Your school network is much more than a series of connected computers and cables. When we talk about your school network and its defence, what we are really talking about is how we can best protect the critical data that resides within it. Schools have sensitive and personal information on students and their family members, teachers and staff. Network protection is essentially about ensuring that your information stays confidential, that the integrity of your network remains intact, and that the data can still be seamlessly retrieved when you need it. Here are 5 network security tips to help you defend your school network better in 2023.
Tip #1
Consider the reach of your network
There is a traditional mindset that a school computer network is retained on the premises, but this is no longer true. The problem schools face is that the network boundary has become increasingly blurred. Any laptop that is taken out of the school grounds and used at home or accessed remotely or on the cloud is also part of the “network”. This also extends to a range of devices that could include smartphones, iPads, tablets and other gadgets. The use of the school network via personal devices has also become more frequent because of virtual learning and remote working environments.
The big challenge for schools in 2023 will continue to be managing remote device security in a hybrid working environment. Part of the solution includes the strong asset management of devices including where they are used and applying commensurate security controls. Only known and registered devices should be trusted with high-level access to critical data.
For example, a teacher’s laptop enrolled in the system, could be considered a trusted device with school-approved software and endpoint protection. Because it has already been screened, it could have automated and streamlined system access. For an untrusted device, such as a personal smartphone, more rigorous security measures should be applied such as Multi-Factor Authentication, or local area network settings that restrict access to the sensitive networks.
Tip #2
Protect your valuables
When we talk about network security, we are really talking about data security. Strong network protection involves several components working together to defend your data, such as firewalls and anti-virus software. However, fundamentally, you need to understand what critical data you have, how it gets there and who has access to it.
Your security controls and access levels should match the value of the data. You wouldn’t use a $50,000 security system for an empty house. Data mapping is crucial to identify where your most valuable data is, who can access it, and where to apply user-level access. It also helps find data management weaknesses.
Schools face less regulation in cybersecurity compared to other industries. To ensure top protection, adopt gold-standard frameworks like CIS CSC, NIST CSF, and ISO 27001.
Tip #3
Build a cybersecurity-aware culture
People are the weakest link in any network environment, so creating a cybersecurity-aware culture through education and policies can reduce human-based error and risk. Unfortunately, IT departments in schools often have small budgets, are under-resourced and wear many hats. This means they are too busy to develop and execute cybersecurity awareness programs for the staff body.
Schools have no official cybersecurity guidelines and are not subjected to the same data laws, so the emphasis is placed on the IT department to implement cybersecurity solutions. This causes the false belief that cybersecurity is an IT-exclusive problem.
Just like devices, people are assets and need to be managed. Establishing such a culture should be driven top-down from the executive team, and not the IT team. Sometimes it can be difficult to get management to understand the inherent human-introduced risks to the network. In such cases, security assessments can assist with providing clarity on the wider cybersecurity posture and provide context into the human-factor of information security. This will help staff understand that everyone has a responsibility to protect sensitive school data and maintain its integrity.
Tip #4
Smarter passwords, less often
Schools face a unique challenge in that they have small children through to adults using their systems, so how do you create a robust password policy for kids who aren’t that great at spelling yet?
When you come up with password policies, it’s essential to remember the human factor. The classic 8-character password that is frequently reset, ironically, leads to less secure passwords. For instance, a teacher who frequently changes their password often uses variations like ‘password01’ or ‘password02’. If the original password gets compromised, a hacker’s first move is usually to try these variations.
So, what’s the solution? Both Microsoft and NIST have come out with a revised, best practice for passwords that suggests passphrases are a better solution. Passphrases are a group of unrelated words such as the iconic “Correct Horse Battery Staple”. Moreover, the number of passwords we should be remembering needs to be quite small compared to the number of passwords we require in our daily online lives. We should be remembering our work password and we should be remembering the very strong passphrase in our password manager.
Password managers are just that – they manage our passwords for us in online “vaults”. We only need to remember the master password to gain access to our vault, and then we can use the password manager to come up with truly random passwords that are unique for every login we have.
Adults usually remember one or two long passphrases without trouble. However, for a year 2 student, this can be challenging. Students, especially in primary school, typically don’t need access to sensitive data. If their network and data access is much less than that of teachers, applying the same credential requirements doesn’t make much sense.
For students, set appropriate password policies. Require them to change their password at the start of the year or when transitioning to high school in K-12 schools.
Looking ahead, passwordless technology, including biometrics like facial and thumbprint recognition, is becoming popular in schools. Schools should strongly consider adopting biometrics in 2023.
Tip #5
Monitor Malicious Activity in Real-Time
If someone clicks a link in an email and downloads malware, anti-virus software usually detects it. However, if it doesn’t, other mechanisms should be in place to identify the activity quickly. This helps prevent serious damage to your network and organsation.
Secure networks need to have what we know as ‘defence in depth’. You must have multiple layers of security controls so if a hacker was to circumvent one layer, they get hit by another. Simply relying on your firewall and antivirus software isn’t enough. You’ll need to expand that defence by employing proven tools and further incorporating identity security. This includes having a solid understanding of who has access to the network via user accounts.
Schools often lack the resources to monitor their systems effectively. Outsourcing this component can be a cost-effective solution. This way, if there’s suspicious login activity or unusual activity on a critical server, it becomes more visible. Anomalies can then be detected early, preventing potential damage.
Trust NetStrategy for Network Security
At NetStrategy, we’ve helped nearly 400 schools defend their school networks, minimise cybersecurity risks and maintain continuous operation. Assess your organisation’s cybersecurity resilience by generating your instant report online here.
