School Network Security: Common Dangers and Potential Solutions

A Notable Threat

School Network Security is a growing issue as schools integrate hybrid learning more and more into their curriculum. It doesn’t matter if you’re managing an elementary school or a high school: if you have a computer network on-premises, you’re at heightened risk for cyber attack.

Complicating this reality are remote educational options through software like Zoom, which collaterally incorporates multiple digital networks together, compounding the vulnerable digital surface area a hacker can exploit. From 2020 to now, a record spike in cyber attacks aimed at schools has been recorded. The difficulty today is, districts are more reliant on modern tech than they ever have been. That trend will likely continue.

In January of 2022, 5,000 schools and colleges saw websites crash when ransomware targeted a private company called Finalsite that serves such clients. Moore’s Law may not be as applicable as it was, but tech still doubles on itself every couple years, giving “white hats” and “black hats” each advantages. Just as “legal” tech is a massive global industry, so also is cybercrime a multi-trillion dollar rival.

To protect against such persistent and continuous threats requires a dedicated, flexible, continuously-developing approach securing multiple operational areas throughout a given school district’s diverse networks. Most of these best practices need to be applied district-wide for ongoing safety and situational resolution. Here we’ll briefly explore five main points of security vulnerability that must be fortified: network design, employee tech use, student threats, external attacks, and legacy tech.

Network Design

School Network Security will become more of an issue through 2022. At the time of this writing, the spring semester is almost over. Summer months are ideal for IT prep ahead of the fall semester. Keep in mind, hackers have the same prep period; but you can “armor” your network, as it were. First, know the specific network design issues you’re likely to encounter. The way your networks are managed at the hardware level can represent a vector for hackers, and future remote infrastructure will have a similar issue.

You need to fortify areas you know will likely be problematic. EdTechMagazine.com has five resources for you to explore. The NIST (National Institute of Standards and Technology) has a list of cybersecurity framework guidelines you can use to establish and update network security. Next, the Consortium for School Networking (CoSN) has some specific cybersecurity resources, and they also feature a “trusted environment seal”. This can be acquired by effective application of best practices in data protection for students. Fourth, the Cybersecurity and Infrastructure Security Agency (CISA) has an online training toolkit. Lastly, IT influencer Doug Levin has put together a K-12 Information exchange map so schools can help one another protect against future cyber attacks. You can see what attacks are happening where, determine frequency, and identify exploited vulnerabilities.

Beyond these resources, you can perform a cybersecurity audit, re-examine tech resources to assure they don’t represent a vector for hackers, and train employees and students in terms of awareness to cybercrime, as well as the value of careful web use. This link has more info on that, but we’ll cover employee and student misuse of networks next.

Employee Misuse of Tech

Regardless of the business, the greatest tech threat will always be its staff. Often this isn’t intentional, but collateral. It’s not that the elective art teacher for elementary schoolers at your primary local educational facility is leaving bread crumbs for hackers intentionally. It’s that she understands paints, arts, and crafts; and doesn’t realize you have to change your network password with notable frequency to avoid being an “open door” for hackers. She doesn’t understand that certain online “art” sites are a front for deep web hackers. Accordingly, she represents a wide-open “avenue” for digital criminals.

You need to have a training refresher course every year at minimum; doing so quarterly is better. Educate teachers, managers, secretaries, principles, and even custodial staff if they’re plugged into your district’s email exchange server. Outsourcing to tech companies can help determine where employees could compromise operations, and what they need to know as regards access management and web use to avoid compromising network security.

Student Threats

Schools compromise network security deliberately and accidentally. You want firewalls, you want to put systems information under digital lock and key via password access protection, and you want monitoring solutions. You can’t be “static” with any of these things, because hackers learn how to get past previous protections, and students do as well. Your security has to be alive, and updated as necessary. ESchoolNews.com points out how you can secure web restrictions so students can do the least damage while still being able to learn. They provide a list of things to look for in a security vendor for your school, we’ll cover them now.

First, security vendors offer a “list only” option only allowing approved website access through a given firewall. There are Artificial Intelligence and Machine Learning (AI and ML) options to help in terms of website approval. Router setup best practices assist in total network monitoring, there are device options like this as well. Seek security solutions from vendors who serve databases that are larger for better security. Such vendors should also offer “SafeSearch” and “Restricted” modes to keep students from getting lost down the wrong “rabbit trail” on YouTube. Additionally, look for vendors offering remote management, resource merging solutions for customized filtering, statistical info to help in student activity monitoring, and full CIPA compliance.

External Attacks

There are external attacks that your network will likely face. You’ll want monitoring solutions and sandboxing options to interact with emails which could be a threat in a safe digital environment.

Firewall and security systems software will need to be updated at intervals, automatic patching is ideal for this. You’ll want backup solutions for when all else fails, there’s a rule of thumb for that: You want three total image backups on at least two separate types of on-site media, and one set of backups that are off-site. Here’s a link to some more best practices designed to secure your network against external attack.

Antiquated Tech

Old tech is more vulnerable than new tech for the same reason it’s easier to break into an old ramshackle cottage than a modern tiny home with new doors, locks, and associated security. For one thing, old tech becomes less capable over time owing to exponential iterative development. Your smartphone is smarter than NASA networks were during the Apollo missions, just to give you an idea of scale. If you time traveled with hacking acumen to the sixties and seventies, your pocket computer could dominate the best NASA had to offer back then. The same is true of computers at the turn of the century, and those today.

That said, the latest tech is vulnerable for a different reason. You want to trail behind the “bleeding edge” of modern tech. Outsourcing tech management to MSPs can be helpful, as they know which new tech has the “bugs” worked out, and which old “tech” is most vulnerable. The hard part is in terms of budgeting. Your district likely doesn’t have the budget to stay on the cutting edge, and you’ll be forced to use legacy tech. Accordingly, network design needs to digitally “quarantine” more vulnerable devices as time goes by.

Optimizing IT Security Throughout Your School District

  • Systems need to be updated so legacy technology doesn’t represent a vulnerability hackers can exploit.
  • External attacks will happen, internal security needs to be able to match what’s out there, and designed to be naturally upgraded for future threats.
  • Students need to be restricted from certain access to certain things online, but not to the extent that they can’t learn.
  • Monitoring and data capture are necessary to that end, and externalized security is worth acquiring; provided it offers solutions along the guidelines explored in section three.
  • All employees need to be educated on best practices for security (and it’s certainly worthwhile to give students limitations on their conduct with tech during class-time), and you want network design to be as secure as possible.

Basically, you want a strong but flexible security design for your district, and each K-12 “satellite” school needs to follow the same principles so everyone is on the same page. Explore local and non-local options, and find what cybersecurity professionals have to say. A good first step might be contacting a Managed Services Provider (MSP) to conduct a “penetration test”, which helps determine existing levels of security, and where district-wide networks or individual schools need to improve.

Dmitry Litvinov
Latest posts by Dmitry Litvinov (see all)
Categories: