Winners have been announced, but you can still enter to win! If you’re a member of the Property/Casualty Pool and your district has invested in cyber training for staff and students, click here to enter your district for a chance to win $1,000!
Cybercriminals are attacking schools at an alarming rate. Malicious actors are exposing personally identifiable information, demanding millions of dollars of ransom, and districts are losing valuable time and money before they are able to regain control of their systems.
Threats and phishing attacks continue to become more sophisticated and difficult to spot.
“It is imperative that your staff is not only aware of these heightened attacks on the education community, but know how to stop the attack, and report it appropriately,” says Amy Guilford, Chief Program Administrator of the Property/Casualty Pool. “Early detection is the key — alerting your IT team right away gives them a better chance at shutting down the threat and minimizing damage.”
The first step for every district is to consider subscribing to a training entity, like KnowBe4 — an on-demand security awareness cyber training program. SET SEG members receive a significant discount on the highly affordable subscription. It is one of the best lines of defense you can deploy to prevent a cyber event at your district.
If an incident does occur, contact your SET SEG Account Executive immediately to deploy our team of legal and forensic specialists.
EDUCATE:
Conduct ongoing security awareness training – sign up for KnowBe4, or another security training, to help your staff spot and stop these attacks.
SEPARATE:
Establish policies – only allow district-issued computers onto district-owned networks.
MITIGATE:
Backup data offline – keep a secure offsite copy of your information or remove any online backups from the main network.
Deploy a password management tool – utilize Multi-Factor Authentication to require individuals to verify their identities prior to logging into a system.
When it comes to communication in the workplace, email is king. With American workers receiving an average of 126 emails per day*, email also serves as one of the most vulnerable areas of your organization’s security structure. While scans and filters can assist with blocking some suspicious communications, the likelihood of falling victim to a cyberattack is directly linked to your staff’s level of security awareness and their ability to spot hackers’ attempts.
When going through your inbox becomes an everyday task, decisions on what to open, click on, and delete are made quickly, effortlessly, and even automatically. That’s why it’s no surprise that as our brains are taking shortcuts, there has been a dramatic increase in successful phishing scams.
Just like your processes for student safety require staff to be alert and responsive in the event of a potential disaster, procedures created to keep your cyber data secure are heavily reliant upon employees to respond properly in the face of an attempted cyber attack. While an investment in defensive software and preventative tools is helpful, teaching employees to be mindful and treat every email like a potentially malicious scam is still the most effective way to stop a cyber breach and protect your district.
Just like other employee trainings, with cyber security education, you’re aiming to build a foundation of knowledge so staff has a solid awareness and ability to respond to certain situations appropriately. However, unlike most trainings, the process shouldn’t stop after delivering education. Cyber security training must also include ways to encourage staff to change their current absent-minded, routine approach to emailing to the “system 2” approach. Keeping up with emails can be taxing, but it’s critical that you share the importance of slowing down and maintaining a controlled and mindful state.
How to Shift Decision-Making to System 2:
By providing opportunities to practice their skills and reinforcing the importance of their individual role with routine performance reports, you’ll help build employees’ critical thinking muscles and eventually change their emailing behaviors.
Investing in simulated testing with a cyber security awareness training tool can help you automate testing and capture performance data to determine your risk status and monitor progress. With so many user-friendly and effective tools available, purchasing a training tool can be fast and easy. Off-the-shelf tools also streamline training implementation and offer quick deployment, so you can address this issue and make progress within a matter of weeks.
For information on discounted training subscriptions available to SET SEG members, visit setseg.org/cyber.
*“Email Usage Statistics in 2021.” Campaign Monitor, 11 July 2019, www.campaignmonitor.com/blog/email-marketing/email-usage-statistics-in-2019/.
Most health plans saw an overall reduction in cost in 2020 despite significant increases related to respiratory conditions caused by COVID-19. While this reduction may appear to point toward a healthier workforce (due to decreased contact with germs and illness) on the surface, digging a bit deeper reveals that many simply put off or avoided vital treatment and care.
Because of COVID-19 concerns, an estimated 41% of U.S. adults delayed or avoided medical care including urgent or emergency care and routine care.*
The deferment of care may not be initially life-threatening, but could lead to serious health implications, pain, and greatly increase future plan costs.
All of these add up to greater future costs for your health plan. While this may all seem overwhelming, there are ways to prepare for this increased cost and mitigate the effects on your health plan.
During the second and third quarters of 2020, the number of ransomware attacks within the education sector rose by 388%.
Many have heard that malicious cyber incidents in public schools — like staff data breaches, ransomware outbreaks, phishing attacks, and social engineering scams — drastically increased throughout the previous year, but this dramatic spike equates to a rate of more than two incidents per school day over the course of 2020, according to a report by the K-12 Cybersecurity Resource Center.
The education sector is one of the most targeted industries by ransomware attackers, forcing schools to face a challenging decision:
Invest in better security and backup precautions now, or suffer the consequences and hope to be able to afford the steep ransom and recovery costs if attacked.
