If you heard about the attack on the Los Angeles Unified School District in early October, you probably heard that 400,000 students’ private data was put at risk and that the hackers demanded a ransom. When speaking about the attack, the police chief made a point of saying that cyberattacks are “the number one threat to our safety” and that everyone is vulnerable. Even so, the education sector seems to have an especially large target on its back, with LAUSD being the 50th education entity to be hit with ransomware in 2022. If you want to avoid being next, there are a few key steps to take – including getting rid of flat networks. The status quo has to go.
Are You Prepared to Pay the Costs of Convenience?
All too often, schools blend their guest and student networks together. Such a move flies in the face of every single, basic security recommendation ever made, so why do they do it? Convenience. Yes, it’s more convenient but that’s because it’s insecure.
If your network is flat because of convenience, then ask yourself: Are you prepared to pay the costs of that convenience? The costs of an attack like the one at LAUSD are many, ranging from student safety to financial, operational, reputational, and more.
A Properly Segmented Network is a Must
If someone doesn’t know much about computer networks, they won’t know that a flat network is bad. Similarly, anyone without knowledge about security won’t know the importance of network segmentation. Still, ignorance doesn’t excuse inaction. A properly segmented network reduces the speed at which a cyber criminal can move across your network, making it a key priority.
In order to segment your network, you need to develop a route, which involves creating an access control list. This is the point at which many schools and districts balk. They don’t want to have an access control list, so they end up having no idea who’s coming and going. Once again, it’s more convenient. But it’s dramatically less secure.
To avoid being in this position, take the time now to focus on improving your network segmentation (by separating them into appropriate VLANs with access control rules and proper port control) and firewall geo-blocking. If you don’t have an information security professional on staff who knows how to do this, enlist the help of a third-party expert.
Time is of the Essence
A properly configured network that’s adequately monitored can alert you to any suspicious cyber activity early enough to intervene and significantly reduce and/or prevent a ransomware attack from taking hold of your data. This is important to note, because some people mistakenly assume attacks happen in an instant or a matter of hours. The average time to detect and contain a breach is 287 days. That’s 100 more days than the average school year of 180 instructional days. And the bad news – that’s if you have a properly configured network that can help you identify threats, not a flat network that further hides attacks.
Close the Back Door
All cyberattacks require a round trip through the firewall, so think of it like this: when you have a flat network, it’s like you have a thousand security guards at the front door to make sure nobody can come in (keep in mind, though, that these are untrained security guards and half of them are asleep). What about the back door? Absolutely no one is paying attention to anyone coming and going. This is another critical piece of the security puzzle. Administrators must remember that your ingress is just as important as your egress. In other words, it’s just as crucial that you know what’s leaving your firewall as it is to stop things from coming into it.
Reevaluating Your Third-Party Relationships
Working with an external security advisor is a smart and responsible measure for districts and schools to take. But not all of these relationships are created equally. For example, some districts rely on a third-party but have zero internal knowledge themselves. This might be all fine and well when things are going smoothly, but what if disaster strikes and you can’t reach your partner? In such a case, seconds matter. You don’t have time to waste.
So, whether you’re responsible for managing the network or you do it in partnership with a third party, it’s critical that there are at least two people within your organization who have an appropriate level of knowledge of the network and are readily available should they be called upon. This is important because the vast majority of cyberattacks happen during off hours when fewer people are watching for them. For schools, this could be in the evenings, weekends, or over extended holiday breaks. Because of this, you need to have two plans – one for a middle of the night attack and one for securing help over a holiday weekend.
Be Sure About What You’re Getting
Many school networks were built on grant money, or through donations, with no support budget built in. So, a school might receive an equipment donation, which they’re more than eager to snap up. But, if it doesn’t come with ample budget for support, it could end up doing more harm than good from a security perspective. If you’re being offered something for free (or without ongoing budget for support and maintenance), take the time to gain appropriate knowledge about it and ensure you have enough resources to support it moving forward.
When it comes down to it, an attack like the one at LAUSD doesn’t need to be successful. Your school and entire district can gain a lot of ground on the preventive front by going back to basics. Forget flat networks, instead setting up your network to segment and protect your data. This doesn’t have to be super complex or expensive; it just needs to be done thoughtfully. Once you do, your security will be tightened up and you’ll be able to breathe more easily.