With the rise of school-focused cyberattacks over the last few years, schools have since sought the guidance of expert IT professionals to raise their cybersecurity levels and help them implement controls, such as cyber response plans, to protect themselves against sophisticated cyber threats. While most schools have response plans, they often lack a specific cyber response plan. Cybersecurity is an ongoing and ever-developing responsibility for every school, large and small. In this article, we’ll look at current cybersecurity best practices and explore what schools can do ongoingly, to fortify themselves against cybercrime.
Why is cybersecurity so important for schools?
In the past, schools were not so much targeted, as stumbled upon, by mostly inexperienced threat actors, or ‘script kiddies’. The cybersecurity controls designed to combat these types of attacks are relatively simple, leading to a false sense of security. However, over the last couple of years, there has been a marked shift in the way threat actors attack educational institutions. These attacks have become more targeted, and the ‘script kiddies’ more sophisticated, with more advanced tools at their disposal. Schools are perceived as easy targets, and cybercriminals, motivated by financial gain, have targeted them for the sensitive, and very lucrative data they hold. An effective cybersecurity program can safeguard the data, systems and infrastructure of a school, ensuring that targeted attacks are a lot more difficult to realise, and that the school is well prepared to respond to, and recover from, any cybersecurity incident.
Principles of School Cybersecurity Practices
There are several things schools can implement to ensure that they are keeping in line with the best possible cybersecurity practices and operational behaviour. Before we explore the most effective examples, it is important to consider a top-line approach to cybersecurity for schools.
The five key areas of cybersecurity implementation can be defined as follows:
Identify
It’s vital to start with your assets, and understand their risks to your school. Whole expensive, and complex cybersecurity programs can be undone by a single workstation or server that was missed. Be confident that you have as near to 100% coverage as possible, that you’ve identified all your servers, that you know what all your cloud solutions are, and what is exposed to the Internet. From here, you can then launch into the next key areas.
Protect
This principle aims to ensure that effective safeguard controls and protocols have been put in place to allow a school to proactively limit and/or contain the effects of a cyberattack. Proactive protection puts a school one step ahead of cybercriminals, ensuring that the school is focused on preventing successful attacks altogether, rather than discovering, and recovering from them.
Detect
Cyberattacks are a reality for every school. To this end, the Detect principle focuses on how a school can manage and identify successful compromises. It is crucial for a school to establish systems that allow it to detect cyberattacks effectively, and within a very short window. The key here is to reduce the dwell time of a threat actor in your environment from an industry average of weeks and months, down to minutes, or seconds.
Respond and Recover
Although every effort is made to mitigate the risk of cyber threats, it is important to have systems and protocols in place so that a school can appropriately respond to a cyberattack. The planning, communicating, and executing the agreed-upon procedures is key to managing a cyber threat and ensuring the security of the school’s digital assets.
Now, we will look at a list of the most effective school cybersecurity best practices.
Cybersecurity best practises
Cybersecurity Policies
It is imperative that a school has established cybersecurity policies. These policies should be easy to follow, easy to understand and should be consistently enforced. It is important to communicate these policies to all parties involved, as well as giving them access to the range of policies so that they play their part in carrying the responsibility of cybersecurity alongside school leadership.
Asset Management
Any worthwhile cybersecurity program should be based on a solid, reliable, and repeatable asset management process. From end-user laptops to servers, network switches and IOT devices, having a comprehensive asset management program enables you to be aware of both legitimate, and illegitimate activity within your network and systems.
Access Control and Authentication
Controlling access to a school’s data is key. These actions help to mitigate human risk, as well as allowing school administration to manage and appropriately allocate data access to the correct users. Secure authentication ensures that sensitive information remains safe and prevents unauthorised users from accessing the school’s systems and data. This is achieved through password managers and two-step verification apps, which can be built into the user interface. Single Sign-On, where available, should be a minimum standard for school systems.
Updating and Upgrading Systems
Ensuring that your systems are updated and are running on the latest versions allows you to protect your school from the latest threats and ransomware attacks. It is important to check for possible updates and upgrades and action them according to their risk factors. For example, a critical vulnerability that’s exposed to the Internet presents a much higher risk to your school than the same vulnerability that’s only accessible to your staff. Any notification to upgrade or update any software or system should be vetted before being engaged to ensure that the notification is not a case of phishing or ransomware.
Real-time Monitoring
It is recommended that schools use real-time alerting and monitoring systems. This will mean the school will be able to identify any potential issues quickly and comprehensively.
There are several ways ‘real-time’ monitoring can be adapted within a school context. Most IT managers would first reach out to SIEMs (Security Incident and Event Management) solutions. Still, these are complex, very expensive, solutions that require dedicated 24/7 staff to realise their true effectiveness. Schools are strongly encouraged to reach out to a trusted advisor to guide them through understanding which monitoring solution works best for them.
Training
It is imperative to train teachers, staff, students and even parents on best practices around the cybersecurity of the school. This includes how personal phones, laptops and tablets that connect to the school service are handled off-premises. Training should include information on safe device usage, recognising potential threats, and best practices around file sharing, as well as data access and sharing.
Cybersecurity Incident Response Planning
As the old saying goes, it’s not a matter of if, but when, you will be compromised in a successful hack. All the controls and best practices described above, exist to minimise the number of these successful attacks to an absolute minimum. Very few schools have a cybersecurity incident response capability within their staff team. Therefore, it’s vital to ensure that you and your school know what to do in the event of such an attack occurring.
Establishing a plan is one thing, but it needs to be practised, refined and maintained. Any incident response program must contain at least one yearly ‘tabletop’ exercise to ensure all the relevant parties are aware of the plan, their responsibilities, who to call, when to call, and what needs to be improved.
Cyber Response Plans
It is recommended that every school establishes and implements a cyber response plan. This written document, which needs to be approved by the school’s senior leadership team, should detail the appropriate actions to be taken before, during, and after a cybersecurity incident – whether confirmed or suspected. A school’s cyber response plan should firmly establish the roles and responsibilities of every staff member within the response team.
Follow ICT Audit Recommendations
Just as boards should invest in quality technology resources, boards should invest in the staff that manage distinct IT security — and then listen to them. Staff responsible for maintaining the quality of the IT infrastructure need support from the board in the form of policies but also in supporting recommendations around password protocols, software updates and more.
As the world exists in a more digital space every day, cyber threats become more and more advanced. While schools can manage and operate their own cybersecurity measures, it is always recommended that any advice given by a trusted cybersecurity source be actioned as soon as possible. The aim of these experts is not only to keep your school safe, but also to stay up to date with the latest trends in cybercrime. To this end, following through on advice given to you by an IT professional should be carried out as soon as timelines and budgets allow. This is especially applicable in the context of an ICT review performed on your school. Doing so will ensure that your school is safeguarded against the most current forms of cyberattacks.
Expert cybersecurity for schools
By following these, and any new best practices recommended by a trusted IT expert, you’ll be doing everything you can to keep your school’s systems, data and infrastructure safe from the hands of cybercriminals.
As professionals in the IT and cybersecurity industry, NetStrategy is trusted by nearly 400 of the country’s leading schools. We inform and empower schools through comprehensive ICT reviews, guiding them towards fortifying their cybersecurity controls and systems, safeguarding their data and maintaining their reputation as safe and exemplary educational institutions. Contact NetStrategy today about testing and developing a cyber response plan for your school, or any other IT or cybersecurity information.