Property/Casualty Archives

Funding for School Safety Assessments

August 29, 2022 Leave a comment Director's Desk Property/Casualty

Thanks to the efforts of Secure Education Consultants (SEC) and the Michigan state legislature, funding is available for Michigan public schools to conduct physical site assessments of their facilities. We urge all SET SEG members to take advantage of this funding and contact SEC to schedule a site assessment as soon as possible.

The Need for Site Assessments

Keeping your students and employees safe is of the utmost importance. Following recent acts of violence that have occurred in our schools, districts have been quick to defend their facilities with any number of products and services. However, without knowing the weaknesses or gaps in a district’s security plan, blindly buying products can give a false sense of security as they may not be addressing that district’s specific needs.

SEC President Jason Russell likens this scenario to a doctor and pharmacy relationship: “In Michigan, we were sending schools right to the pharmacy without ever sending them to the doctor first.” A site assessment is like going to the doctor – SEC thoroughly examines your facilities and identifies potential vulnerabilities while offering strategies to improve the safety and security of your district.

Why SEC?

SET SEG has long partnered with SEC to provide our members with the best possible security consultation available. With over 100 years of combined security and law enforcement experience, SEC is rapidly becoming one of the largest security assessment firms in the country. They quite simply have more experience than any other security consultation organizations serving public schools.

Having a strong partnership with SEC has been crucial for our district. Jason and his team really listen to what our needs are, the unique problems we face, and the concerns we have. It gives me great comfort knowing we have the most professional, highest-level group of experts helping us keep our students, staff, and community safe.

Dr. Embekka Roberson, Birmingham Schools

Russell and the experienced consultants at SEC worked with the Michigan legislative body to make grant funds for site assessments possible. They developed the requirements and guidelines for assessors, ensuring your district’s interests are put first. There truly is no other group better suited for these assessments.

Contact SEC at info@secureed.com or (616) 528-4071 to secure state funding and set up your site assessment. Click here for more information about SEC’s site assessment process.

Cyber Criminals Target Public Schools – SET SEG Acts

May 12, 2022 Leave a comment Cyber Property/Casualty

Cyber Risk Assessment

Prior to the COVID-19 pandemic, public schools were common targets for cybercriminals due to inconsistent cyber security resources and best practices. With the shift to online and hybrid learning models, bad actors increased the severity and frequency of attacks to take advantage of a hectic and vulnerable environment.

According to a study conducted by cyber security experts, Beazley, the education sector is in the top five industries targeted by cybercriminals. The study also identified employees as the largest at-risk group for giving cybercriminals a way into networks, whether by clicking on an insecure link or providing access to malicious contacts.

Armed with this information, the SET SEG team developed a Cyber Risk Assessment, a visual representation of a school district’s cyber risk level through a red, yellow, and green light system. In the assessment tool, cyber security best practices are listed as actionable tasks with a green to red color-coded scale for the school district to determine their risk level.

With a tool like the Cyber Risk Assessment, a public school’s administration can identify areas of strength, areas to evaluate and improve, and areas that require immediate attention.

Protecting School Districts from Cyber Threats in the Future

While the Cyber Risk Assessment helped districts across the state strengthen their cyber security, SET SEG is committed to continue providing the best resources available to members. Recently, SET SEG partnered with Tetra Defense, a leading cyber defense firm that has significant experience in the education industry. As part of our cyber insurance coverage, members with MyCyber will receive monthly scans from Tetra Defense identifying any weak spots in their network that bad actors could take advantage of.

Resources provided by the MyCyber platform aren’t just basic FAQs you could find on the internet. The recommended cyber hygiene projects and associated resources are defined by professionals tirelessly engaging these cyber threats every day. The information your district will have access to is the most relevant information available regarding cyber defense.

If you’re a SET SEG member, click here to access the SET SEG member registration code and sign up to bolster your district’s cyber security today!

Protect Your School Community – Win an Award for Facilities Excellence

April 13, 2022 Leave a comment Director's Desk Property/Casualty

Every year, we recognize outstanding members of the Property/Casualty Pool and Workers’ Compensation Fund by rewarding their proactive efforts to protect their district’s buildings and grounds. The Michigan Safety Awareness and Facilities Excellence (MSAFE) Award was instituted to show our appreciation for member districts that do everything they can to limit claims while protecting students and employees.

Safety Considerations

What are districts like the recent regional MSAFE Award winners doing to successfully protect their facilities? They put in place procedures and products that maintain a consistent level of safety.

