Posts

SonicWall Data Shows Attacks on Schools Skyrocketing

Threat actors increasingly targeted K-12 districts in 2022, resulting in triple-digit spikes in malware, ransomware, encrypted threats and IoT attacks.

While K-12 schools had already been increasing their dependence on technology, the COVID-19 pandemic accelerated this growth tremendously. Due to funding constraints, however, schools’ adoption of new hardware and software has often outpaced their districts’ ability to secure this new infrastructure, resulting in an attack surface that has continued to grow — both in size and in appeal to attackers.

According to the GAO, roughly 1,847,000 students have been impacted by ransomware attacks in the United States alone since the beginning of 2020. Since the latest data currently available only goes through the end of 2021, this number, in reality, is much higher — but even these smaller figures, combined with data released by the U.S. Census Bureau, work out to 1 in 26 K-12 students in the U.S. affected in just a two-year period.

But the issue of cyberattacks targeting schools isn’t limited to the U.S. According to a recent audit by the National Cyber Security Centre (NCSC) and the National Grid for Learning, nearly 80% of schools in the United Kingdom have experienced at least one cyberattack. And in late 2022, Ontario, Canada, was shaken by the news of two widespread cyberattacks on educators within a two-week period.

Schools See Triple-Digit Growth Across Most Attack Types

This barrage of attacks on primary and secondary schools can also be seen in SonicWall’s exclusive threat data. In the recently released 2023 SonicWall Cyber Threat Report, we reported massive year-over-year volume increases in attacks on K-12 districts as threat actors continued to shift away from government, healthcare and other industries to zero in on education targets.

In 2022, SonicWall observed a 275% increase in ransomware attacks on education customers overall, including a 827% spike in attacks on K-12 schools. This growth echoed trends observed in the overall malware attack volume: Out of a 157% increase in attacks on education customers overall, the subset of K-12 customers experienced a 323% increase in overall malware attacks.

Huge increases in attacks targeting education were also seen elsewhere in SonicWall’s data. Encrypted attacks spiked 411% over 2021’s totals, and the number of IoT malware attacks rose 146%. And while cryptojacking attempts on education customers increased more slowly in comparison, 2022 marked the second-straight year of significant growth. Taken together with a sustained increase in overall cryptojacking, this suggests we’re likely to see attacks continue to rise as 2023 goes on.

Attacks on Schools: What’s at Stake

The GAO study also revealed the average impact of a successful cyberattack: Lost learning time ranging from roughly three days to three weeks, with actual recovery lasting from two to nine months. This was in addition to any financial losses from things like third-party remediation, replacing equipment and more.

Unfortunately, these attacks aren’t just costly to the schools. After the Los Angeles Unified School District refused to pay a ransom demand, attackers published 500 GB of stolen data consisting of Social Security numbers, student health info, assessment results and W-9 forms to the dark web.

As more schools refuse to pay ransom demands, threat actors are increasingly turning to this method of double extortion to ensure their efforts bear fruit. Because students generally have unblemished credit records, and because their credit typically isn’t being monitored due to their age, cybercriminals can use the personally identifiable information collected in these attacks to open credit cards and commit other financial fraud — with students and their parents oftentimes being none the wiser.

School districts can offer credit monitoring and identity protection services to students whose sensitive information has been stolen. But this is cold comfort to students whose mental health records, bullying reports, disciplinary records and more are now publicly available. In one particularly egregious case, the Medusa ransomware gang released the details of a student’s sexual assault report, reportedly as a means of getting the individual’s parents to pressure the Minneapolis Public School System to pay the $1 million ransom demand.

A New Strategy to Help Schools?

In early March, the U.S. National Cybersecurity Strategy was released, outlining a plan to shift greater responsibility for cybersecurity onto the country’s tech companies. With third-party vendors providing a means of entry in 55% of K-12 data breaches, the report’s goals could provide some much-needed relief to the education industry.

Even so, attacks on schools are likely to continue for the foreseeable future. The goals outlined in the strategy will require a paradigm shift in how the country views cybersecurity, so its benefits are unlikely to be realized in the short term. In the meantime, threat actors specializing in attacks on K-12 schools, such as the Vice Society ransomware group, have already proven as active as ever in 2023.

