Over the course of the past months, Loreto Ministries, like many organisations across the world, has had to embrace technology and rapidly upskill in conducting regular online meetings to maintain efficient communications with each other, board members, school communities, education authorities, Loreto Sisters and various other stakeholders. The platforms that have been utilised to connect and work remotely with others have presented a myriad of new possibilities as we discern what practices have proven a success throughout the lockdown period.
Our increased use of technology throughout this period has further sharpened our focus on cybersecurity as working remotely significantly increases the opportunity for cyber-attacks. As a result of this experience we have had several cybersecurity principles reinforced in our day to day work. Two key points of learning have become very clear; firstly, the risk of relying on endpoints such as home internet and devices should be minimised; secondly, using a limited privileged account for remote access to prevent adversaries gaining an initial foothold and employing a multifactor authentication (MFA) to protect access and sensitive information is vital. Both of these points are practices Loreto Ministries had already implemented and have held us in good stead during this period of remote work.
Questions of cybersecurity are relevant for all stakeholders at Loreto Ministries, particularly our schools. Sensitive information in a school environment includes student records, staff records, financial records, board papers, contracts and so on. We need to ask, is this information suitably protected at all times?
If your school was faced with a cyber-attack are you well prepared? Do you know how to respond to a cyber security incident? A cyber security incident can shut down businesses for weeks and can have a significant impact on reputation, community and stakeholder trust as well as finances.
A disaster recovery and cyber incident response plan is critical in managing the impact of this risk.
School Boards and others should have oversight of cyber risk at a macro level and may consider Telstra’s “5 Knows of Cyber Security” as a checklist for management teams: –
Know the value of your data – is it treated with the same respect as any other asset?
Know who has access to data
Know where your data is located
Know who is protecting your data
Know how well your data is protected
Having an annual agenda item for cyber risk could be the first step in understanding the school’s exposure to cyber risk.
The most common threat is email phishing scams. Regular reminders should be sent out advisingusers not to click on links within emails from unknown sources. These emails should be deleted immediately and not opened.