Slips, trips, and falls are a constant concern in any state, but Michigan’s climate can be especially hazardous. Transitioning seasons supply enough rain, ice, and snow to require a number of solutions to limit those risks. Consider adding things like non-slip stair treads, floor mats, wet floor signs, and more to your safety repertoire.

You Could Be the Next Winner!

Regional MSAFE awards are announced annually. If you haven’t been selected yet, ask your Loss Control Consultant what you can do to preserve the safety of your facilities and grounds. Instituting our safety recommendations raises your chances for winning this award.

What’s more, regional MSAFE winners are entered into a second drawing for an overall grand prize MSAFE Award. Grand prize winners provide the most proactive safety operations for the year out of all of our member districts.

2021 Annual Board Meeting Highlights

October 11, 2021 Leave a comment Director's Desk Property/Casualty Workers' Compensation

To ensure the best possible decisions are made for SET SEG member districts, our boards are staffed with your peers. In September, the Workers’ Compensation and Property/Casualty boards meet annually to discuss the most important items Michigan educators encounter. If you weren’t able to attend, here is what you missed:

Workers’ Compensation Board of Trustees Annual Meeting

Financial Audit 2020/2021
After presenting the responsibilities of management and the auditor throughout the audit process, the audited financial report was presented to attendees. After receiving an unqualified opinion on the audit from the auditor, the board moved to approve the Audited Financial Statements of the Workers’ Compensation Fund as presented for the fiscal year ended June 30, 2021.

Board Member Appointment
We welcomed Gene Pierce, Superintendent from Tuscola ISD, to the Workers’ Compensation board where he will be adding his years of experience to help guide the Workers’ Compensation Fund.

Sales and Marketing Report
The wildly popular Safety Program, which distributes funds to member districts to help protect the health and safety of their school communities, will return for the third year. This year, SET SEG will be allocating $550,000 to member districts, up $50,000 from last year.

Executive Director’s Report
SET SEG is in the process of developing a new online enrollment system that will be implemented throughout member districts, providing time-saving HR tools.

Property/Casualty Annual Board of Directors Meeting

Financial Audit 2020/2021
After presenting the responsibilities of management and the auditor throughout the audit process, the audited financial report was presented to attendees. After receiving an unqualified opinion on the audit from the auditor, the board moved to approve the Audited Financial Statements of the Property/Casualty Pool as presented for the fiscal year ended June 30, 2021.

Cyber Task Force Update
Cybercriminals have increasingly targeted K-12 institutions over the last few years. Recognizing the importance of strong safeguards for member districts, SET SEG has pooled together a variety of resources, including a cyber task force to continually monitor potential threats and an entire Cyber Security Resource Center on our website providing members with the information they need to build a solid security foundation. While the existence of cyberthreats is certainly a looming presence for Michigan educators, we are committed to supporting our members with a regularly updated response as the situation evolves.

Sales and Marketing Report
EduSeries, the member-exclusive series of educational programs specifically crafted for school administrators and employees, was highlighted for its focus on hot topics happening in schools today. We have a number of exciting programs coming up and members are advised to attend.

Executive Director’s Report
The Property/Casualty Pool has performed well, ensuring continued support for our members. Additionally, an upcoming SET SEG Family Healthcare Center in Corunna was announced, which will be an exciting expansion to our already thriving healthcare options.

The Costliest Form of Cybercrime

October 11, 2021 Leave a comment Cyber Director's Desk Property/Casualty

Have you ever received a suspicious email from a contact you trust? Maybe it’s from a local print shop asking for immediate payment on an invoice for flyers for your district. It could be from your business manager requiring sign off on gift cards to employees. It could even be from a third-party contractor or district administrator asking for payment information to take care of construction costs.

Unfortunately, while those communications may appear innocent on the surface, the thing they all have in common is that none of them are actually from a trusted contact. Business email compromise (BEC) occurs when bad actors portray themselves as trusted parties. While not necessarily as prevalent as ransomware attacks, this form of cybercrime is the most financially costly to organizations, and one that has become increasingly common in K-12 institutions.

These fraudulent communications are often portrayed by the perpetrator as time-sensitive, asking for immediate financial action before the reader can accurately assess the validity of the request. While the short timeframe is part of what can make attacks successful, it’s also their downfall.

Taking time to scrutinize the email is all it takes to prevent a costly mistake.

Documents and videos in the SET SEG Cyber Security Resource Center describe, in detail, the dangers of phishing attacks from cybercriminals trying to steal your data and how to mitigate them. BEC threats follow some of the same rules.

Business email compromise attacks can be a costly hazard but taking the steps to educate employees on cyber security best practices is the key to protecting your district.

