SET SEG: Not Your Typical Insurance Company

October 27, 2022 Leave a comment Cyber Director's Desk Foundation Loss Control Property/Casualty Workers' Compensation

For most insurance companies, success is defined by profit and financial benchmarks. But for SET SEG, that’s not the case — we’re not an insurance company. Our members join a pool and fund as opposed to going with a traditional insurance carrier, meaning member districts are our shareholders and have a voice in our strategic direction. The success of the Pool and Fund allows members to receive net asset returns and premium reductions.

Insuring public schools is a risky endeavor, and in Michigan, where the summers are short and the winters are freezing, providing affordable and quality coverage on everything from property/casualty and workers’ compensation to employee benefits, can be a challenge.

As our schools face these challenges, we like to remind them one thing: they’re not alone.

From our corporate programs and workplace culture to our philanthropic efforts through the SET SEG Foundation, giving back to our schools and communities has become a part of the SET SEG approach, always connecting back to our core value to put schools first.

12 Ways SET SEG Gives Back

12. Property/Casualty Return Checks

Every year, districts that are members of the MASB/SEG Property/Casualty Pool receive a net asset return check for funds not utilized in covering claims the previous year. As members of the Pool, school districts share the risk but benefit when claims are reduced and prevented.

11. Workers’ Compensation: Funding Safety Initiatives

Every spring, the SEG Self-Insurer Workers’ Compensation Fund sends a check to each member of the Fund so those districts can purchase products that will help decrease common injuries that occur inside the classroom, with the ultimate goal of reducing injuries and claims across the state.

10. Free Subscription to MyCyber

It’s not enough to provide funds for the property and buildings our students and educators populate, protecting districts from cyber threats is also a top priority. Through a partnership with Tetra Defense, a leading cybersecurity firm, SET SEG provides a valuable tool for members to scan their systems allowing schools to shore up their cyber defenses, keeping their school community safe from damaging cyber incidents.

SET SEG is providing all members with a free subscription to MyCyber, a platform used to conduct cyber hygiene projects ensuring schools are following cyber security best practices and have all the tools they need to remain secure. Click to learn more.

9. Adopt a Family

As an organization, participating in Adopt-a-Family prior to the holidays is a great way to engage our employees and give back to the community at the same time. Each year, SET SEG pledges to assist one or two families who may be struggling to provide gifts for their children.

This season, our staff is purchasing and donating enough gifts to cover a family of five.

8. Employee Food Drive

For two weeks this November, our staff brought in food donations to the office for a food drive benefitting the SIREN/Eaton Shelter in Charlotte, Michigan, a community resource dedicated to providing advocacy and support services to the homeless population and domestic violence survivors.

7. Paid Volunteer Time

While giving back is top of mind during the holiday season, SET SEG has put in place policies that encourage philanthropy all year round, specifically through paid volunteer time and donating to our Foundation with payroll contributions. Employees are given eight hours of paid time off from work to volunteer for a cause, event, organization, etc. of their choice.

In addition to giving their time, many SET SEG employees take advantage of our payroll contribution option to donate an amount per day period to the SET SEG Foundation, directly donating to grant and scholarship programs benefiting our public schools.

6. Send a Candy Cane

In December, as a fundraiser for the SET SEG Foundation, the philanthropic arm of our organization, staff can pay $1 to send a coworker a festive treat with a message to share their appreciation during the holiday season.

5. Award 10 Schools $2,500

The SET SEG Foundation is once again partnering with the Michigan Association of School Boards to honor Michigan public school programs with Education Excellence Awards. Ten educational programs within Michigan public schools and/or ISDs will be awarded the grant to continue their positive influence on their students and community.

Winners receive $2,500, a commemorative trophy, and a street sign announcing the districts as an Education Excellence winner. Apply here: setseg.org/edex

4. Send 65 Students to Summer Leadership Camp

The Michigan Association of Student Councils and Honor Societies (MASC/MAHS) Summer Leadership Camp provides an opportunity for students to experience lessons in leadership, communications, group activities, and goal setting. Through this competitive process, students in grades nine through 12 receive scholarships to attend camp.

