Email not displaying properly? Click here to view as Webpage!

Directors Update

October is Cybersecurity Awareness Month

Cybersecurity is more than an information technology concern; it’s essential to every aspect of school district leadership. For superintendents, protecting student data ensures continuity of learning and safeguards the information that drives instructional decisions. For business officials, strong cybersecurity measures protect financial systems, streamline operations, and reduce costly risks. And for directors of technology, secure systems mean reliable networks, safe devices, and the confidence that classrooms and offices can operate without disruption.

At the CNYRIC, we are committed to supporting all of our districts in this shared responsibility. Through planning, training, and regional collaboration, we can strengthen defenses, protect sensitive data, and keep our focus where it belongs: on student success.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ SECURITY POSTURE IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

The CNYRIC - in conjunction with the Northeastern Regional Information Center and the South Central Regional Information Center - will be providing a School Registrar & Administrative Support Cyber Security Awareness Training on Tuesday, Oct. 7 at 9 a.m. This training will cover the threats, techniques and tactics that cyber attackers use against employees in these positions. Registration links were sent to data privacy officers to disseminate to staff, but you can still register by clicking the link above.  

Marlowe Cochran, the New York State Chief Information Security Officer, is continuing the agency’s data security review with local educational agencies (LEA) that began in January of 2024. The review will look at the current data security controls that each LEA has in place to protect systems, applications, and data that have any personally identifiable information related to students, teachers, and principals stored or shared on them. The state office suggests that various stakeholders be in on the virtual meetings, including regional information center representatives. Please feel free to reach out to Steven Tryon, Project Manager for Information Security or Josh Becker, Assistant Director of Information Technology if you would like one of them to be on the call.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ TECHNOLOGY ECOSYSTEMS IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

On Sept. 25, Cisco announced actively exploited zero-day vulnerabilities in their Firepower firewalls. The CNYRIC immediately patched these vulnerabilities for all district wide area network firewalls. 

On Oct. 3, the CNYRIC presented to the CNYDOT group regarding current issues with the server virtualization company VMware. The presentation covered information on the business practices of VMware's owner, Broadcom, as well as alternative solutions for districts still utilizing VMware for server virtualization, including the CNYRIC's Infrastructure as a Service. 

IN THIS SECTION, WE WILL PROVIDE SOME QUESTIONS TO CONSIDER WHEN DISCUSSING TECHNOLOGY WITH YOUR DIRECTOR OF TECHNOLOGY.

October’s focus will be on training programs. The most robust cybersecurity plans focus on process, people, and technology, which means that staff and students need security awareness training. Additionally, employees must be educated regarding laws and district policies that protect sensitive information. In New York State, this “best practice” is required.

Q: How are we complying with Ed law 2D part 121 regulations that require training be provided annually to all staff and officials with access to protected data?

Q: What topics are we covering in the training?

Q: How does the district track that training has been completed?

Q: Do we provide role-specific cyber training to any employees whose roles might lead them to be specifically targeted by cyber criminals?

Q: Do we have a specific process or method for users to report phishing emails? How is that communicated to staff?