SECURITY: PROTECTING STUDENTS AND SCHOOLS ONLINE

According to the 2018 COSN IT Leadership Survey Report, cybersecurity is now a top education IT priority. At the same time, 68 percent rated the privacy and security of student data as more important than the prior year. 

A major data breach and loss of data could easily endanger compliance with GDPR, and lead to devastating financial and reputational costs, not to mention the day-to-day impact on the running of your school. 

Another recent survey of education establishments found that 26% of schools who responded were aware of weekly attacks on their networks and a staggering 11% now reporting daily attacks. At Computeam we’ve noticed a significant increase in malware issues, particularly the dreaded Cryptolocker virus which encrypts all of a school’s data and demands a ransom to get it back. Understanding the nature of online threats is the first step in countering them.

THE MAJOR THREATS

Web security

Websites provide almost unlimited opportunities for learning and research within the education environment and safe access to these sites is vital, but increasingly criminals are using fake sites to harbour threats to your network security with seemingly harmless downloads containing malware. 

Email

Email traffic remains the single biggest entry-point for Ransomware and other viruses to access your network. Schools are seen as soft targets, with as many users accessing the network in a medium sized primary school as do in a large corporate office building. How many businesses do you know that have 400 users with different skill levels and with age groups ranging from 4 to 70 all accessing a network?! Even cloud solutions like Microsoft O365 and Gmail from Google are not immune.

Spear Phishing

Spear phishing is rapidly becoming the most significant security threat in business and attacks in Education are on the rise. Countless individuals and organizations have unwittingly wired money, sent tax information, and emailed secure credentials to criminals who were impersonating their employer, colleague, or even a trusted friend. These attacks are compelling and cannot be stopped with existing email security solutions—creating devastating results for those affected. No one is immune to a well-crafted Spear Phishing attack- least of all vulnerable and impressionable young people and their time-pressured teachers. 

Data Loss 

It’s not just criminal activity that can affect your data; there are also the possibilities of data loss due to natural disasters, hardware failure, power surges or just human error (the biggest cause of loss being inadvertent data deletion). Backing up all of your data securely and regularly is vital.

WHAT CAN YOU DO? 

In a nutshell: Secure it, monitor it, back it up and train your users! 

Computeam Secure offers a complete set of advanced threat protection software and solutions to do just this, monitoring networks and ensuring that your staff and pupils’ data is protected from all of these threats. 

We work with several security solutions providers including Barracuda (Computeam were recently  awarded  the  prestigious Barracuda MSP partner of the year 2018) and ESET for anti-virus and encryption.

SECURE THE NETWORK

Good quality antivirus software is the first stage in securing your network and user devices but it’s no longer enough. With an increasing amount of data residing in the cloud, we recommend a wider approach: 

Barracuda Essentials provides the most  complete, simple, and affordable solution for protecting emails and data in Office 365,  Microsoft Exchange, and G Suite. It combines  award-winning email security, as well as a tamper-proof email archive to ensure compliance and simplify searches that might be required under GDPR. For Office 365, Barracuda also offers full cloud-to-cloud backup and recovery of all your emails and files. 

In addition, many of our clients now choose to encrypt data on devices that leave their network and put in place extra security on remote access and online services by deploying 2-factor authentication, for example SMS passcodes in addition to a password. All of the above services can be included in a single annual subscription.

MONITOR FOR ATTACKS

Our monitoring service is based on Barracuda Sentinel, and can automatically detect and prevent spear phishing attacks that evade traditional email security systems. The Barracuda Sentinel AI engine learns organization’s unique communication patterns, and uses these patterns to identify anomalies and quarantine spear phishing attacks in real-time. This high-value service generates reports that might also form part of your training and awareness-raising strategy (see below). 

For our managed service clients, we can also arrange a full domain security audit which will scan the windows network and look for vulnerabilities such as weak user passwords. 

BACK IT UP

In the end any security system can be compromised so a high-quality, automated, off-site backup service is essential. That is exactly what Computeam offers to our managed service clients in partnership with Barracuda Backup. Once an initial installation is completed, files and folders are automatically backed up in the cloud and are encrypted beyond the 128-bit encryption methods typically used for online banking. We also communicate with our servers using SSL (Secure Socket Layers) technology, ensuring your data is encrypted both in transit over the internet and in storage.

TRAIN YOUR USERS

Good awareness from staff is an essential part of any cybersecurity strategy for your school. We can signpost the way to useful online guides, arrange for a specialist trainer to visit and deliver an INSET, or even deliberately target your network and users to reveal weaknesses (known as “Penetration testing” or “White Hat Hacking”) and use these as learning opportunities.

DON'T PANIC

We understand that every school has a different challenge in maintaining security online and that budgets for many are already stretched. We are confident that by taking a planned approach and prioritizing the right areas, you can achieve a minimum level of protection without breaking the bank and work with your service provider to develop your network security over time. 

Advice is always free at Computeam so please get in touch to discuss any ideas or concerns you have about data security today.