Every year, SET SEG receives hundreds of applications from all throughout Michigan and awards $26,000 in full scholarships. Click to learn more.

3. Provide 20 Students Scholarships for the Skilled Trades

The SET SEG Foundation believes in supporting Michigan public school students in the pursuit of enrichment opportunities that advance learning and create opportunities. With the shortage of skilled trade workers in Michigan, we want to help revitalize these career paths and support students in their professional pursuits by giving 20 scholarships each in the amount of $500. Click to learn more.

2. Award 3 School Districts in the Student Showcase

Each year MASC/MAHS invite students across the state to develop a student showcase presentation that shares the very best in programming currently being executed at their school. Presentations are held at regional events throughout the state and can be selected to present at the state conference in February. The top presentations are voted on by attending schools for a chance to present to more than 2,000 student leaders from across the State of Michigan. Students attending the state conference will vote for the top three winners.

The SET SEG Foundation awards the top three winning school districts $1,000.

#GivingTuesday: SET SEG Foundation

Throughout our #12WaysOfGiving series we’ve covered all the ways SET SEG gives back to Michigan’s schools and communities, even highlighting our generous staff for all they give throughout the year in addition to their hard work serving our members every day.

Now it’s your turn.

If you would like to contribute to any of the SET SEG Foundation’s programs benefitting Michigan public school educators and students, please donate today: setseg.org/donate.

Continue Reading

Cyber Criminals Target Public Schools – SET SEG Acts

May 12, 2022 Leave a comment Cyber Property/Casualty
Cyber Risk Assessment

Prior to the COVID-19 pandemic, public schools were common targets for cybercriminals due to inconsistent cyber security resources and best practices. With the shift to online and hybrid learning models, bad actors increased the severity and frequency of attacks to take advantage of a hectic and vulnerable environment.

According to a study conducted by cyber security experts, Beazley, the education sector is in the top five industries targeted by cybercriminals. The study also identified employees as the largest at-risk group for giving cybercriminals a way into networks, whether by clicking on an insecure link or providing access to malicious contacts.

Armed with this information, the SET SEG team developed a Cyber Risk Assessment, a visual representation of a school district’s cyber risk level through a red, yellow, and green light system. In the assessment tool, cyber security best practices are listed as actionable tasks with a green to red color-coded scale for the school district to determine their risk level.

With a tool like the Cyber Risk Assessment, a public school’s administration can identify areas of strength, areas to evaluate and improve, and areas that require immediate attention.

Protecting School Districts from Cyber Threats in the Future

While the Cyber Risk Assessment helped districts across the state strengthen their cyber security, SET SEG is committed to continue providing the best resources available to members. Recently, SET SEG partnered with Tetra Defense, a leading cyber defense firm that has significant experience in the education industry. As part of our cyber insurance coverage, members with MyCyber will receive monthly scans from Tetra Defense identifying any weak spots in their network that bad actors could take advantage of.

Resources provided by the MyCyber platform aren’t just basic FAQs you could find on the internet. The recommended cyber hygiene projects and associated resources are defined by professionals tirelessly engaging these cyber threats every day. The information your district will have access to is the most relevant information available regarding cyber defense.

If you’re a SET SEG member, click here to access the SET SEG member registration code and sign up to bolster your district’s cyber security today!

Continue Reading

New Cyber Defense Tools

December 7, 2021 Leave a comment Cyber Director's Desk

As we all know, K-12 organizations large and small are continually inundated with cyberattacks and it’s getting worse every year. Insurance providers are having to adapt to an increased cost of ransomware attacks, with some insurance companies no longer renewing policies altogether. As part of our commitment to our members, SET SEG has been working tirelessly to find tools and processes that better protect districts from cybercrime.

