“The one thing about this new education norm is that everybody is remote, and everybody is mobile, meaning they’re less secure,” says Bill Conner, CEO of SonicWall, a cybersecurity solutions company. “What schools will need to figure out, now that they’ve moved to remote access, is how to secure it.”
Take-home devices and online platforms are back-to-school essentials this year, whether schools opt for another semester of virtual learning or adopt a hybrid approach. But there are ways IT teams can help mitigate cyberthreats in this new educational environment and ensure cybersecurity remains top of mind for all. Consider these three tips.
1. Increase Cybersecurity Awareness at Your School
With many students and educators going remote long-term this coming school year, it’s even more important for them to understand the cybersecurity implications of having a virtual classroom.
In addition to hardening systems and endpoints, Matthew Baird, network security manager for Santa Fe (N.M.) Public Schools, says in a Tech & Learning webinar that his team is raising end-user awareness on security issues through tactics such as phishing campaigns, follow-up training and self-assessments. His team also started sending staff monthly reminders on various security topics and measures to help them stay vigilant and informed.
2. Implement a Proactive and Reactive Strategy
Although cybersecurity is the No. 1 technology priority for IT leaders, threats are still generally underestimated, explains Tom Ryan, chief information and strategy officer for SFPS, during the webinar. But it’s imperative for IT teams to identify threats and mitigate them quickly to uphold schools’ core mission of teaching and learning, he says.
“Having your proactive [approach] — what you do to stop the event from happening in the first place — and reactive [approach] — the processes and practices we do after the attack happens — may make the difference of whether you stay viable with the technology to deliver instruction, especially in remote learning environments,” Ryan says.
For instance, security measures such as penetration testing can help IT teams locate and address potential vulnerabilities before it’s too late. Santa Fe performs recurring internal and external penetration testing, Baird says. “Ensuring network perimeter or edge security, as far as securing private networks goes, is not enough with the amount of devices being sent home with staff and students,” he says.
Baird says they also execute vulnerability assessments on public-facing systems and internal devices on a monthly schedule. A vulnerability management system also allows them to prioritize which risks need the most attention. “Evaluating the risk of a certain vulnerability can be very time-consuming and requires skilled personnel,” he says. “So, having a system that helps determine the risk level of certain vulnerabilities is crucial in deciding where to start remediation, especially when it comes to ransomware or other trending cyberthreat activity.”
Securing all sources of web traffic — from on-premises and mobile one-to-one devices to guest networks — will also be necessary to protect an online environment. SonicWall’s Conner says phishing, email and PDF attacks are rising. He has also seen a spike in malware attacks on Internet of Things devices such as climate control systems and enhanced video surveillance cameras on school campuses. In fact, IoT attacks have jumped by 50 percent since January, according to SonicWall’s midyear update to its 2020 cyberthreat report.
Beyond network security solutions such as firewalls and content filtering, Conner also suggests, with so many relying on cloud software such as Microsoft Office 365, that schools look into cloud application security. It’s also important to have transparent management of remote campus environments, Conner says. “Threats are going after this new attack surface — the school campus is now really distributed because administrators, faculty and students have extended that campus network,” he says.