Security is now just as important as any other aspect of a school district’s planning and infrastructure. With more state and federal funding available through grant programs, districts are investing in technologies to prevent violent threats and even cyber incidents. Christopher Lehmann, director of K-12, North America at Johnson Controls, and Jason Rosselot, director of global product security at Johnson Controls, answer questions about the challenges leading school districts face while keeping students and staff safe today.
Q: When you think of security in K-12, what are some of the biggest challenges schools face today?
Christopher Lehmann: Some of the larger concerns focus around the ongoing threat of random violence, as well as shortages in workforce talent and resources. There is also interest around preventing theft, bullying, vandalism and drug and alcohol use on school grounds.
Jason Rosselot: School districts are also facing the challenge of cybersecurity merging with physical security as there has been an increase in connected, smart technology. Data security is a concern, too, from the nurse to the PTA treasurer, as schools often possess sensitive data regulated bu health and financial bodies.
Q: How has the addition of Tyco products and expertise to the Johnson Controls portfolio improved conversations around security?
CL: We can offer a more connected, complete package to clients. We’re finding ways to craft solutions that are appealing to customers based on effectiveness and ease of integration. A great example is the video monitoring solution available from Johnson Controls Security. It’s timely and relevant to K-12 and it expands a school district’s ability to keep students and staff safe.
Q: As more clients look at building automation and connectivity, what concerns have they expressed regarding cybersecurity?
JR: Since 2016, 141 school districts experienced one or more publicly disclosed cyber incidents: 67 in 2016 and 74 since May 2017. The education sector ranked sixth overall in the United States for the total number of security incidents, which is higher than both healthcare and retail. The reason for cyber incidents is multifaceted. People want to disrupt school operations, change student grades and official records, or take advantage of individuals associated with the schools they target or disable school technology assets. As schools expand the use of technology, the dangers of cyber incidents will grow unless they take steps to strengthen cybersecurity.
Q: What are some best practices clients can employ to help prevent a cyber-attack or data breech in their schools?
JR: Protecting data is paramount. Treating all technology systems as IT systems, leveraging common IT practices, such as keeping building system software up to date, maintaining a software support and preventative maintenance agreement to protect and secure software and hardware is the first step. After that, training staff to use and enforce the use of stronger passwords, authorization policies and basic IT privacy and security practices is key.
CL: Districts should consider building the capacity of the school IT staff to manage technology assets, including regular training on new threats and the solutions to those threats. Also, ensure mechanisms are established at schools to provide centralized information sharing and guidance on security issues. The ability to quickly notify staff of a security threat helps reduce the impact of that threat and minimize damage.