In the world of Education, it is critical to keep a keen eye on all of the classroom technology to ensure that proper security measures are in place. Most breaches are actually caused by staff or students themselves where student personal data is mostly compromised. The task of securing district networks and the personal information of students and staff is becoming ever more complicated.
While the solution may seem simple on the surface, the diversity of hardware and lack of governance (and standards) among classroom technology exacerbates the issue making reducing the threat of a cyber attack near impossible. In working with our clients here at Fortis Cyber Solutions, we take a multi-faceted approach in addressing the risk of cyber attack:
- Remove administrator accounts from all of the end user devices on the network. While an inconvenience to the end user (at times), this significantly reduces the risk of cyber attack by slowing down the number of software changes occurring in the environment. The strategy allows for more thorough testing of each change, more control over when each change will be deployed, and the opportunity to better govern the change based on the needs of the business.
- Enforce password aging policy.Having end users frequently change their passwords helps curb the business culture linked to sharing account credentials. This simple change in account management policy will change your businesses culture by reminding them (based on policy) that there is a focus across the enterprise on Cyber Security. Moreover, end users will be forced to create a habit that will have an immediate impact on lowering the risk of cyber attack.
- Make sure there is a Firewall appliance in place.A firewall can be hardware or software in place to prevent unauthorized access (from Internet users) to the devices on the business network. We are amazed at how many businesses we partner with that have not made this critical investment. Most think that the device purchased from their Internet Hosting company is enough to protect them. So this issue, is just education as to what security devices are currently in place for the business and how they are configured.
- Take the time to educate to create open dialog.As a business, set aside time to teach your employees, partners, and service providers about their role in preventing cyber attacks. Invite employees to share stories around phishing emails received or why the cyber security policy is critical. Creating an open environment that welcomes feedback and ideas from everyone in the organization related to cyber security will help to minimize the impact of a threat should one occur.
Source: February 07, 2019, Benjamin Harold, Education Week, http://blogs.edweek.org/edweek/DigitalEducation/2019/02/schools_cybersecurity_incidents_2018.html
Photo Credit: Getty