Three Core Network Security Tips From a K-12 IT Expert

/0 Comments/in /by

Every moment of every day, anyone or any organization, government or institution – including K-12 – can fall victim to the latest threats and cyber-attacks. If you’re accountable for the network security of an entire school district, you know your success rests largely on everyone understanding and staying current with today’s complex and dynamic risk environment and how to avoid it.

K-12 IT expert Larry Padgett bears this out: “The most important thing is to get everybody to agree that technology security is everyone’s game, everybody on campus, and every division, department and schools must be fully engaged. Otherwise, it is going to be very difficult to be successful.”

Larry is the Director of IT Infrastructure, System Support, Security, and Governance for the School District of Palm Beach County (SDPBC). A career technology leader for more than 29 years, Larry oversees an IT infrastructure that is considered larger than the Coca-Cola® Company in terms of the number of ports and how his networks are laid out. SDPBC is one of the largest school district in the United States, with 187 schools and 225,000 thousands user accounts under management, including students, faculty, and general staff.

I had the privilege of meeting Larry at the 2015 SonicWall World Conference in Austin, Texas, where I had the opportunity to ask him specifically about the things that he is doing differently that allowed SDPBC to be successful.

Larry explained how security vendors typically talk about security as a layered approach but it can’t end there. He then described SDPBC’s winning approach to security rests on three core pillars: people, process and technology.

You must identify those who are, and who aren’t, fully engaged in exercising cyber hygiene within your district. You are responsible for every PC, servers and applications on your network. You’ll need to know if you are getting support from the board and leadership level down to everyone in the district.

People

  • How do you know if they are knowledgeable about security?
  • Can they identify the risks?
  • Do they all understand the risks?
  • What trial and test do you have in place to measure how knowledgeable they are about security?

If they’re not all engaged, you’re simply not going to be as successful as you could be. If they’re not as knowledgeable as they need to be, you would want to start discussing security as an everyday topic in your staff meetings, in the classrooms and, more importantly, in your executive and board room discussions. If security isn’t one of the top topics on the board agenda, you have much important work to do to get their buy-in, because nowadays, security is a key risk metric. Your ultimate goal is to get everybody to agree that security is everyone’s game so they become proactively involved in helping your institution be successful.

Process

When there are people involved, you also need to have processes in place that would allow you to make sure that you are doing the right things, that they are doing them well and that what they do is actually effective for the state of business you’re currently operating in.

  • What processes are you using?
  • Have you written them down?
  • How do you know if they are being followed?
  • How are they monitored and measured?

These are questions that enable you to think through all of the risks that you’re going to mitigate, and follow-through with implementing robust security policies and practices that can help put you in a better position for success.

Technology

Begin embracing a layered security approach as part of your defense-in-depth framework, because it provides you an effective and proactive way to help fend off today’s advanced threats. At a minimum, the top five security services that you must have as part of your layered security defense are:

  1. A capable intrusion prevention system with threat detection services that can provide complete anti-evasion and inbound anti-spam, anti-phishing and anti-virus protection
  2. SSL inspection to detect and prevent today’s advance evasive tactics and compromised web sites from sneaking malware into your network though the use of encryption
  3. Around-the-clock threat counter-intelligence for your next-generation firewalls and intrusion prevention systems, so you can receive the latest countermeasures to combat new vulnerabilities as they are discovered
  4. Email filtering and encryption to secure both inbound and outbound communications
  5. Security for endpoints, since most network infections begin with a compromised user device

Are Campus Defenses Keeping Up with Attacks from the Cyber Netherworld?

/0 Comments/in /by

I took a computer science minor when I was in college. Back then, the school computers were in a heavily secured section of one building, and we accessed them from teletype terminals and punch card readers (no, we did not use charcoal on slates by the fireplace in the log cabin!). There was no reason to worry about the security of our computer work, other than needing to stay on the good side of the staff of the computer center so that they wouldn’t reshuffle our punch cards or “misplace” our printouts.