To help defend our members from cyberthreats, SET SEG has partnered with Tetra Defense, a leading cyber defense firm that has significant experience with the education industry. After a strenuous search for the perfect cyber defense partner from our Cyber Defense Task Force, we found Tetra Defense to be the best possible option for our members due in part to their education-based approach. The organization offers a customized learning experience, providing members with a tailored knowledgebase that informs users of threats based on scans of their own systems using Tetra Defense’s MyCyber platform.

MyCyber Platform

Soon, as part of our cyber insurance coverage, members will receive monthly scans from Tetra Defense identifying any weak spots in their network that bad actors could take advantage of. Users will then receive a breakdown of imminent and less-pressing threats as well as a number of cyber hygiene projects to resolve them.

Resources provided by the MyCyber platform aren’t just basic FAQs you could find on the internet. The recommended cyber hygiene projects and associated threats are defined by professionals tirelessly engaging these cyberthreats every day. The information your district will soon have access to is the most relevant information available regarding cyber defense.

If you’re interested in learning more about the new MyCyber platform, or have any questions about your cyber insurance coverage, please reach out to your Account Executive.

Continue Reading

Phishing’s Dangerous Sibling: Pretexting

October 26, 2021 Leave a comment Cyber Director's Desk

Social engineering attacks occur when an attacker convinces employees to provide sensitive information by exploiting a user’s lack of knowledge, or “tricking” them into giving the information up. This can commonly be done via email phishing attacks, or more specifically business email compromise (BEC), which we’ve covered extensively in our Cyber Security Resource Center.

While being mindful of fraudulent emails, or broader phishing attacks as a whole, is an important part of any cyber security awareness strategy, there’s a graduated form of phishing that your district should be conscious of as well: pretexting.

Phishing attacks are all about presenting a sense of urgency in the moment, keeping the target from being able to adequately assess the validity of an attacker’s claims. Pretexting is more advanced, utilizing aspects of phishing and BEC, while engineering a situation over a period of time.Pretexting

For example, in a pretext attack on a K-12 organization, the attacker would reach out to a school employee pretending to be some representative of the school administrator. If the administrator’s email has been compromised, the attacker could even pretend to be the administrator. If this were a phishing attack, the communication would end there with an urgent call for payment credentials, but in a pretext attack, this initial email only sets the stage.

In this case, the email could point to a failed payment for some conference that members of the district are attending. Instead of requiring payment info immediately for some urgent reason (like a typical phishing attack), the attacker might request more information, such as a confirmation of dates and location. Generally, this interaction would go back-and-forth across multiple emails. The attacker would drop names and details that further reinforce credibility, until eventually asking the employee to give up private credentials.

This is what makes pretexting attacks so dangerous: the attacker lulls targets into a false sense of security. Defense against pretext attacks is similar to other forms of phishing: take time to review the communications you are receiving. Verify who the sender is and don’t hesitate to flag it for your IT Department if anything looks suspicious.

While the shear number of cyberthreats out there can be daunting, oftentimes the greatest way to protect your district is with a strong education. Visit our Cyber Security Resource Center for more informational items like this one.

Continue Reading

The Costliest Form of Cybercrime

October 11, 2021 Leave a comment Cyber Director's Desk Property/Casualty

Have you ever received a suspicious email from a contact you trust? Maybe it’s from a local print shop asking for immediate payment on an invoice for flyers for your district. It could be from your business manager requiring sign off on gift cards to employees. It could even be from a third-party contractor or district administrator asking for payment information to take care of construction costs.

Unfortunately, while those communications may appear innocent on the surface, the thing they all have in common is that none of them are actually from a trusted contact. Business email compromise (BEC) occurs when bad actors portray themselves as trusted parties. While not necessarily as prevalent as ransomware attacks, this form of cybercrime is the most financially costly to organizations, and one that has become increasingly common in K-12 institutions.

These fraudulent communications are often portrayed by the perpetrator as time-sensitive, asking for immediate financial action before the reader can accurately assess the validity of the request. While the short timeframe is part of what can make attacks successful, it’s also their downfall.

