Cybersecurity 

SETDA (State Education Technology Directors Association) - Landscape Analysis of Cybersecurity - Cybersecurity and Privacy Collaborative

• • • Critical Vulnerabilities

    • Legislative Impacts and Needs

    • Strengthening State Response

    • Key Resources

      • • • Free Cybersecurity resources and tools

    • Need for State Advocacy

• Cyber Insurance Market and Control Presentation by Gallagher

  • Minimum Baseline for Cyberinsurance/Critical Priority Cybersecurity Controls 

    • • Require multifactor authentication for employee/user email

        • • All faculty and staff accessing on main network or remotely

          • Students not currently required but some are beginning MFA for students when they get an email address - usually in MS or HS; carriers giving preference to those who implement with students and they are moving towards this...not there yet though

          • MFA required on Google Drive and One Drive if there is sensitive information stored on that platform

      • Require multifactor authentication for remote access (i.e. VPN, RDP)

      • Require MFA for privileged accounts (i.e. domain administrator accounts)

        • • If IT is outsourced, when accessing the network those consultants need to utilize MFA 

      • Require offline/offsite backups of critical data

      • Deploy an Endpoint Detection and Response Solution on all managed endpoints

      • Create a written plan that's self-audited for patching critical software/hardware - risk based escalation of security patches (within 7 days and no longer than 30 days after release)

      • Segment end of life/legacy hardware and software systems

      • Categories of focus - IAM (w/service accounts), endpoint protection, backup procedures, end of life, change management, and employee training

  • FREE E-risk Hub from Gallagher 

    • • https://eriskhub.com/gallagher; complete the new user registration at the bottom of the page - pick your own user ID and password (access code is 447597)

      • After registering you can access the hub immediately using the newly created credentials in the member login box located in top right 

        • • Breach preparation guidance

          • Privacy Statute guidance

          • Breach response/compliance/cybersecurity vendor directory

          • Current and trending events

          • Best practice policies and procedures

          • Cyber Risk management due diligence