Podcast: Play in new window | Download
A Quick Note to Listeners:
Before this week’s interview, Will Parker and Jen Schwanke spend some time talking about Jen’s upcoming book: Trusted: Trust Pillars, Trust Killers, and the Secret to Successful Schools.
Listen in to hear more about this book, as well as where you can pre-order it. Thank you for doing what matters!
Meet Mike Fitzpatrick:
Mike Fitzpatrick is the Founder and CEO of NCX Group, a leader in cybersecurity solutions. With over 25 years of experience in Information Technology Risk Management, Regulatory Compliance, and Privacy Legislation, Mike has built a reputation as a trusted expert in the field. Throughout his career, Mike has collaborated with Fortune 50 and Fortune 2000 companies, developing innovative strategies to protect sensitive data and maintain business continuity. His expertise in cybersecurity has led him to serve as an advisor to influential policymakers, including Senator Dianne Feinstein and Congresswoman Mary Bono, contributing to critical NORPDA and DATA legislation. Mike is also a distinguished fellow at the Ponemon Institute, where he continues to shape the conversation on privacy and data protection. Known nationally as an engaging speaker, he regularly shares his insights at prominent forums, helping organizations understand and mitigate cyber risks.
Passionate about advancing cybersecurity, Mike leads a dedicated team at NCX Group, providing services like risk assessments, compliance reviews, and penetration testing to businesses of all sizes. His relentless commitment to keeping organizations secure has earned him and NCX Group an unparalleled reputation in the industry.
Cybersecurity in Schools:
For principals, learning about the very real risks to cybersecurity— and how we might proactively prevent a cyber attack— is an important learning opportunity and a critical issue to the health of our students, staff, and school data. Mike Fitzpatrick, CEO of Ncx Group, joins Jen Schwanke on Principal Matters to discuss the growing cybersecurity threat facing schools.
In explaining the risk factors, Fitzpatrick emphasizes that cybersecurity is not just an IT issue, but a critical business process impacting every part of a school. He details the various ways cyberattacks occur, from simple vulnerabilities like weak passwords to sophisticated phishing attacks, often amplified by generative AI. He stresses the significant financial and operational impact of these attacks, citing average downtime of over three weeks and costs reaching millions of dollars.
Fitzpatrick explains the vulnerability of schools due to their vast data holdings, placing them among the top at-risk sectors along with government and healthcare. He explains that cybercriminals, often operating from organized, sometimes state-sponsored groups, are highly skilled and resourceful, making it difficult for law enforcement to track them down. He urges schools to proactively assess their vulnerabilities, invest in cybersecurity awareness training for all staff, and implement robust security measures like password managers and multi-factor authentication.
The conversation explores the challenges schools face, including limited resources, aging technology, and a cybersecurity talent shortage. Fitzpatrick offers solutions such as training existing staff and partnering with managed security service providers to gain access to expertise and affordable services. He also discusses the role of state and federal regulations, noting that they often lag behind the evolving threats. He encourages schools to prioritize technology refresh plans and consider bond measures to fund necessary upgrades.
Fitzpatrick uses the analogy of candy to illustrate the importance of a layered defense. He describes many organizations as having a “Skittle” structure – a hard outer shell but a soft, vulnerable core. He advocates for building a “jawbreaker” – a tough, layered defense that makes it challenging and unprofitable for attackers to penetrate. He stresses that proactive measures, rather than reactive responses after an attack, are crucial. He also touches upon the connection between cybersecurity and insurance costs, explaining how strong security practices can lead to significant savings. He concludes by offering his expertise and services to schools seeking to improve their cybersecurity systems.
Staying Connected:
You can stay connected with Mike Fitzpatrick via:
- ncxgroup.com (use the contact form to connect)
- LinkedIn: Mike Fitzpatrick
- Email: mfitzpatrick@ncxgroup.com
