The ‘end-user’ layer of network security might be your school’s biggest vulnerability.
There are multiple points of vulnerability for security breaches within schools’ IT networks.
Everything from routers and firewalls, to servers, to the devices used by staff and students every day represents a point of potential risk. The employee’s role in maintaining a secure digital environment, however, is one aspect of security that can often be overlooked.
Of course, the essential security elements are still important, such as firewalls and anti-virus software. However, it is the next layer of security where schools can make simple adjustments to their policies to reduce their risk of attack, loss of data or reputation damage.
Everyone plays a role in cyber security
All levels of staff play an important role in maintaining security, and employees should know their role in reducing risk. Employees should be adept at identifying risks and mitigating them where possible.
Simple steps you can take to improve your security
As a leadership team, there are some simple actions that you can take to better equip your team with the knowledge to help protect your school’s data and minimise any potential disruption to teaching and learning.
Employees likely have many online accounts they use for all sorts of purposes, and they may often use the same or similar passwords to make it easier to remember. The downside to this is that it is also much easier for hackers to gain access to multiple accounts using one set of credentials. Passwords should always be unique for every employee’s different accounts, to reduce the risk of a breach via stolen credentials. In particular, their work or school accounts should not share any passwords with any personal accounts.
Another way of reducing risk and ensuring compliance is to enable Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA). This means that to log in to an application, users will be required to authenticate their login via a second method such as a generated code sent via email, SMS, or an alert prompt sent to an app on your mobile device.
Encourage the locking of devices
Remind staff members of security best practices, including simple steps like locking devices when not in use. Locking devices ensures that unauthorised people cannot access information and tools that should not be available to them.
Cyber security training
One of the best ways to help employees is to have them undertake regular cyber security training. The training material should educate your team on the most common security threats and how they can do their part to reduce the risk of security breaches. In addition, this training should include an email phishing simulation to assess employees’ awareness of, and response to potentially malicious links and files. Simulation outcomes will give the leadership team guidance on areas that need to be a focus for the school, but it can also form part of a plan for Professional Development.
Sign up for an annual NSAE Service with New Era
New Era Technology has developed a service designed to be undertaken annually. This service, the Network Security Assessment Exercise (NSAE), gives your school the tools to pinpoint where to make security improvements, includes recommendations for improvement from a technical perspective, and can help indicate which employees need additional support to get up to speed on the best practices to keep themselves and your school safe online.