It’s no secret that school districts are a gold mine for hackers, who can exploit all of the confidential student, parent and employee data available for financial gain or to assuage a personal grudge.
While schools — rightfully — fear hacking of their computer systems by professional criminals, students increasingly breach their school’s cybersecurity safeguards, giving educators and administrators plenty more to worry about.
While external cybercriminals seek Social Security numbers and financial information using ransomware, student hackers commit inside jobs with the hope of changing grades, stealing passwords, infecting computers with malware, accessing or hijacking secure school or district websites or even posting inappropriate images. As reports of students improperly accessing school administrative systems become more common, many districts remain vulnerable to such insider attacks, despite their best overall security efforts.
MORE FROM EDTECH: Here are some cybersecurity tools K–12 schools should have to protect against ransomware.
Schools Opt for a Better Cybersecurity Plan
Curious and tech-savvy students have always pushed the limits of what educators deem acceptable use of school technology. What’s different today is that students can affect the operations of entire districts, and they are increasingly capable of circumventing the security controls implemented by IT administrators.
A major challenge for K–12 IT and security personnel is how to maximize user and data protection with limited network and security resources. Despite that challenge, managing and maintaining a secure network does not have to be difficult. An all-encompassing security plan would include safeguards against such savvy students and external hackers. Here are some examples of what this technology should look like:
- A comprehensive security system: Comprehensive security delivers advanced deep-packet inspection protection for the school network by combining intrusion prevention, anti-virus, anti-malware, cloud-based multiengine sandboxing, content/URL filtering and anti-spam services, plus 24/7 support — all in a single solution.
- E-rate eligible products: If a district is using E-rate funding to buy networking and cyber solutions while simultaneously reducing capital expenditures, ensure E-rate eligible firewalls, wireless and WAN acceleration products are being researched.
- Children’s Internet Protection Act compliance with on-campus and off-campus web filtering: Meet CIPA requirements with a robust web-filtering solution that protects students from harmful content whenever a school-issued device connects to the internet. This not only limits what is being seen, but also limits what is posted.
- Greater visibility and control: A robust security plan will allow an IT team to gain real-time insight into network activity — students, staff, apps and bandwidth consumption — and make informed decisions accordingly.
- Flexible remote access: Consider a next-generation firewall that does not rely on a third-party app, providing native VPN remote-client access for Windows, Chrome, Android and Linux devices — and more.
- Routine patching: More sophisticated hackers may seek to exploit vulnerabilities in software. That can often be prevented by making sure programs are updated and patched regularly. Tackle patching while making updates to software to keep everything moving forward together.
What Else Can Be Done to Prevent Network Intrusions?
Software and security devices can’t do all of the work, especially when human error is involved. Proper cyberhygiene skills will go far to protect students and district employees at work and at home. In addition to security devices, most K–12 cybersecurity experts suggest districts take basic measures to prevent hacking.
School districts should establish good habits and ground rules for employees and students alike. That means training staff to follow good password practices. No more sticky notes on desktops or overused and easy-to-guess passwords. Instead, use long and complex passwords, even if inconvenient. To ease the burden of remembering each unique password, consider password management software.
Percentage of data and hack attacks in education where “fun” was cited as the underlying motive.
Source: Verizon, “2018 Data Breach Investigations Report,” April 2018
While staff adopts better habits, ensure students also know the rules for acceptable technology use. Rules for acceptable use of school computers are key to creating universally understood norms. Both students and parents need to be aware of the rules, as well as the consequences for breaking them.
Quickly and consistently address misuse of the school’s computer systems to better develop and strengthen students’ online ethics and sense of digital responsibility. Should a hacker get past a complicated password, two-factor authentication will help to keep unauthorized users out.
They won’t be able to access a network without a second piece of information, such as a code sent to the legitimate user’s mobile device. The safest bet to keeping information under lock and key, however, is to be vigilant about ensuring role-based access to information.
No one associated with a school should enjoy access to more information than they need to do his or her job. Ensuring essential information sticks to essential personnel limits the possibility that sensitive data will be used inappropriately.
At the end of the day, establishing strong security policies and procedures combined with implementing robust yet cost-effective security platform solutions are essential to maintaining security from all threats, regardless of whether they’re coming from within or without.