It’s in the news every day: data breaches, personal records compromised, networks and sensitive information held hostage. Cyber criminals are more aggressive than ever before in their quest to achieve financial gains through hacking. So it should come as no surprise that our nation's schools are a prime target for such attacks. And the rapid rise in smartphone use among students has rendered schools’ networks more porous, complicating security efforts.
We’ve all heard tales about kids altering their report cards or calling in bomb threats to avoid a test, but a high school student in Idaho took it to a new level. Recently, a student in the West Ada School District orchestrated a Distributed Denial of Service (DDoS) attack that crippled schools, bringing down email as well as online class and testing systems. That’s one way to get out of a test, but also a good way to end up in juvenile detention with a felony record, as is the case with this student. Unfortunately, most hackers are sophisticated cyber criminals, not teenagers, and not so easy to apprehend.
In New Jersey, the Swedesboro-Woolwich School District’s computer network was compromised by a ransomware program and held hostage in exchange for 500 Bitcoins, which equates to approximately $125,000 at today’s transfer rate. While the school did not pay the ransom, the event caused considerable problems.
Recently, hackers targeted Miami-Dade County Public Schools and launched Denial of Service (DoS) attacks that hijacked their Internet connections just as thousands of students were set to take new standardized tests. Given the important testing scheduled, the style and timing of the attack was clearly not coincidental. Such tests often determine funding levels and other critical benchmarks.
Schools are facing the same cyber security dilemma as many small businesses. While even small school districts have multi-million dollar budgets, their security capabilities are usually limited, so cyber criminals see them as an opportunity for quick profit. Downington Area School District in Pennsylvania had $665,000 transferred from their accounts into overseas accounts. Fortunately, they were able to recover all funds with the help of the FBI. It is not uncommon for attackers to target school district coffers.
Schools tend to be full of Apple computers, and the long-standing belief among Apple users that their systems are less susceptible to infection has contributed to schools’ vulnerability. Some are learning the hard way that Macs need to be protected as well. In fact, the “Flashback” virus is the most prevalent malware impacting institutions of higher education, and has infected hundreds of thousands of Mac machines.
The good news is that the situation can be managed. Schools have many options available to them when setting up and configuring a security infrastructure. By following some basic guidelines, when choosing and setting up those options, virtually any school can improve security a great deal.
We believe that there are five actions you can take to move toward an optimal security posture. These include:
- Establish a BYOD policy and supporting technology
- Upgrade the web filter
- Protect school-owned devices while off the network
- Implement anti-malware protection
- Integrate and move your security to the cloud
In addition to security awareness training for teachers, administrators, and students, these steps will support good cyber citizenship, keep inappropriate content out of the learning environment, and make schools less alluring targets for hackers.
Establish a BYOD policy and supporting technology
Allowing access to students who “bring their own devices” (BYOD) to use and connect to the Internet through school networks raises many concerns. A recent survey found that 89 percent of high school students have access to Internet-connected smartphones, while 50 percent of students in grades 3 through 5 have them.
Many districts have implemented a “guest” network for students who bring their own devices. This is a logical and effective way to allow student access, while segregating and managing their Internet use. While authentication often gets lost, allowing these users reasonable and productive access to the Internet through these devices works well for many districts. Their traffic can then be monitored and filtered according to policies about appropriate and secure use.
Upgrade the web filter
It’s an understatement to say that the Internet and surfing habits have changed. Yesterday’s devices, websites and tools quickly become obsolete and are constantly replaced by new tools and toys. If you haven’t taken a good look at your web filter recently, you may find it’s older than some of the students it protects. In many cases the web filter used by school districts was implemented before half of the current students were old enough for Kindergarten. Once you have the proper controls in place, setting the filter to protect students while allowing teachers greater access is key.
Internet threats evolve just as rapidly, and web filters are an integral part of protecting the network from malicious code and phishing attacks. Many education-focused web filters do a reasonable job of filtering out inappropriate content, but lack full security orientation. Be sure that your web filter has strong security infrastructure behind it. For example, if your filter doesn’t offer malware detection, it’s time for an upgrade!
