Cyber Hygiene Practices for a Secure School Network
Your school network is what No. 2 pencils are to scantron tests. Without one, things just won’t work.
But if last year’s sharp uptick in school-related cyberattacks tells us anything, it’s that preparation may be your only chance at protection.
Now, school networks are more crucial – and vulnerable – than ever. Keeping them safe starts with good cyber hygiene. These best practices can help you ace network security when it matters most.
Stay up-to-date with IT challenges
Your IT team provides a strong line of defence against common network security challenges. Make sure staff know how to get in touch with them and establish a protocol for reporting any suspicious activity. This should include a well-developed incident response plan for the most prevalent cyber occurrences such as:
Unsecured remote access. See that only authorised users have the ability to access documents on the school’s network by setting up a virtual private network (VPN). This protective “tunnel” prevents hackers from having a direct line to your data. Strongly discourage the use of any other unsecured networks like public WiFi.
Phishing attempts. Hackers are great impersonators. Using compelling psychological tactics or fraudulent links they can craft extremely convincing emails that appear to come directly from principals, deans, teachers, or other administrative personnel. Sensitive info like passwords, social security numbers or direct payments are usually the endgame. School-wide instruction and email security reinforcements are strongly recommended.
Ransomware infections. Unless your school’s data is backed up constantly, it can be difficult to recover from this common educational cyberattack. Hackers can hold entire systems hostage, leaving everything from lesson plans to students’ personal records vulnerable to extortionists until the monetary demands are met. There’s no easy bypass aside from careful preparation. Think: multi-location backup into the cloud or an external hard drive.
Password loss. Strong, single-use passwords are essential for students and staff working on the school’s network. Where possible, enforce two-factor authentication (2FA) double down and protect your accounts.
Firewall breach. Making sure privacy settings and web filtering tools are operating at full capacity can help protect the network and each individual user.
Educate staff and students
When it comes to online safety, the better informed your school is, the less likely you are to experience a cyber incident.
Instead of giving a one-time presentation and calling it a day, why not do something to really grab their attention? Since phishing is by and large the most common preventable user-error, why not simulate a fake attempt? Not only will this give you actionable data to steer your training, it will leave a lasting impression on participants. Better they get burned safely than unwittingly compromise their data.
Be sure to use the exercise to call attention to best practices like double-checking the spelling of the domain name in the sender field and avoiding suspicious links or attachments.
Configure security controls
Your school network is a data goldmine. Designing and configuring it so your IT team has a bird’s eye view of it can help you see a potential issue before it becomes a costly cyber disaster.
At minimum:
Keep student-owned devices (BYOD) on a separate network. They could be unknowingly operating a machine infected with malware.
Monitor and analyse incoming and outgoing network traffic. Unusual usage, traffic spikes and all other actions and access attempts should be logged in a secure location and regularly reviewed.
Back up network data every day. Keep the backup separate from the school’s main network at all times. Your school’s IT security is about more than just having the right education-specific cyber security tools. It’s also about educating your educators and learners about how to stay safe online. The more vigilantly you prepare, the more powerful that knowledge will be.