Participate in regular phishing training, like KnowBe4’s cyber awareness training.
Put strict policies in place, only allowing the use of district-managed devices for work-related tasks.

While cyberattacks are only becoming more common, SET SEG is committed to providing members with the greatest defense against such threats: knowledge.

If you haven’t already, visit our Cyber Security Resource Center to prepare your staff for whatever cyberthreats may come your way.

Are Your Properties Ready for the School Year?

August 9, 2021 Leave a comment Director's Desk Property/Casualty

With the school year swiftly approaching, it’s important to take care of annual maintenance and inspections before students start roaming your halls.

Thankfully, our Loss Control team has put together a number of useful documents to help your district prepare for the new semester. See below for a few critical things to look out for.

Playgrounds

Inspect playgrounds regularly and take care of required maintenance early to avoid any unnecessary hazards. Click here to review our playground checklist and conduct your own inspection.

FREE Member Benefit: Members of the Property/Casualty Pool may receive a playground inspection at no cost! Contact your Loss Control Consultant for more information.

Roofs

Check roofs regularly, but especially after storms, to ensure a small problem doesn’t turn into a big, costly project. Doing so at the beginning of the school year (or earlier!) ensures limited disruption of classroom activities. Consider reviewing our Preventing Roof Losses Checklist by clicking here.

Vacant Buildings

Are any buildings in your district not opening back up this school year? Any building with less than 31 percent occupancy is officially considered “vacant.” This excludes buildings that are under construction or undergoing renovations.

It is the member’s responsibility to notify the Pool of any changes in vacancy status as soon as the change occurs. Reach out to your Account Executive as soon as possible if any of your properties have officially become vacant.

Athletic Facilities

Fall sports are just around the corner! Be sure to inspect spectator stands for structural degradation and verify that they’re grounded. This would be a good time for indoor bleacher inspections as well. Additionally, make sure to keep lighting well maintained.

While facility inspections are a regular part of any property ownership, the oncoming addition of students into the mix adds an extra level of pressure. Please refer to our Building and Property Resource Center to view a collection of checklists and flyers that can help you prepare for another safe school year. As always, if you have any questions, please reach out to your Loss Control Consultant for guidance.

Winners Announced for Cyber Security Awareness Drawing

August 9, 2021 Leave a comment Director's Desk Property/Casualty

Winners have been announced, but you can still enter to win! If you’re a member of the Property/Casualty Pool and your district has invested in cyber training for staff and students, click here to enter your district for a chance to win $1,000!

Cybercrime Alert: Urgent Notice for Superintendents

July 1, 2021 Leave a comment Cyber Director's Desk Property/Casualty

Cybercriminals are attacking schools at an alarming rate. Malicious actors are exposing personally identifiable information, demanding millions of dollars of ransom, and districts are losing valuable time and money before they are able to regain control of their systems.

Threats and phishing attacks continue to become more sophisticated and difficult to spot.

“It is imperative that your staff is not only aware of these heightened attacks on the education community, but know how to stop the attack, and report it appropriately,” says Amy Guilford, Chief Program Administrator of the Property/Casualty Pool. “Early detection is the key — alerting your IT team right away gives them a better chance at shutting down the threat and minimizing damage.”

The first step for every district is to consider subscribing to a training entity, like KnowBe4 — an on-demand security awareness cyber training program. SET SEG members receive a significant discount on the highly affordable subscription. It is one of the best lines of defense you can deploy to prevent a cyber event at your district.

If an incident does occur, contact your SET SEG Account Executive immediately to deploy our team of legal and forensic specialists.

PROTECT YOUR DISTRICT IMMEDIATELY

EDUCATE:

Conduct ongoing security awareness training – sign up for KnowBe4, or another security training, to help your staff spot and stop these attacks.

SEPARATE:

Establish policies – only allow district-issued computers onto district-owned networks.

MITIGATE:

Backup data offline – keep a secure offsite copy of your information or remove any online backups from the main network.

Deploy a password management tool – utilize Multi-Factor Authentication to require individuals to verify their identities prior to logging into a system.

The Key to Cyber Security? Changing Mindsets & Behaviors

May 27, 2021 Leave a comment Cyber Director's Desk Property/Casualty

When it comes to communication in the workplace, email is king. With American workers receiving an average of 126 emails per day*, email also serves as one of the most vulnerable areas of your organization’s security structure. While scans and filters can assist with blocking some suspicious communications, the likelihood of falling victim to a cyberattack is directly linked to your staff’s level of security awareness and their ability to spot hackers’ attempts.