Taking time to scrutinize the email is all it takes to prevent a costly mistake.

Documents and videos in the SET SEG Cyber Security Resource Center describe, in detail, the dangers of phishing attacks from cybercriminals trying to steal your data and how to mitigate them. BEC threats follow some of the same rules.

Business email compromise attacks can be a costly hazard but taking the steps to educate employees on cyber security best practices is the key to protecting your district.

  • Participate in regular phishing training, like KnowBe4’s cyber awareness training.
  • Put strict policies in place, only allowing the use of district-managed devices for work-related tasks.

While cyberattacks are only becoming more common, SET SEG is committed to providing members with the greatest defense against such threats: knowledge.

If you haven’t already, visit our Cyber Security Resource Center to prepare your staff for whatever cyberthreats may come your way.

Phishing Email Example
Continue Reading

Cybercrime Alert: Urgent Notice for Superintendents

July 1, 2021 Leave a comment Cyber Director's Desk Property/Casualty

Cybercriminals are attacking schools at an alarming rate. Malicious actors are exposing personally identifiable information, demanding millions of dollars of ransom, and districts are losing valuable time and money before they are able to regain control of their systems.

Threats and phishing attacks continue to become more sophisticated and difficult to spot.

“It is imperative that your staff is not only aware of these heightened attacks on the education community, but know how to stop the attack, and report it appropriately,” says Amy Guilford, Chief Program Administrator of the Property/Casualty Pool. “Early detection is the key — alerting your IT team right away gives them a better chance at shutting down the threat and minimizing damage.”

The first step for every district is to consider subscribing to a training entity, like KnowBe4 — an on-demand security awareness cyber training program. SET SEG members receive a significant discount on the highly affordable subscription. It is one of the best lines of defense you can deploy to prevent a cyber event at your district.

If an incident does occur, contact your SET SEG Account Executive immediately to deploy our team of legal and forensic specialists.

PROTECT YOUR DISTRICT IMMEDIATELY

EDUCATE:

Conduct ongoing security awareness training – sign up for KnowBe4, or another security training, to help your staff spot and stop these attacks.

SEPARATE:

Establish policies – only allow district-issued computers onto district-owned networks.

MITIGATE:

Backup data offline – keep a secure offsite copy of your information or remove any online backups from the main network.

Deploy a password management tool – utilize Multi-Factor Authentication to require individuals to verify their identities prior to logging into a system.

Continue Reading

The Key to Cyber Security? Changing Mindsets & Behaviors

May 27, 2021 Leave a comment Cyber Director's Desk Property/Casualty

When it comes to communication in the workplace, email is king. With American workers receiving an average of 126 emails per day*, email also serves as one of the most vulnerable areas of your organization’s security structure. While scans and filters can assist with blocking some suspicious communications, the likelihood of falling victim to a cyberattack is directly linked to your staff’s level of security awareness and their ability to spot hackers’ attempts.

The Dangers of Operating on Autopilot

When going through your inbox becomes an everyday task, decisions on what to open, click on, and delete are made quickly, effortlessly, and even automatically. That’s why it’s no surprise that as our brains are taking shortcuts, there has been a dramatic increase in successful phishing scams.

Just like your processes for student safety require staff to be alert and responsive in the event of a potential disaster, procedures created to keep your cyber data secure are heavily reliant upon employees to respond properly in the face of an attempted cyber attack. While an investment in defensive software and preventative tools is helpful, teaching employees to be mindful and treat every email like a potentially malicious scam is still the most effective way to stop a cyber breach and protect your district.

How to Change Problematic Behaviors

Just like other employee trainings, with cyber security education, you’re aiming to build a foundation of knowledge so staff has a solid awareness and ability to respond to certain situations appropriately. However, unlike most trainings, the process shouldn’t stop after delivering education. Cyber security training must also include ways to encourage staff to change their current absent-minded, routine approach to emailing to the “system 2” approach. Keeping up with emails can be taxing, but it’s critical that you share the importance of slowing down and maintaining a controlled and mindful state.

