School cyber security is everyone’s responsibility
Ransomware attacks have become a major issue for schools. It's reported that 65 percent of recent attacks have been directed at schools, highlighting a serious issue for educators that's only getting worse. And as schools' moved between remote and in person learning over the past year and a half a greater dependence on network-based instructional technologies going forward – the importance of stable data networks has increased. So have the potential entry points for criminal groups scouting for vulnerabilities in networks.
Whose problem is it?
Though IT staff or managed service providers are typically the ones tasked with fixing the bulk of the mess created by a ransomware attack, one seemingly innocent mistake by someone using a networked computer can lead to a world of hurt for many. Meaning, the responsibility for keeping networks secure is shared by all users: staff, teachers and students alike.
What's to be done?
Cybersecurity assessment. If they haven't already, schools should have a cybersecurity assessment conducted by a reputable partner. These assessments are usually free and can help schools prioritise their needs, identify their areas of greatest risk and then define next steps and costs required to fix the issues, which may be approved expenditures for federal relief funds.
Data backups. Schools should regularly back up all important data in a secure location not accessible through their network.
60 percent of teachers and administrators haven't received any training or guidance on their roles in preventing cyber attacks.
Training. An IBM-sponsored study found that 60 percent of teachers and administrators haven't received any training or guidance on their roles in preventing cyber attacks, nor on the potential perils of connecting their personal computers to networks. And since phishing expeditions are known to be a key tactic for hackers to access networks, all endpoint users should be trained and regularly alerted to new intrusion scams.
Update and maintain applications. Schools should require that updated anti-virus and anti-malware applications be maintained on all endpoint devices, meaning any digital device connected to the network, including those owned by staff and students. And instead of depending on users to conduct these updates, schools should be automatically and remotely updating their devices when they connect to the network. Since product developers periodically upgrade applications in response to new cybersecurity threats, schools should also keep endpoint device operating systems and software up-to-date.
Lock down endpoint devices. Schools should block users from independently installing new applications on school-owned devices. Schools will need to devise a timely and workable solution to ensure educators are able to get vetted instructional applications installed on their computers, as well as on their students' devices.
Separate networks. Schools should install an administrator and staff network that's separate from a student and guest network so any intrusion issues can be isolated.
Improve password security. Requiring school users to frequently change and strengthen their passwords for networked applications is a practice that's likely to be met with resistance. One can argue that teachers' jobs are hard enough without one more irritant. But these precautions are becoming a necessity, and offering users a password management tool can help temper their frustrations.
As ransomware attacks become more sophisticated and prevalent, a strong first defence is a well-trained user base to help keep schools' network doors tightly secured, making it as hard as possible for potential intruders to break in.