Talking Boundless Cybersecurity at the Schoolscape IT 2022 Conference

It was my privilege to address esteemed members and stakeholders in the education sector on behalf of main sponsor SonicWall at the recent Schoolscape IT 2022 conference.

An event highlighting how technology can integrate into the classroom of the future, Schoolscape IT 2022 took place in Cape Town and Johannesburg. With more than 120 schools and 250 attendees, it was an opportune moment to talk about cybersecurity and its role in building safer educational institutions for students and teachers alike.

Over the last few years, it has become apparent that countries in the Middle East and Africa are more susceptible to ransomware and network attacks. And that’s no less true for their schools and universities.

In a post-pandemic world that is increasingly online, risk has escalated along with the explosion of exposure points and the growth of remote/mobile workers. Securing this cybersecurity reality can be cost-prohibitive, and the acute shortage of trained personnel doesn’t help any. With resources so constrained, it can be hard to keep up with the challenges of today.

How Boundless Cybersecurity Protects Networks at a Lower TCO

The mid-year update to the 2022 SonicWall Cyber Threat Report noted an 11% increase in global malware, a 77% spike in IoT malware and a 132% rise in encrypted threats over the course of 2021. As attacks become more plentiful, sophisticated and complex, so should solutions. Instead of relying on reactive solutions, SonicWall’s boundless cybersecurity is the need of the hour.

Boundless Cybersecurity provides many features that ensure educational institutions are providing safe education, including:

  • Data-centric security posture
  • Always on, always learning software
  • Secure remote and mobile workforce
  • Aware of current and emerging attack vectors and threat sophistication
  • Protecting against the most evasive threats

How SonicWall Facilitates Secure Learning

Secure learning is essential for the safety of schools and students, whether they are in class or studying remotely. SonicWall offers real-time breach prevention and secure access to resources from anywhere, from any device, at any time, using solutions that deliver protection in the network, in the cloud and at the endpoint.

SonicWall's exclusive threat data shows nearly across-the-board increases in threat volume

Later in the event, Ziyad Ashour offered valuable insight into edtech that keeps learners safe. Mr. Ashour, who is the head of ICT for Al Dhafra Private Schools, Abu Dhabi, UAE, talked about how his schools suffered during the pandemic because they were unable to deal with the sudden increase in online traffic and the resulting security threats. He explained how SonicWall was able to provide cybersecurity that safeguarded their school and addressed their specific needs.

SonicWall’s very own Ashley Lawrence (Regional Sales Senior Manager – Sub-Saharan Africa), also spoke at the event, offering a quick intro to the company and the many solutions we provide to our 28,000+ channel partners.

Among the several case studies presented was that of Amanzimtoti High School in South Africa  — a stellar example of how a public school can transform its basic, open network into a secure and powerful tool for both students and teachers. The school used the TZ 600 next-generation firewall, which allowed them to create two separate networks, one for students and the other for teachers.

We also presented the success stories of Johannesburg’s McAuley House School and Pridwin Preparatory School, where SonicWall solutions were deployed to prevent ransomware and help increase remote access for staff, respectively.

With the successful completion of the Schoolscape IT conference 2022, we look forward to next year, where we can continue the important conversation of safe and secure education.

5 Best Practices for Fast, Secure Wi-Fi on K-12 Campuses

When I was a high school student, bringing a smartphone into classrooms was not permitted. If you were caught with any electronic device, it would be confiscated. Pronto.

In this new digital era, schools are embracing this transformation everywhere. Classrooms are changing, with Wi-Fi being the primary form of internet access. Students, faculty and guests also use more than one device at a time, including laptops, tablets, wearables and smartphones. As the number of devices grow, it becomes critical to plan your K-12 networks effectively and future-proof it to be able to implement newer and safer technology.

If you’re expanding, upgrading or building a secure wireless network for K-12 campus or districts, review these five helpful best practices.

