Many schools today manage a legacy IT infrastructure on tight budgets that limit their ability to adequately detect and respond to cyber threats and attacks. This challenge is exacerbated by the emphasis on creating technically advanced learning environments to stimulate and enhance our youth’s education. Substantial requirements to support open data exchange, and student-owned laptops, tablets, and phones call for a proactive approach that combines modern IT solutions with the matching security tools and best-practices to quickly identify and neutralize potential breaches or attacks.
InterDev’s K-12 IT security checklist includes:
- Proactive IT monitoring – Proper and proactive IT monitoring is a simple and easy way to stay on top of your network’s security.
- Update your patches – Keeping security patches current is critical in any environment. Remember to keep operating systems and other supported software updated to maintain manufacturer support.
- Segregate student networks from admin networks – For a school network, separating the student LAN/WLAN from the administrative LAN/WLAN is essential. Additionally, we recommend separating the district’s back-office operations from each of the schools.
- Implement a backup program – A solid data backup program can save the day in the event of a ransomware or other data attack. Some districts are investing in redundant systems with offsite server backup so that services can be restored with minimal downtime.
- Take all possible systems offline – Anything that doesn’t absolutely have to be connected to the Internet should not be connected to the Internet—this includes printers, cameras, TV’s, etc. This is one of the most effective strategies for reducing an environment’s attack surface.
- Routinely test for vulnerability – Regularly perform external vulnerability assessments to preemptively identify your weaknesses and develop remediation strategies.
- Create an incident response plan – Every school system needs a cyber incident response plan in place and readily available for implementation. The most effective method for minimizing an attack is ensuring your staff knows and follows the action plan should an attack occur.
- Cybersecurity education – Basic cybersecurity education should be provided to both students and faculty to help them identify phishing and other social engineering tactics so they are less likely to introduce malware or ransomware on the network. User education is key to safeguarding any network.
InterDev assists schools and districts not only in increasing the efficiency of their IT practices but keeping their networks resilient to cyber threats. To start a conversation about how to protect your school, contact InterDev today.