Overview
Spread across 20 acres in Melbourne’s east, Kingswood College provides education from Early Learning to Senior School for approximately 600 students. The College places a strong emphasis on the use of technology to help stimulate independent thinking in students. Mr Steven Wiggs, ICT Manager at Kingswood College said that “enabling students to safely use technology is essential for the skills they need beyond school to navigate the digital world.”
Business Challenge
Mr Wiggs recognises that as technology has become essential for education, work and life, ICT is increasingly vulnerable to cybersecurity attacks. Particularly in light of the widely publicised attacks on the likes of Medibank, Optus and NGS. With technology comes risk. Ensuring the best practices, policies and procedures are implemented is key to student success and a successful ICT Department.
Mr Wiggs stated that Medibank and Optus have big cybersecurity budgets. If large organisations can become breached, anyone can. All it takes is human error or a weak point in security precautions or systems.
“We wanted a genuine assessment against a recognised framework to see where we were at and what we could do to improve. At the end of the day, we’re responsible for the data that we hold on parents, students and teachers. We want to minimise the risk of having any cyber incident, whether it’s ransomware or a data breach of some kind.”
The solution – Education Security Assessment
NetStrategy performed an audit of Kingswood College’s operations, systems and network through an Education Security Assessment (ESA). An ESA assesses security procedures and security posture and where improvements can be made. NetStrategy uses the NIST Cybersecurity framework (NIST CSF) to undertake all ESAs. This covers the entire school organisation, beyond security, to also include business practices, policies and procedures. NetStrategy undertook involved interviews, discovery, and evidence gathering to assess Kingswood College’s cybersecurity posture. NetStrategy followed the audit with advisory which included the assessment findings and recommendations for Kingswood College’s priorities. These were tailored solutions to their budget, aligned with industry and vendor best practices.
The ESA found that Kingswood College had a solid outer defence for its ICT systems to prevent unauthorised access. However, if a hacker did gain access to their network, their ability to detect a hacker could be improved.
NetStrategy provided recommendations for Kingswood College to improve the visibility of its systems and its ability to detect a threat that has penetrated firewalls or endpoint protection. Kingswood College put in place a solution based on NetStrategy’s recommendations. They’ve benefited from increased visibility to detect malicious activity of which they previously wouldn’t have been aware. “We wanted to formally assess where we were at rather than guessing how vulnerable we were and also, look at what steps we could put in place to minimise our risk.”
Benefits
“A challenge schools face is that we don’t have the in-house expertise to be across all the latest threats and standards. This was a reason to engage someone who has the staff with those skills. Also who can offer us an assessment and recommendations.”
Within schools, there are often small teams working across the many facets of ICT. The ESA uncovered areas for improvement for Kingswood College and policies and procedures that could be put in place to improve their overall ICT systems. An audit goes beyond technicalities and software solutions to people, practices, policies and procedures. “If you don’t assess where things are at, you’re just guessing what you need to improve.” After the audit, NetStrategy provided an accurate picture of where the College was at and recommendations for where to improve. This covered business practices and procedures and how to deal with potential fraudulent emails and confirm legitimacy.
NetStrategy skills and expertise
NetStrategy specialises in cybersecurity for schools. For over 35 years, we’ve partnered with nearly 400 of Australia’s leading educational institutions. Our audit team gives you the peace of mind that comes from truly understanding your current state, providing you with a plan for risk mitigation, how to address inefficiencies and where best to invest your cybersecurity budget. Explore our Audit and Advisory services.