The Dangers of Operating on Autopilot

When going through your inbox becomes an everyday task, decisions on what to open, click on, and delete are made quickly, effortlessly, and even automatically. That’s why it’s no surprise that as our brains are taking shortcuts, there has been a dramatic increase in successful phishing scams.

Just like your processes for student safety require staff to be alert and responsive in the event of a potential disaster, procedures created to keep your cyber data secure are heavily reliant upon employees to respond properly in the face of an attempted cyber attack. While an investment in defensive software and preventative tools is helpful, teaching employees to be mindful and treat every email like a potentially malicious scam is still the most effective way to stop a cyber breach and protect your district.

How to Change Problematic Behaviors

Just like other employee trainings, with cyber security education, you’re aiming to build a foundation of knowledge so staff has a solid awareness and ability to respond to certain situations appropriately. However, unlike most trainings, the process shouldn’t stop after delivering education. Cyber security training must also include ways to encourage staff to change their current absent-minded, routine approach to emailing to the “system 2” approach. Keeping up with emails can be taxing, but it’s critical that you share the importance of slowing down and maintaining a controlled and mindful state.

How to Shift Decision-Making to System 2:

Teach employees to be wary of ALL emails they receive
Test awareness regularly by sending pretend phishing emails to staff and share reports on the organization’s performance

By providing opportunities to practice their skills and reinforcing the importance of their individual role with routine performance reports, you’ll help build employees’ critical thinking muscles and eventually change their emailing behaviors.

The Fastest, Easiest Path to Change Behaviors: Purchase Training

Investing in simulated testing with a cyber security awareness training tool can help you automate testing and capture performance data to determine your risk status and monitor progress. With so many user-friendly and effective tools available, purchasing a training tool can be fast and easy. Off-the-shelf tools also streamline training implementation and offer quick deployment, so you can address this issue and make progress within a matter of weeks.

For information on discounted training subscriptions available to SET SEG members, visit setseg.org/cyber.

*“Email Usage Statistics in 2021.” Campaign Monitor, 11 July 2019, www.campaignmonitor.com/blog/email-marketing/email-usage-statistics-in-2019/.

An Investment in Backups May be the Only Way to Keep Your Data

April 23, 2021 Leave a comment Cyber Director's Desk Property/Casualty

During the second and third quarters of 2020, the number of ransomware attacks within the education sector rose by 388%.

Many have heard that malicious cyber incidents in public schools — like staff data breaches, ransomware outbreaks, phishing attacks, and social engineering scams — drastically increased throughout the previous year, but this dramatic spike equates to a rate of more than two incidents per school day over the course of 2020, according to a report by the K-12 Cybersecurity Resource Center.

The education sector is one of the most targeted industries by ransomware attackers, forcing schools to face a challenging decision:

Invest in better security and backup precautions now, or suffer the consequences and hope to be able to afford the steep ransom and recovery costs if attacked.

Small Investment Today, or Major Unexpected Cost Tomorrow

The average total cost of recovery from a ransomware attack has more than doubled since last year, according to the global survey, The State of Ransomware 2021. It’s important to understand that the “sticker price” of paying the ransom (to obtain decryption keys) is only a small piece of the larger picture to recovering data, and there are other hidden costs and losses including:

Business interruption losses – average downtime is 21 days
Legal expenses – to determine what breach notification laws were triggered and how to notify victims
Reputational damage

When faced with this situation, for any organization, but especially for public schools, paying the ransom is not the best way out. Even if your organization decides to pay it, the chances of getting all your information back are very slim. The average ransomware payment is $170,404 and 92% of organizations do not get back all their data after paying.

The Only Option for a Full Recovery: Data Backups

“Despite all our efforts, it is a hard truth that network and security controls can fail,” says David Larson, Network Engineer at Livingston ESA and contributor to “Essential Cyber Security Best Practices for K12,” published by Michigan Education Technology Leaders (METL). In the event of an attack, restoring data from backups may be the only solution.

Top 4 Steps to Achieving an Optimal Data Security Structure:

DESIGN a robust backup procedure — utilize the 3-2-1 rule
INVEST in necessary backup technologies
MONITOR backup procedures on a regular basis
TEST backup recoveries on a regular basis and simulate disaster incidents

If Precautions Fail, Contact SET SEG!

Organizations targeted by a cyberattack must act quickly to report the incident and deploy the data restoration process. Develop a cyber incident response plan, educate your staff, and be prepared to contact SET SEG.

For more resources on cyber security, visit setseg.org/cyber.