Sep 14 2020

How to Secure the Work-From-Home Environment

When all teachers and staff are remote, K–12 IT teams can maintain security by focusing on end users.

Working from home is part of the new normal for K–12 schools and districts. How can IT managers secure teachers and staff in online environments? Here are some questions and answers.

What’s the Biggest Security Risk?

End users remain the biggest security vulnerability — and educators are naturally more curious, open minded and excited to try new things, making them information security’s worst nightmare. Applying technical protections — such as setting strong anti-phishing on email and installing centrally managed endpoint security tools — certainly helps, but technology alone won’t top a good dose of quality, targeted end-user training and an easy-to-reach online help desk staffed for as many hours a day as the district can afford. An investment in reducing the risk of end-user compromise delivers the biggest bang for the buck.

Should Schools Supply Desktops and Laptops?

The key to security is good controls, and the best way to achieve that is by owning everything from the software down to the boot ROM. Now is not the time to rush a BYOD program into production, especially given other stresses on teachers to learn new tools and ways of interacting with students. Giving teachers and staff hardware that has been qualified and put under central management delivers a better IT experience overall by ensuring that corporate tools will run smoothly. The security bonus pays for itself every time the district avoids a data breach or having a teacher offline for a day unable to work because of a compromised system.

What Can IT Staff do Differently with Existing Tools?

Now is the time to really start studying system logs, especially from endpoint security tools. Almost every compromise or security problem will show up in logs first, and if admins keep a close eye on what these tools are telling them, then problems can be caught and stopped early. Start with an on-premises or cloud-based security information and event management system, if the district has one. If not, sharpen those scripting skills with a do-it-yourself project to make sense of things.

DISCOVER: Here are best practices for securing a learning management system.

Is This the Time to Start Using a DNS Filtering Service?

Domain Name System filtering services, such as Cisco Umbrella (formerly OpenDNS), Cloudflare 1.1.1.1 and Quad9, are controversial both technically and politically, but they do deliver some security benefits by filtering malware. Districts that choose to add these to their toolbox need to be transparent with the user community to avoid misunderstanding and surprises.

What Else Can IT Staff Bring to the Table to Help People Stay Secure?

Now is a great time to roll out two-factor authentication if you haven’t already. Nothing makes a stolen password more useless than 2FA. The standards-based one-time passwords built into Microsoft Authenticator, Google Authenticator and other compatible tools are now widely supported and are a great place to start, avoiding the cost and inconvenience of hardware tokens.

MORE ON EDTECH: Find out how to protect data in a shifting security landscape.

RichVintage/Getty Images