Is your school’s network security up to the task?
Cyberattacks on the rise for the education sector
Proactively managing your school’s network security is of critical importance. Why? Because internationally, an increase in cyberattacks targeting schools has been reported. In fact, Microsoft says that globally education is the sector most at risk of malware attacks, with 63.31% of devices reporting encounters in the past 30 days. Yes, almost two-thirds!
The K-12 Cybersecurity Resource Center in the United States reports 1180 cybersecurity-related incidents in US K-12 public schools from 2016 to the present. This includes:
- Unauthorised breaches or hacks resulting in the disclosure of personal data
- Ransomware attacks
- Phishing attacks resulting in the disclosure of personal data
- Denial-of-service attacks
- Other cyber incidents that have resulted in school disruptions.
It’s not just schools either, universities are targeted as well with both Australian National University and the Australian Catholic University recently falling victim to well-organised cyberattacks.
New Zealand is no different. In July 2021, kindergarten group Whanau Manaaki fell victim to the global Kaseya ransomware attack, as well as at least eleven schools. Another report found that across more than 2450 schools in New Zealand, cybersecurity threats rose by 17 per cent in the second half of 2020, compared with the first half of the year.
Why school network security matters
Each attack leaves your school vulnerable. There’s the risk of losing sensitive student and staff data, potential disruptions to learning, and of course, reputational risk. Schools are at risk of attacks from online criminals and hackers who tend to target the education sector because there’s not the same level of security as at most private enterprises. Educational institutions are increasingly targeted because criminals realise they have limited cybersecurity measures in place, managed by small IT teams with limited resources, as well as access to a wide array of personal information, including financial data, for students and parents.
There’s also the small but possible risk of malicious behaviour by staff, who might steal sensitive information for a range of purposes. (And, let’s be honest, sometimes cyberattacks are triggered by school pupils looking for a challenge and wanting to cause a little bit of mischief.)
But while we might think of nefarious hackers being the biggest cybersecurity risk, the truth is that most data breaches are caused by employee negligence and human error. Some of the common poor security practices include:
- Leaving computers unlocked and unattended
- Writing passwords on pieces of paper and leaving them unsecured instead of a digital password manager
- People falling victim to phishing attacks and unknowingly being tricked into providing data to criminals
- A lack of knowledge about how to avoid a breach – and what to do if a mistake is made.
With schools across the globe, including New Zealand, needing to rapidly pivot to remote learning models as part of the COVID-19 pandemic response, education cybersecurity is more in the spotlight than ever. The potential risk of a cyber-attack further disrupting the education of children is very real.
What your school can do?
There are some core foundations that should be at the heart of every school’s cybersecurity practices. The non-negotiables are:
- Across the board use of anti-virus and anti-malware solutions
- Regular staff training sessions on security risks and how to respond including:
- Data breaches
- Awareness training on phishing attacks and how to spot them to avoid giving up personal information of staff and students
- Consistent habits for software configuration, updates and patch management
- Rigourous password policies with non-dictionary words using a mix of lowercase and uppercase letters, numbers and symbols
- Multi-factor authentication, especially for remote access to the school network
- Tiered levels of access based on the minimum level of access people need to do their job.
As well as cybersecurity, online safety is an important consideration in an educational setting. In addition to the risks of malware and data theft, schools need to ensure their network security takes into consideration:
- Avoiding contact from people who may wish to abuse, exploit or bully children
- Education for students about engaging in harmful online behaviour.
As well as these base practices, New Era Technology has especially designed a solution for schools to examine, monitor and enhance security practices. Our Network Security Assessment Exercise (NSAE) is a short, targeted program of work to help your school’s leadership and board to quickly and easily improve your network security.
NSAE examines key technical security aspects of the school’s network, as well as revising and testing staff competency on cybersecurity foundations and practices. Once the assessment is complete, you’ll be provided with a clear and concise series of reports that:
- Pinpoint security improvements needed
- Outline a clear set of actions your school can take
- Recommendations for content filters and plans for updating (because, let’s be honest, tech-savvy students can be motivated to find ways around filters)
- Provide clear, easy to understand information for staff to understand the importance of key security implementations.
Put simply, it’s all about providing a clear set of instructions to protect the devices staff and students use, the services they need to access, and the vast amounts of personal information that schools collect and manage.
What about BYOD and personal devices?
As well as managing school-owned devices and appropriate networking infrastructure, schools need rigorous security policies to manage BYOD and other personal devices, such as phones and tablets. This is especially the case when staff and students are accessing the school’s network.
It’s also a good idea to have policies in place for staff about the use of school IT equipment offsite, especially if working from home as has become increasingly common over the past year. Staff should be provided with guidelines for the minimum expected standards for the security of their home network when connecting with a school-owned laptop, as well as rules about the use of school equipment by other family members.
With remote working and teaching from home being more common over the past year as a pandemic response, establishing a virtual private network (VPN) is also highly recommended. This means that when administration and teaching staff are accessing data and sending it back to school, it will be encrypted and reduce the risk of a data breach.
Do you need help ensuring your school’s network security is fit for purpose?
Cybersecurity is a long-term commitment, needing sustainable practices to build it into your organisational culture.
Our team of education specialists can help guide you through the process.
Book in for a Network Security Assessment Exercise and we’ll help you identify any security gaps, as well as clear, actionable strategies on how to make security improvements.
Ready to start? Contact us to find out more.