Independent schools and small districts rely heavily on technology to supplement smaller budgets and staffs, which means it is essential to have airtight cybersecurity measures in place.
In order to create the best possible defense systems, schools should build on their technology investments over time, according to education leaders at a Jan. 27 session at the Future of Education Technology Conference.
Build a Diverse Team for a Clear Cybersecurity Assessment
Before planning new cybersecurity measures, schools need to have a clear picture of where their security protocols stand.
The best way to move forward on these assessments, according to presenters, is to gather a group of leaders spanning different departments throughout the school.
“A small school needs to create a team to tackle cybersecurity, because this is an issue that impacts more than just the technology office,” said Denise Musselwhite, technology director for Trinity Preparatory School in Florida. “The CFO, the principal, the superintendent, as well as other stakeholders need to be involved in the decision-making process about how to assess the areas of risk for cybersecurity and attack them one at a time.”
According to Musselwhite and Lindsay George, chief information officer at Miami Country Day School, schools should have representatives from technology departments, employees who handle sensitive data, teachers and risk management leaders from the school administration and the board.
3 Levels of School Network Security
While all schools would prefer to have top-level security, the reality is that smaller schools may not have the resources to invest in such measures right away.
The Association of Technology Leaders in Independent Schools outlines three levels of investment that schools can use to work their way up from small actions to large-scale investments.
- Level One: Multifactor authentication is an essential security baseline for all schools, according to Musselwhite. In addition, IT teams should invest in firewalls like the SonicWALL TZ600, which offers dynamic packet filtering.
- Level Two: In the next stage, schools must make network segmentation a priority, separating mission-critical networks from the rest. Schools should also regularly scan their networks—at least twice per year—for vulnerabilities. IT teams should also monitor and record network activity for threat analysis, as well as integrate full disk encryption on all faculty laptops. This stage also involves hosting critical services on separate servers.
- Level Three: In the final stage, IT teams should shore up all additional security vulnerabilities. This means extending full disk encryption to faculty laptops and desktops, integrating next generation firewalls and conducting regular internal and external network scans.