By: Craig Badrick on May 4th, 2017
Security Awareness for Information Technology in School Districts
k12 | Network Security | Higher Ed | Cybersecurity
Is your school district putting the necessary amount of attention on addressing the growing challenge of cybercrime in education? Recent attacks on schools throughout the country are serious warnings to tighten up your information security awareness efforts and develop a plan to ensure that your schools are protected.
Educational networks are prime targets for hackers, and the danger becomes increasingly present every day. If you’re not prepared with a proper network design and awareness strategy, your district could find itself the victim of a major ransomware attack, computer virus or other dangerous intrusion. Don’t put your students and faculty at risk. Understand the vulnerabilities you may be overlooking, and make sure your information security systems are capable of taking cybercrime to task. You may find that your school district’s network is in need of some serious evaluation.
Are Your Students Inviting Hackers In?
The connectivity scene for K-12 students is unlike it ever has been before. Thanks to great strides in information technology for the education arena, students have more IT at their fingertips during the school day, and they’re savvier than ever when it comes to using it. This is great news for education, but it also comes with plenty of risk. Given the chance, students will take advantage of opportunities to download videos, games and apps -- all of which can pose serious security risks if left unmonitored.
Unauthorized downloads present the two-fold challenge of siphoning bandwidth and inviting hackers in. With these types of issues, your network can struggle to perform and maintain information security. So, what’s the solution? It involves the implementation of a networking infrastructure that enables your IT professionals to have a high level of application visibility and control.
It’s critical to give your school district’s network the attention it requires. By assessing the present reality of your network infrastructure, you benefit from the ability to:
- Identify issues involving wiring and cabling, network switches, routers, VPNs, etc.
- Make sure any related firmware is up-to-date
- Pinpoint any hardware that's outdated or not functioning properly
- Assess the network traffic to bring any hidden issues to light
- Make sure firewall settings are adequate
- Look for any vulnerabilities, close all those you can and make the others as safe as possible
- Review wireless devices on the network
- Find hidden subnets
- Check for sources of wireless interference
- Perform any necessary hardware and software maintenance
Is Personal and Confidential Information at Risk?
There’s no room for error when it comes to protecting student and staff information. It’s imperative to ensure that your networking infrastructure is fortified against cyber threats, ransomware and other dangerous factors.
According to Michael Kaiser, Executive Director for the National Cyber Security Alliance, school districts can appear particularly vulnerable because there are so many users on the connected networks. Therefore, hackers have more potential openings. In addition, successful intruders have access to large amounts of data, including personal, financial and medical information, as well as Social Security numbers and academic records. This valuable data renders district networks highly attractive for hackers interested in selling the information or eliciting a ransomware payload.
A study by security rating company BitSight indicates that schools have the highest rate of ransomware attacks, with three times as many as the healthcare industry and more than 10 times as many as the finance arena. Take a look at some of the highly damaging outcomes caused by recent data breaches in the following school districts:
- The 900-student Bigfork School District in Montana was victimized by a ransomware attack that involved a self-replicating computer virus eating its way through most of the schools' servers (including the student information system) and encrypting huge amounts of data, making it inaccessible to Bigfork employees until a ransom was paid in exchange for a decryption key.
- A sophomore at Spring Branch Independent School District in Texas has just been charged with felony computer hacking for gaining unauthorized access to the district computer system and altering grades.
- The Columbia County School District revealed that one of their servers suffered a data breach in November, exposing confidential employee information, including names, Social Security numbers, birth dates and more.
- In February, Manatee County School Board administrators learned that two payroll employees had fallen for an email phishing scam. A hacker posing as the Superintendent obtained a PDF file containing all 7,700 W-2s for any employee who worked in the district in 2016.
- Nearly 23,000 students and faculty at Northside Independent, the largest school district in San Antonio, had their personal information compromised in a data breach that occurred last summer.
Don’t become the next headline in the evolving threat landscape for school districts. Make information security a priority and take the necessary steps to ensure that your network is fully prepared to defend against malicious attacks like the ones already experienced by districts across the country.
How Is BYOD Affecting Information Security in Education?
The BYOD movement certainly isn’t confined to the business sector. In addition to school faculty and administrators taking advantage of BYOD opportunities, many districts have begun to allow students to bring their own devices into the classroom. There are some obvious benefits to this option, including cost savings for the district, improved student-teacher collaboration and the personalization of educational objectives, both in the classroom and at home.
Unfortunately, these benefits come with a hefty share of information security challenges, and unless your district is prepared to meet them, your BYOD situation could be leaving schools open to significant threats. Can your network infrastructure handle the strain of smartphones, laptops and tablets accessing it? Does your wireless network enable your IT professionals to have a high level of application visibility and control? Have you developed policies to prioritize applications and devices? Is there a security awareness program in place?
These are all critical considerations in the security of your information systems. Now is the time to ensure that you have the infrastructure to support identity-based policies for web and network access, control or block the use of certain apps and websites, provide adequate bandwidth for critical education applications and services, protect against devices infected with malware and implement intrusion defense and prevention systems. The safety of your schools’ data depends on it.
Danger is imminent if your district doesn’t have the proper network design, maintenance plan and awareness strategy to ensure information security. If you’re unsure about how to handle an update, upgrade or installation, read "Your Guide to Choosing an IT Solutions Partner" and gather the insight you need to make the most cost-effective decisions for your school district.