Aug 05 2020

3 Tips for Improving Your Cybersecurity Program This School Year

Here’s how IT teams can help mitigate cyberthreats in today’s educational environment.

School districts across the country were already increasingly vulnerable to cyberthreats prior to COVID-19. On top of that, many dealt with budget and staffing challenges, making it harder to improve their cybersecurity defenses.

Then, the pandemic hit and schools went remote. That shift, which made students and educators more reliant on digital tools, expanded the attack surface of schools and aggravated threats such as phishing and ransomware attacks. In late June, the FBI even warned K–12 schools to expect a surge of cyberattacks because of the remote learning boom, Politico reports.

“The one thing about this new education norm is that everybody is remote, and everybody is mobile, meaning they’re less secure,” says Bill Conner, CEO of SonicWall, a cybersecurity solutions company. “What schools will need to figure out, now that they’ve moved to remote access, is how to secure it.”

Take-home devices and online platforms are back-to-school essentials this year, whether schools opt for another semester of virtual learning or adopt a hybrid approach. But there are ways IT teams can help mitigate cyberthreats in this new educational environment and ensure cybersecurity remains top of mind for all. Consider these three tips.

1. Increase Cybersecurity Awareness at Your School

With many students and educators going remote long-term this coming school year, it’s even more important for them to understand the cybersecurity implications of having a virtual classroom.

In addition to hardening systems and endpoints, Matthew Baird, network security manager for Santa Fe (N.M.) Public Schools, says in a Tech & Learning webinar that his team is raising end-user awareness on security issues through tactics such as phishing campaigns, follow-up training and self-assessments. His team also started sending staff monthly reminders on various security topics and measures to help them stay vigilant and informed.

DISCOVER: Learn about the top cybersecurity threats schools face today.

2. Implement a Proactive and Reactive Strategy

Although cybersecurity is the No. 1 technology priority for IT leaders, threats are still generally underestimated, explains Tom Ryan, chief information and strategy officer for SFPS, during the webinar. But it’s imperative for IT teams to identify threats and mitigate them quickly to uphold schools’ core mission of teaching and learning, he says.

“Having your proactive [approach] — what you do to stop the event from happening in the first place — and reactive [approach] — the processes and practices we do after the attack happens — may make the difference of whether you stay viable with the technology to deliver instruction, especially in remote learning environments,” Ryan says.

For instance, security measures such as penetration testing can help IT teams locate and address potential vulnerabilities before it’s too late. Santa Fe performs recurring internal and external penetration testing, Baird says. “Ensuring network perimeter or edge security, as far as securing private networks goes, is not enough with the amount of devices being sent home with staff and students,” he says.

READ MORE: Here’s how IT staff can provide tech support during remote learning.

Baird says they also execute vulnerability assessments on public-facing systems and internal devices on a monthly schedule. A vulnerability management system also allows them to prioritize which risks need the most attention. “Evaluating the risk of a certain vulnerability can be very time-consuming and requires skilled personnel,” he says. “So, having a system that helps determine the risk level of certain vulnerabilities is crucial in deciding where to start remediation, especially when it comes to ransomware or other trending cyberthreat activity.”

Securing all sources of web traffic — from on-premises and mobile one-to-one devices to guest networks — will also be necessary to protect an online environment. SonicWall’s Conner says phishing, email and PDF attacks are rising. He has also seen a spike in malware attacks on Internet of Things devices such as climate control systems and enhanced video surveillance cameras on school campuses. In fact, IoT attacks have jumped by 50 percent since January, according to SonicWall’s midyear update to its 2020 cyberthreat report.

Beyond network security solutions such as firewalls and content filtering, Conner also suggests, with so many relying on cloud software such as Microsoft Office 365, that schools look into cloud application security. It’s also important to have transparent management of remote campus environments, Conner says. “Threats are going after this new attack surface — the school campus is now really distributed because administrators, faculty and students have extended that campus network,” he says.

3. Balance Security Needs and Educational Access

In the Tech & Learning webinar, Ryan points out the importance of striking a balance between practicing security and providing educational access during remote learning.

While some districts may not even know how secure they are, others are on the other end of the spectrum, with security measures so strict that teachers and students find it difficult to access the resources they need. For Santa Fe, engaging with cross-functional teams was crucial to creating a balance.

“The core function is teaching and learning. And when we, as IT leaders, lock things down so much that teaching and learning can’t happen or is impeded by the security measures, then I think we have failed,” Ryan says. “Our mission isn’t ‘safe and secure.’ It’s good teaching and learning in a safe and secure environment.”

HEIKO119/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.