Education offers an interesting cybersecurity case study. In some ways, sysadmins have significant control over user behavior and system integrity, but in other ways, the whole thing’s a potential nightmare. Hundreds or thousands of students, teachers and support staff, each with BYO devices and tablets, seasonal server stress, remote access through unsecured home WiFi routers, young users who don’t appreciate cyber risks – there’s a lot for IT managers to worry about.
Cybersecurity in education
According to the State of Ransomware, in 2022 ,schools in the US reported 64 public cyberattacks. That’s a 48.8% increase on the previous year. In 2021, over 647,000 American students were affected by cyber attacks. The most common methods? Well, they’re the usual suspects: ransomware, DDoS, email phishing scams, Advanced Persistent Threats and IoT-based attacks. With students spending more time online than ever, it’s never been more important to implement IT security best practices.
So, where do you begin?
Risk assessment and management
Cybersecurity in education should always begin with a risk assessment, just like any other enterprise or organization.
Start by identifying all the digital assets within the school’s network. That includes hardware like laptops and routers, but also applications, cloud-storage and other databases. Make sure to check your network infrastructure, too, like firewalls and switches etc.
Try and identify vulnerabilities or gaps in your moat, assess these risks and prioritize the ones that scare you the most.
Advanced threat detection tools
It’s usually a good idea to deploy a combination of advanced threat protection tools. You want some mix of:
- Intrusion Detection Systems (IDS) (monitoring network traffic for suspicious activity)
- Intrusion Prevention Systems (IPS) (actively blocking or mitigating detected threats in real time)
- Security Information and Event Management (SIEM) (something to analyze the log data from firewalls and servers)
- Endpoint Detection and Response (EDR) (to enable you to quarantine infected devices or roll back malicious changes).
Implement zero trust
Zero trust is an ideal methodology for schools and education environments: it assumes no trust, even within the internal school network. Every user, every device, every app must be authenticated and authorized, regardless of whether they’re inside or outside.
It’s usually a good idea to start by segmenting the school’s network into smaller, isolated pieces, based on the principle of least privilege. This helps contain any potential breaches. Next, implement strict user access controls, which brings us to…
Data access controls
We can almost hear the tickets now…”I forgot my password, what do I do?” But hear us out.
Student data privacy relies on good data access controls. And that starts with a robust password policy (factor in length, complexity, password history, regular updates and account lockouts).
Next, move on to user access controls. Create tiers of access based on need, and avoid sharing any student data beyond what’s absolutely necessary.
Encrypt school WIFI networks, and separate guest networks from internal networks to minimize the damage from any potential breach.
It’s all about setting up overlapping layers of defence.
Phishing attack prevention
The best way to prevent phishing scams in schools? Ironically, it’s education. And not just for students! Phishing attacks can target not only kids, but teachers, support staff - anybody.
Conduct regular cyber training to help users spot suspicious emails, and back this up with email filtering solutions that can detect and block attacks before they reach a user’s inbox.
Lastly, patch, patch, and keep on patching. If in doubt, patch again. Regular software patches are critical in preventing all kinds of cyberattacks, including phishing, because they address known vulnerabilities. Get into a regular patching cadence – monthly or quarterly at least – to stay on top of emerging threats.
Secure cloud storage practices
Your cloud storage provider will have their own security controls in place, but it’s good practice to set and maintain your own protocols.
Make sure you’ve got end-to-end encryption enabled, so any student data is protected both in transit and at rest. Follow the principles of least privilege, so users only have the absolute minimum level of access needed to do their jobs – and no more.
Implement multi-factor authentication (MFA) for any cloud storage solutions.
And finally, classify student data based on its sensitivity and criticality, then segment accordingly. In other words, use different storage solutions for different kinds of data.
Regular security training
Regular cyber security training is incredibly important, particularly in schools. Get kids into good cyber habits early, and they’ll carry them for the rest of their lives:
- Educate students and staff on common phishing scams and attacks
- Teach them how to identify suspicious emails
- Walk them through password strength, and explain why it’s so important (even if it can be a pain sometimes).
This stuff doesn’t have to be boring either: work with teachers to create engaging hypotheticals and attack simulations. Use real life examples to hammer home your points.
Endpoint protection strategies
Endpoint protection (in other words, device protection) is essential for safeguarding student data. It’s what keeps students’ tablets, laptops and mobile devices safe.
To start with, make sure you’ve got antivirus and anti-malware software installed on all endpoint devices on the school network.
Deploy firewalls and network gateways on devices too, to monitor incoming and outgoing traffic.
Establish a patch management process, as we discussed above, that can easily be rolled out to all endpoint devices at once.
And lastly, enable full-disk encryption on endpoint devices to protect data in the case of theft (or the more likely case of leaving tablets on the school bus).
Incident response planning
Finally, cybersecurity in education should always include robust incident response planning. When the proverbial hits the fan, the last thing you want is your IT and sysadmins saying, “So, what do we do now?”
You can start by establishing an incident response team, and make sure to include non-IT personnel. Remember, cyber is everyone’s responsibility!
Design specific roles within the team, so everyone knows what they need to do in the event of a breach. Create an Incident Response Plan, too; train staff how to use it, and keep it somewhere prominent. Lastly, conduct semi-regular incident response training (once per year is probably enough) to keep your team on their toes.
This is just a taste of IT security best practices for schools, but it’s a good start. If you want to learn more about protecting your school’s print environment, give PaperCut a call . That’s our specialty.
