Just like businesses, schools store social security numbers, birth dates and other sensitive data that can be used to steal money, identities or private files, including test questions or grades. And most school networks are inadequately protected because the responsibility for considering cybersecurity is falling through the cracks.
Most school boards, chief financial officers and procurement professionals don’t realize that end devices like network printers and copiers are just as vulnerable to attack as any PC.
As a matter of policy, IT staff should be integrally involved in all purchases of connected technology from the very beginning. Similarly, board members and administrators must empower IT staff to set and enforce security policies in educational institutions they serve.
To safeguard against rising cyberthreats, educational institutions should establish benchmarks to govern three procedures:
1. Embrace Security by Design to Minimize Endpoint Vulnerabilities
End devices are not all equally secure. Some have minimal built-in protections while others have layered and integrated security features aimed at keeping hackers out of networks and guarding against various ramifications should a hacker manage to bust through fortifications.
Like personal computers, they have hardware, a BIOS to boot up their operating systems, software applications and ports to access the internet. And, just like on PCs, these elements can be exploited by hackers if left unprotected.
Despite these vulnerabilities, 43 percent of IT professionals in North America, Europe, the Middle East, Africa and the Asia-Pacific region completely ignore printers in endpoint security practices according to a Spiceworks survey. And according to EdTech Strategies, since January 2016 there have been more than 350 cyberincidents targeting K–12 schools in the United States.
While security-optimized PCs, printers and copiers can cost a little more, it is wise for those charged with purchasing such equipment to identify and evaluate their choices, opting for the strongest cybersecurity their budgets will allow.
2. Establish Strong Security Policies and Procedures
An increasing number of teachers are choosing to bring their own inexpensive wireless printers into the classroom for the sake of convenience. This means, however, that educators may be connecting poorly protected devices to their institutions’ networks, creating security vulnerabilities.
This is just one example of the and largely unnoticed rogue activities that can occur in schools, colleges and universities, and which must be better controlled with stronger polices.
Such policies — drafted by IT professionals in tandem with legal staff, HR and anyone else charged with protecting data in an organization — should address the types of technology purchased, how networks can be accessed, who is able to use the equipment and when, as well as the protocols for accessing the equipment, such as entering passwords or cryptokeys.
Policies should also address what happens to digital information during its lifetime. For instance, many organizations are competent at mandating how documents should be protected on network servers and machines while in someone’s possession.
However, they often forget to assure the protection of this data when the equipment is out for repair, or the destruction of it when a PC, printer or copier is retired.
3. Minimize Human Error with Built-In Safeguards
To err is human, right? That is precisely why it is so important to choose PCs, printers and copiers with built-in safeguards.
One of the most common mistakes people make in organizations is printing sensitive documents to remote machines — and then forgetting about them.
A discarded printout containing personal information from the entire student body — more than 21,000 people — was stolen from one New York community college, according to the Daily Press. The institution reportedly ended up paying $500,000 to enroll students in a credit-monitoring service.
To address such scenarios, some printers now include a feature called “pull printing,” where print jobs are held on servers or workstations until users physically authenticate themselves to the machines. Educational institutions should consider such options for reducing human error as a matter of policy.