How Schools Can Protect Themselves Against Cyber Attacks

Schools seem to be one of the hottest targets for cyber attacks in today’s modern age. In fact, schools are the third most breached sector, making up a full ten percent of all information breaches according to a 2016 survey from Symantec. Both teachers and students use the computer systems heavily, placing a large amount of sensitive data out there for hackers. While some hacks might not be monumental, others can have serious consequences when the cyber attack leads to document falsification or vandalism.
All of the schools who use technology daily need to come up with a strategy to implement better cybersecurity. In order to limit the number of attacks on the network, administrators need to start making radical changes that limit the amount of access an individual may have. Here are a few of the top suggestions for how schools can start building better cybersecurity today.
Stop using cloud-based services.
Many schools could limit the number of cyber attacks they expose themselves to by eliminating their use of cloud services. Storing documents on the internet is a risky endeavor that could result in the compromised security of those pages. Instead, teachers and students can use local drives such as a flash drive or an SD card. This makes it impossible for others to get their hands on sensitive documents unless they can steal the device where you saved it.
Run more security audits.
One of the easiest and best ways to keep your cyber security tight is to run frequent security audits. This allows everyone to see areas where your safety is falling short well in advance of a potential attack. Administrators should be ordering these audits regularly to ensure that their security systems and practices are up to date. After all, technology changes very rapidly. The security profile at your school might need to receive regular updates in order to keep up with the demands.
Encourage a BYOD (Bring Your Own Device) Policy.
It might sound like you’re losing control if teachers and students are bringing their own devices into the school building. However, this policy actually creates a much better safety net for protecting the sensitive data that administrators send back and forth throughout the day. The devices that are brought onto the school campus can sign into the guest network, while a teacher’s desktop computer plugs into the administrative network. By keeping most people off the administrative network, you are opening it up for fewer instances where the most sensitive data could be compromised.
Establishing cybersecurity is essential to the safety of the information your students and teachers put onto the servers for your school. Much of this data is highly sensitive, so you won’t want it to fall into the wrong hands. Cyber attacks are becoming more and more prominent in the school setting, so it’s time to start making changes that will lead us to better cybersecurity. Consider how you could begin implementing some of these policies in your schools today.
Thanks for the coverage of this important issue. Based on data assembled about school cybersecurity incidents since 2016 on the K-12 Cyber Incident Map, I fear that these ideas – while directionally helpful – are not quite on target. Given typical school IT capacity, cloud services may be more secure than locally stored files and applications. On the flip side, school-managed devices are likely easier to secure than a BYOD environment. Finally, while I concur that security audits can be useful, the majority of incidents experienced by schools in recent years could have been avoided by implementing basic cyber hygiene practices, such as keeping systems up-to-date and patched, implementing good password/user authentication policies, and by user training. There is no need for schools to wait for a formal security audit to shore up these cost-conscious and demonstrably effective security practices today.
I could not disagree more with the suggestion to revert from cloud storage to USB and local storage for digital files. USB flash drives and their their predecessors such as CDs and floppy drives are easily lost, stolen or corrupted. They are also a great vector for introducing viruses, trojans and spyware to other devices without touching the network, thus bypassing network security. Google, Microsoft and other cloud services are far better at protecting both users and their digital work than ad-hoc attempts at keeping track of physical storage. Additionally, they offer the ability to seamlessly search, retrieve and share cloud-based files are features that cannot be matched by local, physical storage.
As for BYOD, how do you imagine that a school is any safer or easier to manage? Simply by confining them to a wireless network while teachers and administrators are tethered to a LAN is no assurance that your network cannot be compromised, and confines teachers to their desktop. Our school is fully and happily BYOD, and that includes teachers and administrators if they choose. Our robust authentication back-end determines which assets (local or remote) can be accessed by whom. BYOD is liberating, but proper management (eg smart firewall, port scanning) can be a tall climb unless you’re okay with BYO devices crawling with rogue software, VPNs and other threats.
As for locally-hosted applications and locally-hosted data, yes, “security audits”, along with an up-to-date ERP and failover, are essential. Done properly, they are no more at risk from internal network breaches than from external. Anyone not already doing this should be put to pasture.