Part 2 of our blog series about cybersecurity in education
By: Etienne van Bavel, security expert at CTOUCH
Following countless security issues at numerous schools, we cannot rest on our laurels. The era of self-interest and assessing how to get the most out of ICT is over. The privacy of both staff and pupils is at risk unless we collectively work towards a policy that fits each type of education. An institute or umbrella organisation for primary and secondary education has quite some different needs than a college or university has. We can, however, learn from one another and ensure that we put cybersecurity more firmly on the map.
From coconut to zero trust
We are already seeing college and university education providers employing dozens of staff in the area of data security. These IT experts dedicate their working week to network management completely. Network protocols are drawn up. And administrators set out comprehensive policies so that the school is clear on who is connected to which network. This is indeed a positive security transformation. Another interesting observation is that we are moving away from the 'coconut principle’ towards a Zero Trust policy.
Historically, schools and companies built a shell around them that protected the network on the outside. The assumption was that communication inside a local network could always be trusted. Yet malware and ransomware attacks can just as easily be carried out on the inside. So let us take a critical look at our internal network to avoid any nasty surprises.
Check, check, double-check!
In primary schools, teachers also perform the role of IT person. Even though teachers may be relatively comfortable with IT and data security, how much time do they really have to spend on it? Have password policies been considered? And how well trained are school staff on how to leave devices as secure as possible when leaving the classroom?
For schools in general, there are still a lot of steps to be taken. To avoid falling into the ‘coconut principle’ trap, it’s time that we embraced a zero-trust policy as the norm. Do not just trust anyone. Be it inside or outside school. And whilst it may sound heavy-handed, install a system that allows you to verify someone's identity using a few additional questions. Two-factor authentication, for example, uses a push notification. A message is sent to a person’s phone. Or an email is sent to a school employee for additional verification. That way, you will have a tighter handle on your network and protect the privacy of your colleagues and pupils.
Wondering what a zero-trust policy entails? Do not hesitate to engage an external party like Grant Thornton that can take a closer look at your network as a whole. At CTOUCH, we also like to put our thinking caps on. This will bring you one step closer to a safe classroom and learning environment. And give you more time to focus on teaching.
Cybersecurity all the way to the classroom: we have got your back
Security does not mean compromising on interactiveness. Or compromising on the ease of use of your educational tools. Quite the opposite! A safe learning environment simply works better, and teaching will be just as enjoyable as before. Etienne or one of our other security experts are happy to help. Their safety hats are well and truly in place. Now it's your turn!
I want to have a chat with a security expert!
You may find this interesting as well?
Also read the other blogs in this blog series:
Part 1: Cybersecurity in education: take action sooner rather than later
Part 3: 6 tips for tackling cybersecurity at school
Part 4: Security top tips for your school to stay on top of things
Whitepaper: Bye, bye hackers! Is your school cyber secure yet?