:

Your Skyward authentication settings: It’s best to require everyone to use multifactor authentication to log in to Skyward.
Password requirements: Is your district using passwords or passphrases? We recommend using passphrases of 12 or more characters instead of complex passwords. For information on why, check out this blog post. (Note: You can find detailed information on Skyward password requirements in the Help Center.)
Data access: This is also the perfect time to review who has access to what data. Don't overshare—ensure only the people who need access to data to do their jobs are granted it.

If your district is using Qmlativ, you can run a Security Audit which will make suggestions for security improvements. (This feature is coming soon in SMS 2.0.) The Security Audit will help you identify areas for improvement. Check out an example in the screenshot below: