The covid pandemy and the move to remote learning have translated into a larger workload and increased responsibilities for schools’ IT departments, which in many cases were already understaffed and now had to support students, teachers and admin staff working from home. This “new normal” also meant higher risks of security breaches and data losses. While financial institutions, governments and hospitals seem to be more frequently mentioned in the news for cyber incidents, schools are also a prime target for cyber criminals due to the often antiquated systems and lack of strong cyber defense systems at most of these schools.
Protecting the confidentiality of the data in schools against ransomware and other cyber threats can be achieved through a common involvement of all stakeholders and by making sure that a clear strategy is put in place to achieve that objective. Here are five tips that IT departments can implement to protect themselves, their data, infrastructure and the people at the school against cyber attacks:
1. Create a basic security awareness training program. Most cyber attacks today result from social engineering rather than brute attempts to bypass IT systems built-in security systems. It is important that students, teachers, and other staff have a basic understanding of online threats so that they do not become victims of phishing, compromising the school’s network.
2. Invest in a basic Asset Management System. It is important that the school IT keeps track of the computers, tablets, printers and other devices on the school network so that these assets are kept up to date and protected. Systems must also be in place to detect when unauthorized devices are connected to the network, and prevent unauthenticated third parties from accessing critical systems.
3. Enforce a strict password policy and MFA. Easy to guess passwords make your school network vulnerable to cyber criminals. Users must be forced to use complex passwords that need to be updated at least every six months. Using a password manager is something that could be considered. Multi-factor authentication should also be implemented especially for remote access to the network.
4. Involve a Cloud Service Provider. It is important to have 24/7 antivirus and malware protection at each of the endpoints/devices on your network. It is also essential to leverage the cloud for remote backups as well as application patching. Endpoint protection, patch management and cloud backups can all be achieved without breaking the bank by hiring a cloud service provider. 01 Remote is a CSP in the Greater Toronto Area and our managed IT services packages include end network monitoring, user support, endpoint security, remote software patch management and cloud backups.
5. Have an incident response plan. Experiencing a cyber incident is not a matter of if, but when. It is essential to have an incident response plan in place that involves the school’s administration so that all parties know what to do when a breach happens, in order to mitigate the damage resulting from such event.
The five actions above are not a comprehensive cyber security plan but can be considered as a good starting point for schools of all sizes and budgets. Cyber security is a never ending process which will require the contribution of all stakeholders and continuous investment in time, efforts and money to achieve optimal results.
Are you a school in the Greater Toronto Area or elsewhere in Canada looking for help to protect your IT infrastructure? 01 Remote is a Fortinet partner and is able to provide assistance for creating a cyber security plan or improving existing security systems you may have. If you are looking to hire more staff for your school’s IT department, this is also something we can help with through our 01 Staffing division. Please contact us to discuss your needs.