Business & Technology
K-12 schools are dealing with a perfect storm when it comes to cybersecurity. Security governance and defense in depth continue to be challenging as both school infrastructures and the threat landscape constantly change. As a result of the general digital transformation being experience across our society, Cyber criminals continue to target learning institutions, and the number of successful attacks continues to rise. 74 significant cyber incidents were reported across school districts in the first half of 2017 alone, up from 67 for the entire year of 2016. To address this trend, K-12 schools will have to evolve their cybersecurity posture and implement new strategies to ensure their policies are keeping pace with the evolving threat landscape.
For the most effective use of technology in schools, networks have to be largely open, allowing students and teachers to connect their devices to the network from a variety of endpoints and locations. Moreover, most of these devices are personally owned, making it a challenge for IT teams to monitor updates and identify at-risk devices. And while school networks become more open, and more devices request access to them, K-12 schools are also contending with budget limitations and the growing cybersecurity skills shortage. These make it difficult to outfit teams with updated IT infrastructure and professionals that have expertise in cybersecurity.
As K-12 schools attempt to secure bring your own device (BYOD) policies and increasingly open networks, cybercriminals are simultaneously increasing the rate at which they target educational institutions. For example, one in ten educational organizations experienced malware on their networks for the school year from September 2015 to September 2016. The goal for many of these cybercriminals is to exfiltrate the personal information of students and faculty to sell or use for fraudulent purposes. The recent example of a phishing scam that targeted schools to get faculty W2 form information illustrates this point. Posing as school or district leaders, hackers sent phishing emails to faculty requesting sensitive tax forms, thereby potentially compromising the information of tens of thousands of educators. Access to such information gives hackers the ability to file fraudulent tax refunds for their profit, facilitate identity theft, establish and steal credit, and other financial crimes.
In addition to ensuring they have the technical and strategic capabilities in place to mitigate such threats, schools have the added burden of also ensuring they are in compliance with such regulations as HIPAA, CIPA, and FERPA.
As schools hurry to address these challenges in the wake of growing attacks, they need to design and implement new policies to help prevent and detect incidents. To help, here is a cybersecurity checklist for schools to follow to address each of these challenges.
As K-12 institutions aim to revamp their security efforts, a cyber threat assessment is key to establishing a security baseline. A cyber threat assessment assesses network security protocols, policies, application usage, access controls and methods, device onboarding, and network performance. This information provides IT teams with a baseline to measure against as they mature their security posture, which is critical, as understanding where you are today helps you map a path to where you need to be in the future.
Such assessments also need to include an inventory of systems, applications, endpoints and user access controls. This enables a deeper view into network vulnerabilities, helps establish patching priorities, and identifies devices that are at risk for compromise. Additionally, such an assessment provides insight into how well students and staff are abiding by the school’s acceptable use policy, as well as how network performance is being affected by the influx of devices.
Based on the results of a thorough cyber threat assessment, schools can then develop a maturity model to help plan for necessary updates to enhance cyber resiliency, better meet regulatory compliance mandates, while ensuring that performance will continue to meet projected demands. As IT teams assess their infrastructure and create plans to implement necessary changes, they need ensure they include:
Content filtering prevents students from accessing malicious websites and content, and is essential to being CIPA compliant. Often, such functionality is tied to or integrated with another solution, such as a firewall.
NGFWs provide security at the perimeter of the network, or at gateways separating logical network segments. They need to be designed to protect data from both known and unknown threats, and increasingly need to incorporate new threat detection and prevention technologies such as sandboxing. The FortiGate NGFW incorporates automated threat intelligence and internal segmentation with state of the art firewall functionality and performance.
Caching helps IT teams ensure they are realizing the most efficient use of their bandwidth. This is especially important to ensure that programs needed for classes and academic purposes are prioritized above streaming etc. even as greater numbers of devices connect to school networks. FortiCache enables administrators to block certain sites while offering advanced protection from malware.
While infrastructure updates can be costly, modern, adaptable security solutions are the best way to keep up with evolving threats. Additionally, many of these solutions are eligible for category 2 E-rate funding.
As the education vertical becomes increasingly targeted by ransomware attacks, IT teams need to make sure they know where their most valuable data is stored, with centrally or on distributed devices, and then implement a strategy that forces backing that data up. One way the security and visibility of data in use, data in movement, and data at rest can be enhanced is through internal segmentation. Segmentation provides a lateral view across the network, and drives security protections from the edge deep into the core of the network. Among other advantages, this approach enables IT teams to effectively and proactively identify and isolate sensitive data from the rest of the network. Backing up this data then ensures that in the event of, say, a successful ransomware attack, schools can retrieve this data without paying a high ransom.
When it comes to securing data, the fewer people that have access to it, the better. As students and staff connect to the network, schools should employ the principle of least privilege by implementing additional security controls within the network to ensure that only necessary and authorized personnel can access sensitive data. This approach will help mitigate instances of accidental data loss and data breach due to such things as password compromise, and help significantly in forensic analysis should such a breach occur.
Aside from ensuring the necessary technology and policies are in place, K-12 schools are well served by regularly reviewing cybersecurity basics and best practices with both faculty and students. This includes actions such as making sure they know not to open emails or attachments from people they do not know, to deploy effective endpoint security applications where possible, and to update their devices and applications on a regular basis to ensure the latest patches are deployed.
K-12 institutions are facing an onslaught of cyber threats, including malware, ransomware, DDoS attacks, and more. When successful, such attacks can be both disruptive and expensive, as well as have long-term negative effects for those whose data or personal information is lost. As K-12 schools attempt to navigate and address these threats in the wake of additional challenges, such as the cybersecurity skills gap and limited budgets, following this checklist will aid in enhancing your security posture and resiliency.
Learn more about Fortinet solutions empowering modern classrooms.
Read how Fortinet's Security Fabric (SD-WAN) enabled 21st century teaching and learning with Upper Grand School District.