A return to normal does not mean that IT administrators can take their eye off the ball regarding cybersecurity
Schools are a popular target for cyber attackers. This is partly due to the amount of staff, student and general learning information being held on the network, but also because the nature of education means that access to data is often allowed, either for continued research or to review coursework, for a period of time after students leave. Security best practice is a challenge in this environment, but recent rapid changes have provided an excellent opportunity to review these practices for the coming year.
When the pandemic struck, schools had to adapt quickly with a wholesale shift to remote learning. Staff and students found themselves using new platforms such as Zoom or Teams to communicate, as well as making use of online file-storage systems for uploading, reviewing and marking coursework. Attackers took immediate advantage of this change, targeting newly implemented technologies to access resources and steal data. Their methods included credential thefts, password scams, Zoom-(and other video conferencing tools)-bombing and ransomware.
The level of attacks settled during 2020 as schools became more used to remote learning and other new ways of working, but this situation may be about to change. With global vaccination programs underway and return-to-work programs in development, everyone is planning for a return to bricks-and-mortar, including education systems. This provides attackers with an opportunity to hide in the confusion caused by a massive rush of people re-joining school networks. Any establishment not monitoring for unusual behavior patterns on the network could be placing itself at risk for an attack.
Back to School: Planning for the Return
School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year. There will be bigger and more complex projects to work on for many such as advanced threat detection or multi-factor authentication. Still, a couple of simple-to-address ‘quick wins’ that will help to establish robust security foundations are:
• Think about budgets. Often security investments are made in reaction to a breach or regulatory requirement. As such, in a larger school, new products are sometimes purchased and deployed in departmental bubbles. It’s worth creating a supervisory board for IT investments to ensure that any new product decision is made at the right level and can be adopted everywhere at once. This improves protection, assists with aligned management, and can reduce overall cost with potential vendor discounts for scale.
• Look at the network. Ensure that VLANS are in place to segment correctly and segregate devices and data on the network. Keep administrative and classroom access separate, by establishing a network that’s only for IoT and connected devices. Managed networks make monitoring simpler and alerts easier to identify and remediate effectively. This approach also reduces the risk that can come from potential unauthorized connections on any publicly accessible part of the school network.
• Force everyone to change their password before the start of the new academic year. Establish and communicate best practice for new passwords, including a mandated level of complexity for strength. Create a password management policy that includes regular change requirements and limits concurrent connections from a single user account. Old, reused and shared passwords are common ways for an attacker to access network resources.
• Run awareness activities across the network. Live-fire exercises can expose gaps in plans, staffing or technology, allowing these to be closed before an attacker can take advantage. Also, schools can educate staff and students on the type of content that needs to be watched for through smaller programs such as phishing campaigns – this is beneficial to protecting the school and could also help someone safeguard their personal data.
Best Practice: Preparing for Attack Mitigation
Establishing security best practice is just one side of the equation in cybersecurity. At some point, you will be targeted, whether directly or as part of a broader campaign against schools in general. It is crucial to have a mitigation response plan in place to understand what happens and the role each person can play in reducing the impact of an attack or breach on the network. Whilst the detail in every plan will be different, based on the environment under protection and the existing solutions in place, the basic best practice to follow is similar for every school environment:
• Pre-attack: Develop a detailed response plan and review it at least every three months to ensure nothing has changed. Without this, no-one knows what needs to happen, who is responsible for which actions so systems can remain exposed.
• During an attack: Keep to the plan, bring the team together and reinforce each person’s role. This way, understanding what has happened and starting to implement a response will be quicker and more effective. Have records of any changes made during the attack and be ready to take systems offline, so potential damage can be isolated and minimized.
• Following an attack: If the response plan was followed, then the mitigation efforts will result in a set of improvement activities that will help to deflect a similar attack in the future. Remember that once a successful ransomware attack is launched on any organization, the chances of a repeat attack increase significantly.
The Return to Normal
Most people are excited that after one of the most challenging periods in our lifetime, a return to normal is on the horizon. However, this does not mean that IT administrators can take their eye off the ball regarding cybersecurity. Take some time now, before everyone is back at their desk, to review policy and process. This means that any changes can be carried out with minimal impact on learning. It is still also worth communicating the plan and actions taken to staff, students and parents, because it will increase confidence in learning when everyone can return to their classroom.
Learn More About Cybersecurity Strategies at SecurityWeek’s Virtual Event Series