How to Shift Decision-Making to System 2:

  • Teach employees to be wary of ALL emails they receive
  • Test awareness regularly by sending pretend phishing emails to staff and share reports on the organization’s performance

By providing opportunities to practice their skills and reinforcing the importance of their individual role with routine performance reports, you’ll help build employees’ critical thinking muscles and eventually change their emailing behaviors.

The Fastest, Easiest Path to Change Behaviors: Purchase Training

Investing in simulated testing with a cyber security awareness training tool can help you automate testing and capture performance data to determine your risk status and monitor progress. With so many user-friendly and effective tools available, purchasing a training tool can be fast and easy. Off-the-shelf tools also streamline training implementation and offer quick deployment, so you can address this issue and make progress within a matter of weeks.

For information on discounted training subscriptions available to SET SEG members, visit setseg.org/cyber.

*“Email Usage Statistics in 2021.” Campaign Monitor, 11 July 2019, www.campaignmonitor.com/blog/email-marketing/email-usage-statistics-in-2019/.

Continue Reading

An Investment in Backups May be the Only Way to Keep Your Data

April 23, 2021 Leave a comment Cyber Director's Desk Property/Casualty

During the second and third quarters of 2020, the number of ransomware attacks within the education sector rose by 388%.

Many have heard that malicious cyber incidents in public schools — like staff data breaches, ransomware outbreaks, phishing attacks, and social engineering scams — drastically increased throughout the previous year, but this dramatic spike equates to a rate of more than two incidents per school day over the course of 2020, according to a report by the K-12 Cybersecurity Resource Center.

The education sector is one of the most targeted industries by ransomware attackers, forcing schools to face a challenging decision:

Invest in better security and backup precautions now, or suffer the consequences and hope to be able to afford the steep ransom and recovery costs if attacked.

Small Investment Today, or Major Unexpected Cost Tomorrow

The average total cost of recovery from a ransomware attack has more than doubled since last year, according to the global survey, The State of Ransomware 2021. It’s important to understand that the “sticker price” of paying the ransom (to obtain decryption keys) is only a small piece of the larger picture to recovering data, and there are other hidden costs and losses including:

  • Business interruption losses – average downtime is 21 days
  • Legal expenses – to determine what breach notification laws were triggered and how to notify victims
  • Reputational damage

When faced with this situation, for any organization, but especially for public schools, paying the ransom is not the best way out. Even if your organization decides to pay it, the chances of getting all your information back are very slim. The average ransomware payment is $170,404 and 92% of organizations do not get back all their data after paying.

The Only Option for a Full Recovery: Data Backups

“Despite all our efforts, it is a hard truth that network and security controls can fail,” says David Larson, Network Engineer at Livingston ESA and contributor to “Essential Cyber Security Best Practices for K12,” published by Michigan Education Technology Leaders (METL). In the event of an attack, restoring data from backups may be the only solution.

Top 4 Steps to Achieving an Optimal Data Security Structure:

  1. DESIGN a robust backup procedure — utilize the 3-2-1 rule
  2. INVEST in necessary backup technologies
  3. MONITOR backup procedures on a regular basis
  4. TEST backup recoveries on a regular basis and simulate disaster incidents
If Precautions Fail, Contact SET SEG!

Organizations targeted by a cyberattack must act quickly to report the incident and deploy the data restoration process. Develop a cyber incident response plan, educate your staff, and be prepared to contact SET SEG.

For more resources on cyber security, visit setseg.org/cyber.

Continue Reading

Would You Pass the Test? 5 Ways to Identify a Phishing Email

March 31, 2021 Leave a comment Cyber Director's Desk Property/Casualty

According to an FBI report conducted in December of 2020, cyberattacks and ransomware targeting schools hit record highs last year, with K-12 schools at the top of the targeted list. Schools are a prime target for hackers. Unsecured remote learning tools, weak cyber security systems, and a lack of cyber security training for staff have exposed vulnerabilities in the public school system. Unfortunately, cyber criminals have capitalized on these weaknesses and continue to attack schools with increasingly sophisticated scams.

