It’s well known that having good security for educational institutions is both challenging and necessary. Schools are primarily here for education, but often have other usual administrative departments like human resources and accounting.
With all those services there are security compliances that come with them. Some examples being HIPAA, CIPA, COPPA, FERPA and PPRA. Typically, there is an expectation of information sharing within schools. How can educational institutions expect to be secure while also freely sharing information?
Security and privacy are something that each person expects in their daily lives. We all have certain pieces of our lives that we consider private and would only share with a certain amount of individuals.
There are also things that people would give away freely to anyone who asked. This process doesn’t take a lot of thought in personal lives because categorization happens automatically.
The interests of a schooling system are plenty different from a small group of people, with completely different contexts in the equation. There is an advantage to having many people contributing to privacy contexts and their visibility into the environment, since it can help root out even the smallest loopholes.
1. Know What You Have
As the recent WannaCry ransomware outbreaks show, the security network is only as good as its weakest link. Knowing what all of your assets are, including data and physical machines, is important.
Attackers will not always enter networks through obvious places. As explained in one of our previous posts, a hack can happen from anywhere, even a printer. Since schools have such interconnecting networks with constant new tech being brought in, securing the networks is an ongoing task.
Once you have established regular reporting of your assets, you can start identifying the risks associated with those assets. Performing ongoing risk assessment gives you a number of other benefits. Having a constantly evolving record of your assets improves reporting and tracking of security incidents and it can help you recognize suspicious actions more quickly.
2. Create Lists To Reduce Risks
Mitigating risks is the next important step to keeping your school safe. Remembering to update software in a timely manner, making regular backups, encrypting data, using anti-malware software, and using firewalls can take your security from nothing to state-of-the-art.
The best thing to do after this is begin creating lists of systems and users that require varying levels of access to reduce risk and mitigate damage.
Some users will require more access than others. Machines and users that require nearly unlimited access will be a security nightmare. It is still quite possible to minimize the potential damage.
It’s important not to give any individual, system or part of your network any more access than is absolutely necessary to perform approved job functions. Some users will require different handling, depending on their role in your environment. Strong authentication and authorization can help you verify that users are who they say they are, and this identity can be checked against permission lists to determine what resources they are allowed to access.
Keep uncontrolled devices like phones and laptops brought by students and staff on a separate network than sensitive information such as payroll, healthcare records, and research data. Keep the sensitive areas of the network segmented so that they are separate from each other. Attackers can’t use the less-secure network to get into the more secure one.
3. Gather Support
Tech solutions can only go so far if you do not address the way people interact with the network.
Research shows that 52 percent of data breaches are the result of user error. If security methods cause too much hassle, users can begin using their computers unsafely in order to bypass the security.
Security has gotten a bad reputation for being a “Big Brother in your computer,” but if you work with your users to see how they go about daily tasks, you can tailor your security system to their needs, thus making everyone happy.
Users are the eyes and ears of your network. By enlisting their help to distinguish between normal or anomalous behavior, and rewarding safer behavior, you can offer users more incentive to help improve your organization’s security. This, coupled with risk assessment and technological mitigation methods, can make a huge difference in your ability to fend off security disasters.