Protect school-owned devices while off the network
We’ve all become used to having our computing devices with us on the go, and this trend has hit education as well. Most teachers now opt for laptop computers and many bring them home every night. Some travel with their laptops, often connecting to wireless hotspots in airports, hotels and convention centers. While roaming on laptops and smartphones, many users are no longer protected by the security measures in place on their workplace networks. Most of these users don’t remember to take extra care with their surfing or usage habits while they are away from the secure network. All of this unmonitored mobility drastically increases risk.
It’s during these “unsecured” moments that problems are likely to happen. Moreover, without some level of monitoring and control you’ll have no idea where your devices have been and how they are being used off your network. This presents a whole host of concerns, including compliance with privacy regulations.
There are technologies in use today that can extend some security and monitoring capabilities to roaming users. Users covered by these technologies have web filtering and monitoring in place wherever they go. This helps prevent roaming users from visiting malware sites and, coupled with endpoint malware protection, provides productive and safe Internet use on the go. The problem with some of these technologies is that they require all Internet traffic to come back to the network for security purposes. This can lead to increased latency and frustration on the users part. Newer cloud-based filtering and security solutions can provide the same security with a more consistent user experience both on and off the network.
Implement anti-malware protection: it does still matter
Basic “desktop antivirus” has been around for decades and is still an important part of the security landscape. These endpoint protection products have evolved, as have the threats they protect against. These products are easier to use and more effective than ever.
Some of the technologies that fed traditional antivirus, such as the use of “honeypots” to attract new viruses for analysis and signature development, are less effective today than in the past. Be sure to align yourself with a credible vendor that has proven their ability to identify and stop today’s complex threats.
A key upgrade to anti-malware protection was made possible by cloud infrastructure. At one time, AV programs were installed on a server that handled updates and administration. Updates are now much more effectively disseminated from the cloud. By having your AV control and administration in the cloud you have visibility to all of your endpoints, no matter where they are, and no matter where you are. Moving to the cloud eliminates the need for the “update servers” as well as the tedious task and expense of maintaining them.
Integrate and move your security to the cloud
Indeed, the move to the cloud represents the key architectural change in security implementations over the past decade. This transformation offers the same large set of benefits that fueled other rapid migrations to the cloud; no capital investment, no updating of software, servers and operating systems and hassle-free operation of your key security applications.
Cloud security services can combine different threat vectors in a single security solution. If your web and email filters are integrated with your endpoint anti-malware solution, you are well on your way to a secure network.
As the network perimeter becomes increasingly porous, cloud-based security solutions offer you the ability to offer protection to your users wherever they choose to work or learn. Unlike traditional on-premise solutions, cloud security systems are always automatically updated to the latest versions. There is no longer a need to buy new servers or implement new firmware updates; the cloud provider handles it all for you. This ensures that your security solution is never older than the students it protects.
Effectively protecting a network from the myriad of cyber threats is a result of thoroughly covering the basics and continuously looking for areas to improve and optimize. Acting on these recommendations will help your network become more secure and easier to maintain. Good cyber citizenship should be a standard component of every curriculum, and schools can model this responsibility by proactively addressing risks and supporting safe network use.
Is there anything I’ve missed? Please share a few of your top tips in the comments section below.
About the Author:
Paul Lipman is the Chief Executive Officer of iSheriff. He brings to the role over two decades of executive and operational leadership experience at software, services and ecommerce companies. Paul was previously Chief Strategy Officer for Webroot, a leading SaaS and endpoint security provider, and spent four years as Senior Vice President and General Manager of the company's renowned Consumer business unit.
Prior to Webroot, Paul was General Manager of Global Services at Keynote Systems, managing the company's global consulting, customer experience management and competitive intelligence services. He joined Keynote through the acquisition of Enviz, an early pioneer in customer experience management technology, where he served as Vice President of Business Development and Sales. Lipman also served as Senior Vice President of Business Development and Business Operations at E-Greetings Network, a leading e-commerce network. Lipman was on the senior executive team when E-Greetings went public in 1999. Earlier in his career, Lipman worked as a senior consultant for Andersen Consulting (Accenture) in Europe.
Lipman holds an MBA from the Stanford University Graduate School of Business and a Bachelor's Degree in Physics from Manchester University in England.