All organisations are vulnerable to cyberattacks. Schools can be particularly attractive targets. They hold data on minors and their cybersecurity can be very weak. This means that all schools have an ethical and legal obligation to maximise their cybersecurity.
Here, IT Professional The Red Penguin provide their expertise on how you can help better secure your school from cybersecurity threats.
Appoint someone to be responsible for cybersecurity
Once you’ve appointed that person, give them the resources they need to do their job. In the real world, this may require you to divert resources from other projects. This is never pleasant. It can also be difficult to get other people behind this decision. Unfortunately, it is necessary. Cybersecurity may not be glamorous but it does keep both staff and pupils safe.
With that said, it is always worth reaching out to local authorities to see what resources they can offer. Even if they can’t provide extra cash, they may be able to offer guidance on how best to use the resources you have. They may also be able to suggest where you could potentially get additional resources. For example, they may know charities that might assist.
Commit to regular audits
Unfortunately, you cannot just put your cybersecurity in good order once and then forget about it. Cyberattackers are always developing new security threats (or discovering existing ones). Fortunately, cybersecurity companies are always developing ways to counter these new threats.
It is, however, down to you to ensure that the right protections are implemented promptly. The only way to ensure this happens is to commit to regular audits. These should happen annually. An audit will examine not just what you do but how you do it. It will aim to identify any improvements based on the current state of technology.
If it’s been more than a year since you had your last audit, make it a top priority to have one. There is a very strong chance that your cybersecurity measures are out of date. Your data is therefore potentially vulnerable.
Take care of your basic IT management
A lot of IT security depends on basic IT management. For example, if you always keep your sensitive data encrypted, then you don’t have to worry if it is leaked (or stolen). If you always keep your data backed up, then you don’t have to worry about a sole copy being destroyed (or corrupted).
In order to take care of your basic IT management, you need to know what IT you have to manage. These days, even in schools, that’s probably not going to mean just PCs and Macs. It’ll probably include tablets and maybe phones. It might include other devices such as smart devices. If it doesn’t, yet, then it very likely will in the near future.
It’s therefore vital that you keep track of your IT assets so you know what you have to protect. Then make sure that it is protected appropriately. In particular, make sure that updates are applied promptly. These often serve a security purpose.
Apply robust access controls
This is arguably part of basic IT management. It is, however, important enough to be highlighted separately. Access to data should be granted on the basis of need. What’s more, when access is granted, it should be to the minimum level necessary for the individual to do their job. For example, do not grant admin access if only read-write access is required.
Likewise, the ability to install software should be restricted. This will not only help with cybersecurity, but it will also help to ensure that all software is used with the appropriate licence. For clarity, software that is free for personal use may not be free for commercial use, not even for schools.
Train staff appropriately
You cannot expect staff to take full responsibility for effective security. They should, however, be taught the basics of IT security. This will help to protect the school and them personally.
