According to a recent nationwide survey of public school district IT and security directors, one-third of respondents said that their district’s security needed improvement.
The survey, the CDW-Government (CDW-G) 2008 School Safety Index, also found that schools throughout the nation had taken large strides at improving physical security, but that they had actually taken a step back when it came to IT. School districts managed to improve their physical safety score by 39 percent from the previous year’s index, but during that same time period, their cyber safety scores declined by 25 percent.
Among some of the findings of the survey include:
• More than half of districts are using network access control to protect data and ensure that only authorized users and approved applications access their networks. However, budget constraints, lack of staff resources and the need for more IT tools cancelled out districts’ efforts to improve cyber safety • Nearly half of districts are utilizing mass notification systems, and 70 percent are using security cameras; 29 percent of districts report that security cameras have had a positive impact on district safety • Districts should consider the instant access that IP security cameras can give their local police. While more schools are using security cameras, only a small number of districts give their local police force the ability to access digital footage in real-time during an emergencyAccording to Patrick Fiel, ADT public safety advisor for education, physical security is the most important aspect of security for an individual school and that IT security is more of system wide issue.
Fiel added that many school districts fail to do a detailed security assessemnt of their security needs and that the first thing he addresses with them is their ability to lockdown a school both internally and externally.
"There's still a few schools out there that can’t do that today," he said.
David Hutchins, director for K-12 education at CDW-G, feels that school districts are improving overall in both physical and IT security, but that they still need to work on integrating the two.
"I think there is still a great deal of improvement that needs to come in terms of the two working together," he said.
Though the majority of school districts have taken steps to authenticate users on their computer networks, the survey found that 16 percent of districts, which are mainly located in urban and rural districts, still use general log-ons, rather than unique user names and passwords.
Fourteen percent of all school districts surveyed said that they had had at least one IT security breach within the last 12 months, which is a 5 percent increase over the previous year.
While schools have substantially improved their physical security tactics, the survey notes that some districts are failing to take advantage of new technologies. Of the 45 percent of districts that reported they used mass notification systems, only 32 percent said that they used such tools as text messages.
The largest barrier in improving IT security in many districts boiled down to money. The survey noted that 79 percent of those polled said that the major hurdle to improving IT security in their districts was budget constraints. Another 61 percent said they lacked the staff resources necessary to improve security, while 47 percent said they didn’t have hardware/software that was needed.
The results were the same among Physical security directors, 69 percent of whom said that budget constraints were their biggest hurdles. Compared to IT security directors, however, only 29 percent of physical security professionals cited a lack of staff resources. About 32 percent said that they need more tools to improve physical security.
"I have seen, over the last couple of years, more funding moved towards security. It is a priority of school districts and communities are making it a priority and the districts are making it a priority for the safety of the students, both physical safety as well as intellectual safety in term of the internet," Hutchins said "It’s a battle every year for these districts to get the funding to do the projects that they need to do."
One of the solutions suggested in the survey’s findings to help improve security in the school districts is to integrate IT and physical security tools, which would thereby utilize staff and funds more efficiently. The report also advises districts to take advantage of mass notification systems and use all of the channels that are available to them.
Fiel recommends that school districts bring in a solution integrator to discuss what securtiy infrastructure already exists and what can be done within a systems budget to address any needs.
"The bottom line is getting everyone together and finding out what the needs are," he said.
Fiel added that ADT is responsible for the security of over 15,000 schools nationwide and that they provide free risk assessments to any school system that requests them.
Hutchins said he believes that the key to improving security in school districts is for there to be an understanding of how both IT and physical security affect each other in a given system.
"Getting (IT and physical security professionals) combined early I think is critical and having it be part of a longer term plan so that when it comes to funding, you can go before the board and say this is all part of our plan across the district," he said.
