Educators across the country work to ensure students have access to safe and productive environments where they can advance their education and prepare for their careers. In 2018, achieving this goal is becoming increasingly difficult. Maintaining effective security means schools and universities need a combination of physical and cybersecurity solutions that work together to keep students and faculty safe without causing educational environments to become less conducive to student success.
Recent headlines have brought the need for increased security in educational institutions to the forefront of people’s attention. Although it may seem like the education sector is primarily a target for physical attacks, it has also become a prime target for cyberattacks. In the first half of 2017, the education sector alone accounted for 13 percent of data breaches, resulting in the compromise of around 32 million records. Although educational institutions may not seem to be the same sort of obvious target that financial services or healthcare organizations are, the reality is that they actually house a great deal of sensitive personal and financial information, as well as valuable proprietary research data and intellectual property that is highly attractive to the cybercriminal community. To successfully protect students, faculty, and visitors, therefore, schools and universities need to establish and maintain constant awareness of both physical and cyber threats.
The Security Landscape in Education Today
The U.S. House of Representatives passed the Students, Teachers, and Officers Preventing (STOP) School Violence Act of 2018 on March 14, 2018, only a few short weeks after being introduced on January 30. This bill aims to bolster school security through grants that help fund additional security features, training, and local law enforcement in existing school environments. Luckily, at the federal, state, and local levels, there is a timely influx of legislation to boost physical school security for the new fiscal year starting on July 1. Indeed, states are pushing for approval on expanded spending now, allocating resources based on the size of the institution, population of the district, and/or student population. Additionally, conversations are underway to enhance the federal E-rate program to help K-12 schools improve their network infrastructure.
Addressing Security in the Education Sector
Among the myriad of top-of-mind priorities for educators, security is one of the greatest concerns they face today. The education sector isn’t having to face this challenge alone. Federal and state governments are also facing growing pressure to increase security in schools and campuses across the country. This momentum is important. As more and more schools make the digital transformation necessary to help students and faculty succeed in today’s digital marketplace, the need for a variety of security options is only growing. For schools and universities, finding a balance between secure facilities and constructive atmospheres can be difficult, forcing security personnel to make tough decisions on where to prioritize resources when facing down a variety of threats.
Consider the following tips:
Combine Physical and Cybersecurity—There is growing recognition across multiple industry segments that keeping physical and cybersecurity separate is a mistake. Running security cameras and recording devices on Next Generation Firewalls (NGFWs) keeps those devices safe from ransomware, botnets, and other forms of hacking, while delivering high-performance bandwidth. In the event of a malicious breach, network segmentation can quarantine infected cameras (viewed as IoT devices) and prevent a malicious intrusion from spreading to other cameras or areas of the network. Integration of physical security also enables organizations to monitor and block network access (email, web, etc.) for students and third parties deemed violent or dangerous.
Future Proof for Further Integration of Physical and Cybersecurity— The integration of physical security solutions such as cameras, monitors, and physical access control systems, etc. with network security allows for the addition of other security recognition and response solutions, such as flagging web and email behavior on secure networks followed by enacting physical security measures (or vice versa) to a school’s security toolkit. Educational institutions must have comprehensive, integrated, and automated security networks designed to address the ever-evolving attack surface, the complexity of managing security and compliance, and the growing volume, velocity, and sophistication of threats. A security architecture consisting of isolated point products—whether physical or cyber—simply can’t support the complex security requirements of today’s K-12 and higher education institutions.
Avoid Off-the-Shelf—Schools need surveillance solutions that integrate into the network. This ensures that the cameras and recording devices have dedicated network bandwidth without any degradation in performance or interruption in connectivity. It also facilitates the deployment of each camera and recording system (plug-and-play into the network) while ensuring it is protected by NGFW security from malicious attacks (e.g., hacking, DDoS, etc.). Surveillance solutions that provide biometric and object recognition capabilities can deliver near real-time recognition, enabling schools to quickly and easily pinpoint incidents before they occur, and identify individuals who have been tagged as risks. Tying this to other security systems through a networked approach allows security systems to function as a single, integrated strategy to raise alarms and respond automatically to detected threats.
Consolidate Endpoints—As schools adopt more applications, technologies, and IoT devices for their classrooms, each independent endpoint becomes a potential entryway into the network. When you consolidate these potential entryways by tying them together through a single, integrated network security fabric, you drastically reduce your potential attack surface and simplify your cybersecurity efforts while more efficiently coordinating them across the network.
Manage Network Access—Given the high volume of users entering and exiting a school’s network, establishing the means to identify who can and can’t gain access and which resources they have access to is crucial. For effective cybersecurity, schools should use solutions that can easily identify users and then dynamically assign access to network segments accordingly.
Modernize Your Surveillance System—Updating obsolete analog security surveillance systems to a centralized, digital configuration allows for faster threat detection and reaction, including enabling facial recognition software, along with additional features like mobile monitoring for faculty and staff, and then tying that data to other physical and cybersecurity solutions.
The priorities that educational institutions face are numerous, and the need to address them is urgent. Educational institutions find themselves stretched too thin to effectively secure themselves against cyber and physical threats in a timely and comprehensive manner using traditional security tools and strategies. Combining physical and cybersecurity solutions, along with adopting new digital technologies such as facial and object recognition or physical access controls, can create comprehensive solutions for school safety without overwhelming limited resources.
With wide areas of coverage, limited manpower, and a dynamic student population to educate, schools and universities need to focus on solutions that consolidate as many security elements as possible and centralize things like management, orchestration, and policy enforcement, rather than simply adding additional point products that compound complexity and inefficacy.
When evaluating security in the education sector, there are opportunities to blend cyber and physical security into a single cohesive strategy, which open up opportunities to effectively address needs across physical and cyber landscapes.