Recently, I had lunch with a longtime friend who is a school superintendent. After catching up, the conversation quickly moved toward the more pressing issues facing school leaders today. Covid, school safety, hiring, and others were clearly top of mind. I asked about data security and the threat of ransomware. He acknowledged that it’s a lingering concern, but said that many school leaders simply don’t understand it well. He said he has an IT team that does a great job.
The conversation was a stark reminder of the communication barrier that’s inherent with technology. The alphabet soup of technical acronyms can be confusing and off-putting, especially for those individuals who don’t have an IT background. Organizational leaders hope their technology team is doing what needs to be done, all the while the members of that team hope everyone else in the organization understands the importance and implications of their work. This dynamic results in a void of meaningful conversations within the administrative org chart, further hindering constructive strategic planning.
To help bridge the communication gap, I’ve created a jargon-free list of the most critical cybersecurity safeguards all school districts should have in place. While items such as policies, procedures, response plans, compliance standards, and others are vitally important to a comprehensive cybersecurity program, this particular list focuses on the tools and services that have the most immediate impact on thwarting a cyber-attack. As such, consider this part one of a two-part series.
Firewall
A mainstay and front-line defender, the firewall has been a foundational network security component for decades. A firewall inspects the traffic that flows in and out of your organization’s internet connection while looking for –and trying to prevent– malicious code or activity from an ever-growing list of signatures. In this case, “signatures” are telltale characteristics that have been identified by other security agencies worldwide and are available for reference. Think of a firewall as a security guard who is checking everyone who enters an event against a list of known criminals, and that list has accompanying pictures, demographics, and behaviors that are unique to each individual.
Endpoint Detection & Response (EDR)
EDR is the new term for what used to be called antivirus, still sometimes referred to as next-generation antivirus. Installed directly on laptops, workstations, and servers, EDR looks for known instances of malicious code. Advancements to EDR technology include the ability to look for erratic, uncharacteristic behaviors that seem out of the norm. This is important because cyber-criminals have evolved their delivery methods and are now able to disguise their code so it passes inspection. However, once it takes up residence on an employee’s laptop and begins its work, the behaviors it displays can often be detected and quarantined.
Managed Detection & Response (MDR)
MDR is the latest advancement in cybersecurity and one that warrants very close attention. Both a tool and a service, MDR allows networks to be monitored 24x7x365 by security engineers who sit in a security operations center (SOC). Software agents are installed on the servers and end-user devices in a network and they report out activity to be analyzed using advanced artificial intelligence. Engineers are alerted to inspect unusual events, with the ability to immediately quarantine a device if needed. Quality MDR providers report being able to stop ransomware attacks minutes after they start. M.A. Polce now requires our MDR services for all the clients whose networks we manage.
Multifactor Authentication (MFA)
In the simplest terms, MFA is a process by which a user is required to take additional steps beyond entering their password to be granted access to an application. Most of us have been presented with MFA when trying to log into our online banking or investment accounts. After typing in a password, we must enter the code that was shipped off to our cell phone via a text message. MFA presents additional hurdles for cyber-criminals, making it more difficult to break into access-controlled systems. It has been especially relevant in K-12 education lately due to the growing list of requirements for obtaining –or keeping— cyber liability insurance.
Security Awareness Training (SAT)
While not directly considered a frontline software tool like EDR or MFA, security awareness training has been included in this list given its tremendous impact on thwarting cyber-attacks. This is because email remains the number one vehicle through which malicious code enters organizations. That puts end-users on the first line of defense, making it vitally important that they are trained on what to look out for (and SAT addresses much more than email too). An ongoing training program to educate employees about the latest methods criminals use to gain access to the school district network is one of the most important tools in the cybersecurity toolkit.
Email Security
With email being such a popular inroad for delivering malicious payloads, another critical measure in protecting networks is having a robust email security service. These services inspect emails, analyzing links, attachments, and the known addresses of bad actors. Emails are then delivered, blocked, or quarantined accordingly. Most services also allow users to send encrypted email messages to protect sensitive data in attachments and include SPAM filters to block unsolicited messages.
Domain Name Systems (DNS) Security
The domain name system, or DNS for short, is often called the “phone book for the internet” given that its main function is to associate numbers with names. Specifically, DNS connects IP addresses with website names, so when someone wants to go to Amazon’s website, they can do so by typing in amazon.com, not the IP address of the server. It sounds simple, yet cyber-criminals have figured out ingenious ways to attach malicious code to those name/number transactions. A quality DNS-Layer security service can help stop attacks that are piggybacking on otherwise legitimate user requests for your servers, services, and websites. In addition, they can also provide category-based website blocking and other important security functions.
Vulnerability Assessment, Patching, & Testing
Unlike the other items mentioned thus far, this one doesn’t have a household name. Rather, vulnerability assessment, patching, & testing is more of a collection of procedures, tools, and services that should be done on a regular basis. For starters, vulnerability scanning is done by dedicated tools that find weak spots in the network. They look for network equipment that is not running the latest version of its operating system and hunt for user accounts that are active but haven’t been used in a while (and they do a whole lot more). Once the weak spots are identified, it’s recommended to update or “patch” the network equipment accordingly. A regular cadence of vulnerability assessment and subsequent patching is required to keep networks secure. Then, it is important to periodically put a network’s defenses to the test by hiring a firm to try to break in. The penetration test or “pen test” as it is called, simulates the work of a hacker by trying to breach security measures and access sensitive data.
Vulnerability assessment, patching, & testing is analogous to…
- Inspecting your home to find easy points of entry (i.e. finding a first-floor window without a lock)
- Shoring up those areas (i.e. installing a lock on that window)
- Hiring a home security expert to validate that your home is secure.
For more information on vulnerability assessments and penetration testing, please visit the article I wrote titled, “Don’t Start with a Penetration Test.”
For more information about K-12 cybersecurity initiatives, please contact me at rpollard@mapolce.com
Rick Pollard
Director of Business Development
M.A. Polce IT & Cybersecurity