Are You Doing Enough To Protect Your School’s Data?
Cybersecurity Strategies Every Charter School Should Implement
Part 2 of a two-part series about how charter schools can protect their data on an infrastructure level. The first part looked at how students and teachers can protect their personal and professional data.
When you’re preparing for assessments, it’s easy to worry about all the things that can go wrong. But one thing you’re probably not worrying about is hackers. But for one New Jersey school, their assessments were disrupted when ransomware shut down all their computers.
It took weeks to rebuild the school’s network after they refused to pay the hackers, according to an article on fedscoop.com.
We know your time is valuable. We’d love for you to read the whole blog, but if you don’t have time, check out our 30-Second Summary
Charter schools aren’t immune from cyber threats like malware and ransomware. They have significant amounts of data – student, payroll and financial – that hackers would like to steal and exploit.
Common scams include spoofing emails to request money transfers or W-2s. Once hackers have the wire transfer information they can transfer the stolen funds overseas, making it virtually impossible to trace and recover. Other scams include using the stolen W-2s to file fake tax returns and then stealing the tax refunds.
Many schools are becoming aware of the risks but don’t know what cybersecurity strategies to implement.
First, you need to understand where you’re vulnerable. Think of your school’s IT environment like a human body. To stay healthy, the body has several layers of defenses – the skin, our immune system – all of which we bolster with vaccines and medicines targeted to specific threats.
Just like a body, your school’s IT infrastructure needs these layers of defenses and targeted “medicines” like anti-virus and anti-malware software to stay healthy.
Here are the main areas where schools need to focus their cybersecurity efforts:
1. Check Your Firewall Configuration
Firewalls are designed to keep out unauthorized access while still allowing authorized communication from the network. While some schools have a firewall, they’re often not set up correctly. Having a firewall that isn’t configured correctly can negate its benefits.
2. Run The Right Anti-Virus, Anti-Malware Programs
Installing and regularly updating a quality anti-virus program is a good way to keep out threats likes viruses, worms and other malicious software. It should be installed on your network to identify and stop malware before it can spread and cause damage.
Make sure you’re updating it regularly. There were 43.4 million new variants of malware found in November, according to Symantec.com. Anti-virus and anti-malware software is constantly releasing updates to target these new threats. Out-of-date anti-virus and anti-malware software offers little protection, just like poorly-configured firewalls.
3. Ensure Your Internet Apps Are Safe
With so many cloud-based applications being used in schools, it’s crucial that they’re included in your cybersecurity plans. Dealing with these applications can be complicated, as you don’t have control of their security measures.
You can make sure that teachers are only using applications that have been carefully vetted by the school. Before approving applications, make sure you understand the company’s security procedures, where and how student data is stored and what their notification process is in case of a data breach.
4. Ensure Your School Is In FERPA Compliance
All schools need to ensure they’re meeting Family Educational Rights And Privacy Act (FERPA) regulations. Designed to protect the privacy of all student education records, the act details everything from how student data should be destroyed to what schools should do in the event of a data breach.
Not only does a data breach create immediate issues that are costly to remedy, it can also mean a loss of federal funding to the school if FERPA regulations are violated.
5. Segment Your Traffic
Another good way to protect your school’s data is to segment your traffic. Setting up separate traffic patterns for teachers and administrators, students and guests allows you to limit or allow access to different sites. While you may want your teachers to be able to access YouTube, you can block access for students.
This content filtering is a proactive way to limit risks from questionable sites. You can also include product filtering to limit downloads of apps and other programs that may contain malicious code.
6. Regularly Monitor Your Systems
Regardless of how secure you try to make your school’s network, chances are you’ll have to deal with malware at some point. The best way to mitigate the damage is to ensure you’re actively monitoring your network. Detecting a problem early not only limits the extent of the damage, it allows you to limit any downtime or data loss.
As part of this monitoring, make sure you’re also removing employee and student access as soon as they leave the school. Disgruntled former students and employees can easily introduce malware into the system or cause other issues.
7. What Schools Can Do About These Threats
In addition to ensuring your infrastructure is protected, don’t forget that educating your students and teachers is the other key piece to protecting your school. Every user on your network can introduce threats if they’re not careful.
By educating all your users about these threats and how to keep their devices safe, you’ll greatly reduce the number of threats your network security will have to defend against. The more proactive you are with your network security, the more time you’ll have to focus on meeting your educational goals.
Share Your Experiences:
How do you protect your school’s data on an infrastructure level? Do you actively monitor your school’s network? Do you have a vetting process for applications or are teachers free to choose? Share your thoughts in the comments below.
- Charter schools aren’t immune from hackers looking to steal student, payroll and financial data
- Many schools aren’t actively thinking about these threats and don’t have plans in place to protect their data
- Actively monitoring networks, using anti-virus and anti-malware software and properly configuring firewalls are all part of a sound cybersecurity strategy for schools
- Schools also need to educate their students and teachers about cyber threats so they can protect themselves and reduce the possibility that they’ll bring malware and other threats into the school’s network