Whether your school is in person and planning for potential remote/hybrid scenarios, or if your students are currently virtual, learning from home introduces new cybersecurity risks to your community. We’ve listed 6 low-cost, high-impact things you can do today to improve the security at your school.
Slickrock Security partnered with Veracross this past spring, offering their expertise during our cybersecurity summit. We have again collaborated with them to develop these recommendations as an extension of their summit sessions and extend our thanks for sharing their wealth of school cybersecurity knowledge and experience. Additionally, we have included a link below allowing you to access and view recordings of all cybersecurity summit sessions to bolster your resources and protect your community’s data.
1. Eliminate “Open” WIFI Guest Networks
Open WIFI networks are commonly used by homes and schools for the sake of convenience. Unfortunately, open truly means open. Open networks are completely unencrypted meaning that traffic not utilizing HTTPS can be freely read – passwords and all. The simple step of securing open networks with a WPA2 password will encrypt traffic for each user. We highly recommend enabling this for faculty and staff working from home. Even better, utilize dynamic PSKs or a guest portal. We understand that budgets are tight and IT staff are stretched thin; however, small improvements can make a big difference.
2. Communicate the Real Risk of Cyberattack
Knowledge is power. Don’t let your vigilance slip because you feel like you may be small enough to fly under the radar. Cyberattacks on schools tripled in 2019 and are still on the rise. Helping educate faculty and staff on the real threat of digital attack is a crucial step in security. Ransomware is big business and it comes with a big price tag. Unfortunately, many schools aren’t ready. In 2019, the US Department of Education found that 60% of schools hit with a ransomware attack ended up paying the attacker. Take the simple step of talking with faculty and staff how your school could be targeted and encouraging them to be careful.
3. Help Protect Against Email Spoofing
In addition to education mentioned above, email spoofing can be reduced using SPF (Sender Policy Framework), DKIM (Domain Keys Identification Mail), and DMARC (Domain Based Message Authentication Reporting Conformance). In that alphabet soup are some important tools to help protect your users. SPF helps servers verify that emails are coming from authorized domains. DKIM adds digital signatures to every message to secure against forgery or altered messages during transit. DMARK enforces both SPF and DKIM authentication. Working together, these simple (and affordable) practices help make spoofing a real email account very difficult.
4. Back Up!
Backing up your important data is a tip you’ve likely read before but it’s too important not to mention. Backup solutions run the spectrum of simple to complex, affordable to expensive. The most important thing is that you are securely backing up and that you TEST your backups! If you have questions or want recommendations for a solution to meet your school’s needs, we’re here to help.
5. Update Your Software
Vendors and app designers create great new educational tools every year. With all that code, comes bugs. Trusted developers will patch their software to eliminate bugs when they are found, but often, it requires you to update your software. We recommend implementing a strict patch schedule where you actively monitor and apply patches for your systems. Hackers are looking for easy pathways into your network, so if known exploits don’t yield them access, they often continue their search elsewhere. A fresh set of eyes on your network (as we mention below) can help find outdated systems on your network that you may have forgotten about.
6. Get Fresh Eyes on your Network
All too often, we become so familiar with our own networks that we fail to see flaws that have grown with time. Services come and go, vendors change, and patches get skipped. It happens to all of us. Getting a fresh, professional look at your network can help you get recommendations on shoring up some of those missed areas. Third-party security companies, like Slickrock Security, can provide audits of our systems to make sure we are keeping up in this ever-changing landscape.
The team at Slickrock has been working with schools for over 20 years. They specialize in auditing network security and tailoring recommendations based on each school’s network usage and risk. Their services include cybersecurity assessments, security awareness training, network configuration, updates, and monitoring and more. Please contact firstname.lastname@example.org or email@example.com for more information, or click here to view Patrick’s presentation, “Doing Cybersecurity with Limited Resources.”
Veracross provides innovative software and personalized service to top K-12 private schools, offering an integrated database for strategic planning, engaging communication, and efficient workflows. Veracross is deeply committed to data security and privacy both within our organization and at our members’ schools. Last March, we hosted a cybersecurity summit at our headquarters. Click below to view those sessions free of charge.