After months of planning, professional development and communicating with parents, teachers, and students, some schools have had to delay opening because of cyber-criminals. The list of school districts who are victim to ransomware and other malicious attacks is growing, and it’s important to review your district’s digital security, knowing that schools are a prime target for cyber-criminals. The review should include examining devices, networks, wireless networks and district protocols.
Laptops and desktops are often protected by endpoint security, keeping viruses, malware and other threats at bay. These protections can be kept optimal by ensuring the software is kept up to date through automated updates, usually managed by a district’s IT team. With many devices being used remotely, check to be certain the automated updates work remotely and do not require access to the district’s networkDistrict servers must also be kept up to date to maintain the security and privacy the students, teachers, and community expect. The risks are quite real, as underscored by this weekend’s emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA) requiring state and local governments patch all “Windows Servers with the domain controller role” by September 21st. Equally important is the directive for servers with domain controllers that can’t be updated. Specifically, the emergency directive mandates “if affected domain controllers cannot be updated, ensure they are removed from the network (https://cyber.dhs.gov/ed/20-04/).” Although the directive applies to departments and agencies which are part of the Executive Branch, the CISA, “strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible.”
Wireless network security settings should also be reviewed to ensure the proper settings are applied to for any of the various access scenarios a district may have. This is particularly important if the district embraces a Bring Your Own Device (BYOD) program. Similarly, guest access and the permissions for all other access should be updated to meet the needs of the current school year. There should be documentation maintained for all settings.
Finally, after having reviewed endpoint security, updating any outdated servers, and reviewing wireless network access, it’s wise to review district protocols. Are there employees who have remote access or VPN credentials to access the network remotely? Do all who had such access last year continue to have a need for it this year? Is such access logged? Other protocols to consider include reviewing active accounts and access permissions and confirming accounts for staff who have left the district have been disabled.
Staying on top of these basic security measures may have competing priorities as students and teachers require “just in time” support for remote learning. Anticipate such needs and carve out the necessary time to ensure the safeguards are in place.
Engaging users as partners is vitally important, providing ongoing training around secure passwords, phishing threats, and other risks. Though not the focus of this article, resources can be found at the KnowBe4 website.
Originally posted at https://krouskoff.com/articles on September 21, 2020.