Phishing scams — fraudulent emails claiming to be from reputable companies in order to persuade individuals to reveal personal information, or click links to grant access to private systems — have been the most common method attackers have used over the past few months to infiltrate schools.

Because you and your staff are the key to preventing a cyberattack within your organization, it’s important to question the legitimacy of every email you receive.

If you notice anything about the email that alarms you, do NOT click links, open attachments, or reply. Remember, you are the last line of defense to prevent cybercriminals from succeeding.

Spread the word!

Click here for a simple demonstration of how to spot red flags in an email. Use this resource to train your staff and students to be aware and block malicious scammers!

Sign Up for Security Awareness Training:

SET SEG members have access to an exclusive discount on the world’s largest security awareness training and simulated phishing platform. For more information, click here.

Continue Reading

Flip the Script on Cyber Attacks

November 10, 2020 Leave a comment Cyber Director's Desk Property/Casualty
Did you know…   

Education is listed in the top five most targeted industries for a cyber attack? A cyber breach can wreak havoc on a public school system — compromising students’ private information, diminishing a community’s confidence in the school, and ultimately costing the district and the Pool membership thousands of dollars.

The arrival of the global pandemic has provided cybercriminals with the perfect cover for ramping up email attacks. According to Beazley, SET SEG’s trusted cyber security partner, since the increase in remote work, employees have been more likely to fall for social engineering scams, or email phishing techniques used to manipulate someone into providing confidential information like log-in credentials. SET SEG members have access to a team of nationwide industry experts, robust tools, and local support to help grow and strengthen cyber security within their organization.

Flip the images below to access helpful cyber support!

Customized Member Resource Center

Though they’re the largest at-risk group, your employees also provide the most powerful first line of defense to protect against cyber hackers and misuses of sensitive information. Access the SET SEG COVID-19 Resource Center for:

  • Best practices to address new risks and exposures as a result of COVID-19.
  • Security checklists, handouts, videos and more that address IT equipment and cyber security in a remote work environment.

MEMBER DISCOUNT!

KnowBe4: Security Awareness Training

Phishing continues to be one of the greatest risks for organizations and one where employees pose the greatest vulnerability. SET SEG provides members discounted access to KnowBe4, the world’s largest integrated platform for security awareness training. This training combines a library of information with simulated phishing attacks to teach employees to make smarter security decisions every day.

To access your discount or learn more information, click here.

Breach Response Team

A cyber breach isn’t always a disaster, but mishandling it is. To ensure an immediate and proficient response to a cyber attack, SET SEG members have access to our partner, Beazley, a global company that utilizes its own in-house breach response team to resolve any cyber incidents with a member district.

For additional resources and a list of cyber security best practices, visit our COVID-19 Resource Center.

 

MISecure.org

SET SEG is proud to serve on a task force organized by Michigan Education Technology Leaders (METL), a workgroup of Michigan Association of Intermediate School Administrators (MAISA), to develop a guide to help Michigan K-12 school districts identify and improve their cybersecurity practices.

MISecure.org lists a variety of resources, from essential cybersecurity practices for K-12 to assessments and guides to implement in your organization. To learn more about this tool created for Michigan schools by Michigan technology experts, visit misecure.org/resources.

SET SEG Cyber Coverage

SET SEG’s cyber coverage is designed to respond to various forms of attack on personal data, and organization-wide IT infrastructure. Expenses arising from compromised Personally Identifiable Information (PII) and ransomware/extortion attack costs are covered, subject to policy conditions and limits.

If you believe a breach has occurred or your systems have been compromised, please notify SET SEG immediately. Legal and computer forensic reviews will be conducted to determine the extent of the damage and appropriate next steps.

Continue Reading