Cyber Security Tips for School Administrators and Teachers
Schools are probably the last space that comes to mind when we think about cybersecurity, and that is perhaps one of the reasons these institutions could easily receive an "F" for their cybersecurity measures. Nevertheless, it is time that cybersecurity is taken seriously by any school staff and the administration. We might think that most of the threats to cybersecurity at schools may amount to students trying to hack into the school's database to change their grades or random phishing emails that may land into the staff inboxes. However, there is more to it than that, and we would like to discuss it in greater detail below.
Phishing Email Threat
Whether we like it or not, phishing scams can easily target education institutions as well. Therefore, the ability to divert or avoid phishing scams is an important part of cybersecurity policies at schools. The problem here is usually that email service provided by schools might be more susceptible to phishing attacks. More spam could land in the main inbox, and thus teachers and the administration staff need to learn how to recognize these fake messages. It is especially important to avoid clicking random outgoing links in the received emails. They may look like regular Google Docs links, for example, but it is necessary to make sure that you received a certain email from a reliable sender.
Public Wi-Fi Threat
We probably do not think much about it, and we might welcome public Wi-Fi networks that are available for free, but cybersecurity experts always emphasize that it is not a good idea to send or receive sensitive information when you are connected to a public Wi-Fi network. Public Wi-Fi networks that do not have a password protecting them can be easily hacked by cyber criminals. If you must send that email containing sensitive information about your school, it is actually better to use your own mobile data plan, which is safer than using public Wi-Fi. And if your school's Wi-Fi network is public, you might want to point that out to the IT team because that is surely the wrong way to go about it.
Don't Forget to Log Out
cybersecurity at schools deals with various aspects of potential threats. Hackers aren't the only ones who could steal sensitive information. Leaving your device on in your class or forgetting to log out once your session is over could lead to information leak as well. It is important to log out of your account and turn off the device each time you leave the room.
Also, you should renew your passwords regularly. Please avoid reusing the same passwords because that makes it easier to crack them. If you need assistance with that, consider using a password manager. With a password manager, you will only need one master password, and all the other passwords will be complicated and unique, thus making it hard for anyone to hack into your accounts.
Challenges for the IT Team
Of course, it's one thing to educate the staff and students about potential cybersecurity threats, and an entirely different thing to make a to-do list for the institution's IT Team. Security engineers at EdTech say that the awareness of students and staff is just one of the things that can improve cybersecurity at schools.
Another thing schools should consider doing is separating systems and users based on their roles and user policies. In other words, different users should have different privileges, thus restricting access to certain systems and devices to users who do not have bigger privileges. Although it is a very simple example, there are certainly schools that restrict privileges to install new software on their desktop computers. Only users with bigger privileges can do it, thus virtually stopping anyone unauthorized from installing potentially harmful software.
Another cybersecurity tip includes monitoring network traffic. Detecting abnormal traffic flows can alert officials or the IT team immediately, thus preventing severe security issues. However, it is clear that not every school is able to invest in such traffic monitoring, and so this recommendation mostly applies to big schools that can afford to hire a relatively bigger IT team.
However, one thing that everyone can do is establishing set rules, policies, and guidelines that regulate the use of the school's databases. After all, the school's databases are the most common target of cyber attacks. Therefore, it is important to have control over who accesses those databases. Once again, this brings us back to the privileges. It means that while most of the users may have accounts on a particular database, the access level should be restricted based on their privileges. Of course, it goes without saying that a student shouldn't have wider access than a teacher, but sometimes these access rights could be all over the place due to poor programming, so it is necessary to be careful about that.
Other General Tips
We all can see that cybersecurity at schools depends on several parties. Being aware of potential threats may not be enough if the party responsible for the infrastructure does not do its job properly. However, if we were to run through a few final tips before we sign off for today, we would like to remind you that the general cybersecurity aspects apply to schools as well. That is, it is important to keep all your software up-to-date. Updates install program patches that make it harder for criminals to hack into the system using software vulnerabilities.
Do not forget to back-up all of your data. Data theft is not the only security threat. Let's not forget ransomware infections that can easily destroy most of the important files. Thus, regular data back-ups are a very good idea. After all, they do say that you shouldn't put all of your eggs in one basket.
Should you need more information about education-related cybersecurity, you can check out our previous entry on security tips for college students. For now, make sure that you go through your current cybersecurity practice and see whether there's anything you can improve there.