The average total cost of recovery from a ransomware attack has more than doubled since last year, according to the global survey, The State of Ransomware 2021. It’s important to understand that the “sticker price” of paying the ransom (to obtain decryption keys) is only a small piece of the larger picture to recovering data, and there are other hidden costs and losses including:
When faced with this situation, for any organization, but especially for public schools, paying the ransom is not the best way out. Even if your organization decides to pay it, the chances of getting all your information back are very slim. The average ransomware payment is $170,404 and 92% of organizations do not get back all their data after paying.
“Despite all our efforts, it is a hard truth that network and security controls can fail,” says David Larson, Network Engineer at Livingston ESA and contributor to “Essential Cyber Security Best Practices for K12,” published by Michigan Education Technology Leaders (METL). In the event of an attack, restoring data from backups may be the only solution.
Top 4 Steps to Achieving an Optimal Data Security Structure:
Organizations targeted by a cyberattack must act quickly to report the incident and deploy the data restoration process. Develop a cyber incident response plan, educate your staff, and be prepared to contact SET SEG.
For more resources on cyber security, visit setseg.org/cyber.
With the shortage of skilled trade workers in Michigan, we’re eager to help revitalize these career paths and support students in their trade pursuits by granting $500 scholarships for continued education. Share our application and encourage students to apply now! The deadline is April 19.
This year, we’re excited to launch the SET SEG Michigan Safety Awareness and Facilities Excellence (MSAFE) Award as a special way to recognize strong, supportive members of the Property/Casualty Pool and Workers’ Compensation Fund and reward their proactive efforts to protect their school community.
It is with great enthusiasm that we announce and congratulate the 2021 MSAFE Award winners!
These exemplary SET SEG members possess outstanding safety records and take serious steps to protect and preserve the safety and security of their buildings and grounds. Each winner met specific criteria for claims experience, prompt reporting, claim resolution, and training participation that earned them this prestigious distinction among their peers, along with a commemorative trophy and $1,000 to invest in their organization!
This fall, one grand prize winner will be selected from the group and will be granted an additional $2,500 to continue to build upon safety measures in their district.
We applaud these school districts for their best-in-class safety practices and dedication to protecting their students and staff!
According to an FBI report conducted in December of 2020, cyberattacks and ransomware targeting schools hit record highs last year, with K-12 schools at the top of the targeted list. Schools are a prime target for hackers. Unsecured remote learning tools, weak cyber security systems, and a lack of cyber security training for staff have exposed vulnerabilities in the public school system. Unfortunately, cyber criminals have capitalized on these weaknesses and continue to attack schools with increasingly sophisticated scams.
Phishing scams — fraudulent emails claiming to be from reputable companies in order to persuade individuals to reveal personal information, or click links to grant access to private systems — have been the most common method attackers have used over the past few months to infiltrate schools.
Because you and your staff are the key to preventing a cyberattack within your organization, it’s important to question the legitimacy of every email you receive.
If you notice anything about the email that alarms you, do NOT click links, open attachments, or reply. Remember, you are the last line of defense to prevent cybercriminals from succeeding.
Click here for a simple demonstration of how to spot red flags in an email. Use this resource to train your staff and students to be aware and block malicious scammers!
SET SEG members have access to an exclusive discount on the world’s largest security awareness training and simulated phishing platform. For more information, click here.
Old school security training doesn’t hack it anymore. Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks.
Employees are the weakest link — hackers know this and are exploiting it every day. KnowBe4 helps you effectively and easily educate your staff on common hacker tactics so you can create a “Human Firewall” to manage the continuing problem of cyber attacks.
KnowBe4 is the world’s largest security awareness training and simulated phishing platform, proven effective in helping organizations manage the ongoing problem of social engineering and reducing vulnerabilities to ransomware, malware, and other data breaches.
KnowBe4 is a user-friendly and intuitive platform built to scale for busy IT pros that have multiple fires to put out. Customers of all sizes can get the KnowBe4 platform deployed into production extremely fast without the need for consulting or on-site assistance. The service includes:
For information related to subscription levels, pricing, and additional training modules and resources, click here or contact Lauren Melendez at (727) 315-0376, or at laurenm@knowbe4.com.
Can short-term disability be used for mental health conditions?
The everyday stressors of life during the COVID-19 pandemic left many school employees dealing with new or exasperated mental health concerns. While every organization approaches mental health benefits differently, we have received questions about an employee’s ability to use short-term disability benefits to help with mental health issues.
Check out the information below to expertly navigate short-term disability benefits as they relate to mental health conditions.
Do mental health conditions qualify an employee for short-term disability?
The answer is — it depends! First and foremost, the determination that any illness qualifies an employee for short-term disability is based on three things:
Oftentimes, carriers lean heavily on a professional diagnosis and treatment plan when evaluating whether a condition qualifies for short-term disability. The disability carrier will take into account:
Does my organization have any say in whether an illness qualifies for short-term disability?
If your organization’s short-term disability benefits are fully insured (administered by a carrier), the carrier will determine whether an illness qualifies based on the criteria listed above.
If your organization’s short-term disability benefits are self-insured, your organization can decide whether an illness qualifies using the criteria above.
NOTE: Determinations should be made on a universal and reasonable basis. It is also important that all determinations, as well as the determination process, be adequately documented.
How should we handle short-term disability requests that are submitted due to mental illness?
We recommend following four simple steps to help your organization handle short-term disability requests for any type of illness:
