As a consequence of the ongoing health crisis, educational institutions were required to make provisions that would allow both teachers and students to work from home. However, as with many other organizations, the abrupt shift came with a plethora of data security challenges for schools.
Why Data Security is Important for Schools
According to a recent report by Microsoft Security Intelligence, the education sector had the highest number of malware encounters in the last 30 days. Additionally, although not directly related to COVID-19, 45% of incidents affecting the education sector were carried out or caused by either staff members or students, according to a 2018 report by Verizon. The report also states that “DoS attacks account for over half of all incidents in Education”.
Data Security Tips for Schools
As a starting point, schools will need to appoint a senior member of staff to oversee all areas of information security, which includes holding meetings, organizing training programs, implementing policies and procedures, and ensuring that all relevant stakeholders adhere to them.
The policies and procedures must be well documented and cover a wide range of topics including; acceptable use, remote access, encryption, passwords, backups, incident response, and more.
Security Awareness Training
Given that malware continues to plague the education sector and that a significant number of malware encounters are caused by students and staff, the most obvious area to focus on would be…education! By that I mean, educating students and staff members about data security best practices, with a specific focus on learning how to identify and report on phishing and social engineering attacks.
To be even more specific, students and employees must be trained to check the sender’s email address to ensure that it is legitimate, and be cautious of any emails claiming to be “URGENT!”. They must watch out for emails with spelling and grammar mistakes, and unusual or impersonal greetings or salutations. They must be extra cautious about downloading email attachments, and emails requesting credentials, payment information, or sensitive data. You should constantly remind teachers and students to report any suspicious emails to the relevant IT staff. Perhaps also consider carrying out mock phishing attacks to identify any areas of weakness.
While perimeter security has become less relevant in recent times, schools still rely heavily on their own infrastructure. Not only that, but since the education sector is plagued by DoS attacks, having strong perimeter security is essential.
Schools will need to closely monitor, block and report on any suspicious inbound and outbound network traffic. They should be using the latest firewalls and intrusion prevention systems, which are capable of deep packet inspection. Even though many sophisticated forms of malware are able to evade most AV solutions, they are still an important line of defense and must be kept up-to-date.
Students download and store large amounts of unstructured data, which might include Word documents, audio files, videos, spreadsheets, PowerPoint presentations, and so on. Having large amounts of unstructured data floating around presents a huge security risk, as security teams are often unaware that these documents exist, let alone whether they contain Personally Identifiable Information (PII). In this scenario, schools should use a data classification tool which will automatically scan their repositories for PII, and classify the data accordingly.
Enforce “Least Privilege” Access
All users, whether teachers, students, or administrators, must be granted the least amount of access necessary to perform their role. Given that students come and go every year, schools must be vigilant when it comes to revoking access and disabling user accounts when they are no longer required. As a safety net, it might be worth adopting a solution that can automatically detect and manage inactive user accounts.
User Behavior Analytics (UBA)
Monitoring user behavior in such a complex, distributed, and dynamic environment can be tricky, but necessary nonetheless. Most sophisticated UBA solutions work by monitoring the behavior of each user until enough data has been collected to establish typical usage patterns. However, unlike your average employee, who performs many of the same operations each day, students tend to behave in a less predictable fashion.
Most UBA solutions are able to detect and respond to events that match a pre-defined threshold condition, which might include multiple failed logon attempts, bulk file encryption, or when a large number of files are uploaded from, or downloaded to, a portable drive or device.
As an example, if a large number of files have been encrypted within a given time-frame, this might suggest that a ransomware attack has been initiated. In this case, a custom script can be executed, which might include disabling a user account or specific process, adjusting the firewall settings or simply shutting down the affected server. “Threshold alerting”, as it is known, can be a very useful means by which to identify anomalous user behavior in a complex and dynamic setting.
Keep All Systems Up-to-Date
One of the downsides of maintaining your own infrastructure is that you are responsible for keeping your systems up-to-date, which includes any network infrastructure and installed software. While there are no shortcuts for replacing vulnerable hardware devices, it’s generally a good idea to use an automated patch management solution, which will locate and install the latest patches as soon as they become available.
Leverage Cloud Computing
Many organizations are understandably concerned about the security implications of storing sensitive data in the cloud. However, these concerns are becoming less relevant as most popular cloud service providers are now able to offer security architecture that is as good, if not better, than most on-premise environments.
Maintaining your own infrastructure requires a lot of time, effort, and expertise, and in many cases, it works out to be more expensive. Most popular cloud providers invest heavily in security innovation, which isn’t surprising given that information security is an integral part of their business model. Using a popular cloud provider will guarantee that security updates are installed as soon as they are available and that they are compliant with the most relevant data privacy regulations. Of course, you must still take responsibility for correctly configuring any cloud storage containers, restricting access permissions, keeping track of who has access to your sensitive data, and so on.
If you’d like to see how the Lepide Data Security Platform can help schools protect against threats to data security and maintain compliance, schedule a demo with one of our engineers or start your free trial today.