Your school’s network security needs to be one of your top priorities

Cyberattacks on the rise for the education sector

Proactively managing your school’s network security is of critical importance. Why? Because internationally, an increase in cyberattacks targeting schools has been reported. In fact, Microsoft says that globally education is the sector most at risk of malware attacks, with 63.31% of devices reporting encounters in the past 30 days.

The Cybersecurity Resource Center in the United States reports 1180 cybersecurity-related incidents in US Primary and Secondary public schools from 2016 to the present. This includes:

• Unauthorised breaches or hacks resulting in the disclosure of personal data
• Ransomware attacks
• Phishing attacks resulting in the disclosure of personal data
• Denial-of-service attacks
• Other cyber incidents that have resulted in school disruptions.

Although the statistic above is from the US, the threat of security attacks is very real in New Zealand. The NZ Stock exchange was taken “out” for a week in 2020 and remember the ransomware attack on the Waikato DHB? Patient details were published on the internet as a result.

New Zealand’s Education sector is not exempt either. In July 2021, kindergarten group Whanau Manaaki fell victim to the global Kaseya ransomware attack, as well as at least eleven schools. Another report found that across more than 2450 schools in New Zealand, cybersecurity threats rose by 17 per cent in the second half of 2020, compared with the first half of the year.

Looking for support with Security in your school? Check out our Network Security Assessment Exercise. 

Why school network security matters

Almost everything in your school is now dependant on the use of ICT; staff, student and community communication, pastoral records, financial information, online assessments, remote learning and building management systems to name a few.

There’s the risk of losing sensitive student and staff data, potential disruptions to learning, and of course, reputational risk. Think about how you would approach your staff, students and greater community informing them their private details are now published on the Internet.

Schools are at risk of attacks from online criminals and hackers who tend to target the education sector because there’s not the same level of security as at most private enterprises. Educational institutions are increasingly targeted because criminals realise there are many users, schools often have limited cybersecurity measures in place, are managed by small IT teams with limited resources, and store a wide array of personal information, including financial data, for students and parents.

Unfortunately, once access is gained any school information can be copied, encrypted ransomed and sold.

But while we might think of nefarious hackers being the biggest cybersecurity risk, the truth is that most data breaches are caused by employee negligence and human error. Some of the common poor security practices include:

• Leaving computers unlocked and unattended
• Writing passwords on pieces of paper and leaving them unsecured instead of a digital password manager
• People falling victim to phishing attacks and unknowingly being tricked into providing data to criminals
• A lack of knowledge about how to avoid a breach – and what to do if a mistake is made.

With schools across the globe, including New Zealand, needing to rapidly pivot to remote learning models as part of the COVID-19 pandemic response, education cybersecurity is more in the spotlight than ever. The potential risk of a cyber-attack further disrupting the education of children is very real.

Check out our Network Security Assessment Exercise. 

What your school can do?

There are some core foundations that should be at the heart of every school’s cybersecurity practices. The non-negotiables are:

• Across the board use of anti-virus and anti-malware solutions
• Regular staff training sessions on security risks and how to respond including:
  • Data breaches
  • Ransomware
• Awareness training on phishing attacks and how to spot them to avoid giving up personal information of staff and students
• Consistent habits for software configuration, updates and patch management
• Rigourous password policies with non-dictionary words using a mix of lowercase and uppercase letters, numbers and symbols
• Multi-factor authentication, especially for remote access to the school network
• Tiered levels of access based on the minimum level of access people need to do their job.

As well as cybersecurity, online safety is an important consideration in an educational setting. In addition to the risks of malware and data theft, schools need to ensure their network security takes into consideration:

• Preventing the exposure of children to potentially harmful content
• Education for students about engaging in harmful online behaviour.

Fortunately for most schools in New Zealand, the Network for Learning (N4L) is involved to take ownership of the above aspect on behalf of the Ministry of Education.

As well as these base practices, New Era Technology believes that this is one of the most critical priorities in education currently, as such we have specially designed a solution for schools to examine, monitor and enhance security practices. Our Network Security Assessment Exercise (NSAE) is a short, targeted program of work to help your school’s leadership and board to quickly and easily improve your network security and user behaviours.

NSAE examines key technical security aspects of the school’s network, as well as revising and testing staff competency on cybersecurity foundations and practices. Once the assessment is complete, you’ll be provided with a clear and concise series of reports that:

• Pinpoint security improvements needed
• Outline a clear set of actions your school can take
• Recommendations for content filters and plans for updating (because, let’s be honest, tech-savvy students can be motivated to find ways around filters)
• Provide clear, easy to understand information for staff to understand the importance of key security implementations.

Put simply, it’s all about providing a clear set of instructions to protect the devices staff and students use, the services they need to access, and the vast amounts of personal information that schools collect and manage.

What about BYOD and personal devices?

As well as managing school-owned devices and appropriate networking infrastructure, schools need rigorous security policies to manage BYOD and other personal devices, such as phones and tablets. This is especially the case when staff and students are accessing the school’s network.

It’s also a good idea to have policies in place for staff about the use of school IT equipment offsite, especially if working from home as has become increasingly common over the past year. Staff should be provided with guidelines for the minimum expected standards for the security of their home network when connecting with a school-owned laptop, as well as rules about the use of school equipment by other family members.

With remote working and teaching from home being more common over the past year as a pandemic response, establishing a virtual private network (VPN) is also highly recommended. This means that when administration and teaching staff are accessing data and sending it back to school, it will be encrypted and reduce the risk of a data breach.

Do you need help ensuring your school’s network security is fit for purpose?

Cybersecurity is a long-term commitment, needing sustainable practices to build it into your organisational culture.

Our team of education specialists can help guide you through the process.

Book in for a Network Security Assessment Exercise and we’ll help you identify any security gaps, as well as clear, actionable strategies on how to make security improvements.

Ready to start? Contact us to find out more.