Fast forward more than a few years, when I was doing graduate work at a public university. I took 30 credits online, using recordings of on-campus classes, regular chat sessions with my instructors and fellow students, and accessing research information, including public and professionals-only data sources, through the school’s online library system and its global connections. I didn’t pay too much attention to the security of my online activities; internet connectivity made them possible, but there weren’t nearly the number of bad actors out on the net that there are today.

Today my son is in college, and it’s natural for him to select a mix of online and in-person classes, even though his school is a short drive away. He relies on his school’s IT infrastructure for classwork, exams, registration, and research, and can access these functions as well as find out anything about what is available on the internet–from his laptop or smartphone. And every one of those transactions takes place in a space that is just seething with cyber muggers, burglars, and every variety of malicious actor you can imagine.

Information is the stock in trade of colleges and universities. Information enables students to pursue their degrees, faculty to teach and research, and staff to keep these institutions running. Much of the information has real value in the cyber netherworld, whether it’s personally identifiable information of students, proprietary research conducted with other schools and industry partners, or financial transactions.

Keeping this information secure is a challenge. In a recent Center for Digital Education survey of higher education IT professionals, 72 percent listed data breaches among their greatest current network security concerns. Their top security concerns for the year ahead? Spam, phishing, and malware. What’s standing in the way of better network security? More than four out of five pointed to budget constraints.

Keeping campus networks secure in the face of ever-increasing growth of data, devices used to access that data, and cyber threats requires more effective and more cost-effective security. To learn more about what’s keeping campus IT leaders up at night, and what they’re doing about it, view our on-demand webcast, Network Security in Education: The changing landscape of campus data security.

Register for Webcast

Higher Education Makes Cybersecurity a High Priority – Are You Prepared?

/0 Comments/in /by

Digital natives predominantly compose the student body at today’s education institutions, and technological advancements have created unprecedented opportunities for personalized learning. BYOD and other emerging technologies have allowed school districts, colleges, and universities to become more effective, inclusive, and collaborative.

With the proliferation of devices now on the network, however, IT administrators are now faced with the enormous task of empowering end-users to capitalize on the benefits of increased mobility and connectivity, while also ensuring the integrity of the organization’s network and data. In our current threat environment, it is more critical than ever that schools, colleges and universities develop an overarching, end-to-end security approach that aligns with the institution’s mission.

A recent SonicWall survey, conducted in partnership with the Center for Digital Education, targeted higher education IT professionals, including executives (CIO, CISO, VP of IT, etc.), IT Directors and network managers to assess the state of network security on college campuses. A key takeaway from the study, however unsurprising, is that 73 percent of respondents rank cybersecurity high or very high among their institution’s technology priorities.

Just as cybersecurity has become a priority across industry and government, higher education institutions are shining a brighter spotlight on security – and for good reason. While educational institutions rank their ability to detect and block cyber attacks relatively high, with 65 percent citing their abilities as good or excellent, only 17 percent indicate that they have not experienced a network breach/incident in the past year. This statistic is indicative of the fact that cyber threats are continuing to increase in both frequency and sophistication in every industry.

In response to the growing threat of data breaches, 77 percent of survey respondents indicate they expect to spend more on network security in the next 12 months and 63 percent expect to spend more on secure access to data and applications. This is an encouraging statistic, as it reflects increased awareness around the need to strengthen security and mitigate risk.

In our hyper-connected world, a strong security posture is a strategic investment for education at all levels. IT administrators and decision makers across the education industry need to address the continually growing role of technology on campus by implementing end-to-end security solutions that protect all data and endpoints, old and new. Holistic, end-to-end security that utilizes identity access management, next-gen firewalls, endpoint security and efficient patch management allows school districts, colleges and universities to confidently and securely offer the benefits of increased mobility and other IT advances to their faculty and students.

For more details from the survey, view the on-demand webcast “Network Security in Education: The changing landscape of campus data security.” In this November 2015 webinar, Larry Padgett of the School District of Palm Beach County reviews how his district – the 10th largest in the United States — is leveraging people, processes, and SonicWall next-generation firewalls to protect a network serving 189,000 students and staff in nearly 200 sites. SonicWall Security’s Ken Dang joins Larry in this Education Dive webinar.

Register for Webcast