To improve cybersecurity, start at the endpoints

Careful monitoring and attention to endpoints are just two elements of a strong cybersecurity strategy for K-12 districts

Getting better grades in cybersecurity must be a top priority for K-12 schools this year. Schools need to prioritize thwarting industrious hackers who are intent on getting to the treasure trove of information and personally identifiable information (PII) schools manage.

Just ask the staff of the Olympia School District in Washington, whose addresses, social security numbers, and salaries were exposed by a large-scale data breach.

Related content: Why cybersecurity training programs are critical

Yet despite the immense target schools present, it’s been difficult for educational institutions to make the cybersecurity grade. A 2018 SecurityScorecard report found that, out of 17 major industries, the education sector ranked last in terms of cybersecurity performance. It performed poorly in several areas, including patching cadence, application security, and endpoint security.

The latter has proven particularly difficult to manage, in large part due to the sheer number of devices being used cyberon school networks. A survey by educational software company Kajeet found an overwhelming majority of students and teachers use an array of devices—including Chromebooks and iPads—every day in the classroom. Some of these schools operate under a BYOD mandate, and some of the devices may not have top-notch security controls in place (or any security).

It all amounts to potentially thousands of unsecured endpoints a school IT administrator must monitor throughout the day and evening. That job becomes harder when there’s limited visibility into—and control over—the types of devices accessing the network.

Let’s look at some strategies administrators can employ to take control and protect these endpoints.

Establish rigorous access control policies

In a school setting, it’s not unusual for the same devices to be shared amongst different students. Many of those devices are likely being passed down from one class to another; for example, devices used by a graduating class in higher education may end up being used by next year’s class.

With so much turnover, it’s important to set up strict network access control policies. Administrators should restrict access to those who need it. When a student graduates or leaves the school, their network privileges should be revoked. The same goes for staff. If those access points aren’t closely regulated, the school runs the risk of a user’s credentials falling into the wrong hands, providing bad actors with a potential foothold into the school’s network.

Monitor user behaviors

Those bad actors can be discovered through close monitoring of user behaviors. This involves monitoring for anomalies in the ways a user typically accesses a school’s network. Administrators can set up a baseline of “normal” behavioral patterns for each user. Security systems can then look for breaks in those patterns indicative of suspicious behavior.

For example, an account for a student housed at the University of Texas may suddenly show that student accessing the UT’s network from China. That abnormality may indicate the student’s credentials have been compromised. It could warrant further investigation and proactive measures, such as locking the user out of the network.

Monitoring user behavior considers highly specific actions that are more likely to set off alarm bells than, for instance, simply looking at a bunch of log files. While logs can be extremely helpful in tracking down the source of a problem, they don’t provide a full picture of user activity. Analyzing users’ behaviors can be one of the most effective ways to keep hackers from spending months embedding themselves into a school’s network.

Take a sophisticated approach to endpoint monitoring

Today’s cybersecurity threats are becoming more advanced, to the point where it’s no longer enough to implement traditional malware protection. Phishing, ransomware, and other tactics are increasingly prevalent.

To deter these rising threats, administrators must implement sophisticated endpoint detection to alert them to potential threats as they attempt to access the network. This must be scalable enough to monitor all the endpoint devices using a school’s network, and alerts should be provided in real-time to allow administrators to quickly respond.

Automated responses, dictated by the school’s preset security policies, can help administrators take things a step further. Even a slight violation of policies should immediately trigger an automatic action to contain and neutralize any potential damage (for example, blocking of traffic to specific endpoints). Then, administrators can jump in, assess the impact, and take steps accordingly.

Create a staffing structure in support of good cybersecurity

Despite all these best efforts, it’s very likely that a breach will someday occur. In this case, it’s important to have the right people in place to address the problem.

Good cybersecurity requires a commitment from administration on down. Risk committees should be ready and willing to sign off on remediation procedures in a timely manner, and IT administrators should be empowered to share information and best practices and learn about the latest potential threats.

Hackers have discovered schools of all grade levels can provide a wealth of PII and valuable data. As such, the cybersecurity threat won’t be going away anytime soon. Schools can’t afford to fall further behind the curve. Instituting the strategies outlined above can help them improve their cybersecurity postures and protect their students, staff, and networks.

eSchool Media Contributors
2920