Plan for density

Secure Wi-Fi networks are often planned based on coverage. If the wireless signal simply covers a classroom it does not signify that it can actually handle the device density in that room. With students and faculty using multiple devices, the number of devices connected to a particular wireless access point increases. Ensure that you are prepared for max traffic density in your classroom — and across the entire campus.

How? As a first approach, ensure you have sufficient coverage and layer this with density. Use a site survey tool like the SonicWall WiFi Planner to make this process easier to visualize. Next, estimate where you find max device density, peak traffic and plan your Wi-Fi deployment around this.

Go cloud

More applications and functions are moving to the cloud (or are likely already there). For K-12 schools untethering Wi-Fi from their wireless controller or firewalls, the cloud offers powerful infrastructure and applications to simplify management and security.

By going this route, K-12 districts and schools have the flexibility to manage wireless security solutions from the cloud, scale limitlessly and also drive down TCO.

How? Transition to a cloud-managed wireless solution. The SonicWall wireless solution can be managed by the WiFi Cloud Manager, which is a scalable, centralized Wi-Fi network management system, simplifying wireless access, control and troubleshooting capabilities across networks of any size or region.

Accessible through SonicWall Capture Security Center (CSC), WiFi Cloud Manager unifies multiple tenants, locations and zones while simultaneously supporting tens of thousands of SonicWave wireless access points.

Single-pane-of-glass management

Managing multiple management dashboards is challenging as there is a high risk of things falling through the cracks. To avoid this and to streamline the process it is essential to have a single-pane-of-glass management system with real-time analytics to capture threats and abnormalities in your network. This type of management saves you time and helps you become proactive rather than reactive.

How? Empower yourself with the right management solution to govern your entire network security ecosystem from a single dashboard. Capture Security Center is a scalable cloud-based security management system that’s a built-in, ready-to-use component of your SonicWall product or service.

Capture Security Center features single sign-on (SSO) and single-pane-of-glass management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, mobile and cloud security resources.

Enable content filtering

Wi-Fi is an easy gateway for malicious attacks. It must be protected with the right encryption and security mechanisms. Create granular policies to ensure that students are protected against malicious and non-reputable websites.

How? Ensure that you enable content filtering on your network. SonicWall provides a Content Filtering Service (CFS) that compares requested sites against a massive database in the cloud containing millions of rated URLs, IP addresses and domains. It provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 50 pre-defined categories.

Future-proof with the latest technology

Ensure that you deploy the latest wireless technology in your schools. Future-proofing secure Wi-Fi is the best way to ensure that you get your money’s worth in the long term while providing the best user experience.

How? This does not mean you have to rip and replace your entire existing network. It could be a gradual approach, wherein you upgrade only critical units based on your needs. Build your network on the latest certified wireless standard: 802.11ac wave 2. Future-proof with wireless access points that are 802.11ac Wave 2-capable.

Adhering to these best practices will make your WiFi network efficient and secure — all while saving you time and money.

The E-rate ‘Fear Less’ Technology Infrastructure 2018

Before you begin the RFP process, it’s important to explore the technology infrastructure (specifically what’s eligible in Category Two) as defined within the E-rate program by Universal Service Administration Company (USAC) and how each relates to the E-rate funding process.

Episode 4: The E-rate Fear Less Technology Infrastructure

On the fourth episode of the E-rate Fear Less series, Holly Davis dives further into the program and reviews other options school districts have in building a secure, future-proof network with the E-rate program.

At a high level, E-rate Category Two technology in three primary pillars. Category Two components are those that relate to cyber security solutions, hardware, software and other services. For more details about E-rate categories, please review the 2019 Eligible Services List (PDF).

Technology Function
Broadband Internal Connections (IC)On-premise solution internally managed; equipment may be owned or leased.
Managed Internal Broadband Services (MIBS)Managed service solution owned, leased or hosted in the cloud.
Basic Maintenance
of Broadband Internal Connections
Support for the IC solution.
Source: 2019 Eligible Services List (PDF)

E-rate Category 2 technology funding with SonicWall

School and campus networks range in size and manage different types of sensitive data. Mitigating potential weak points in the network — and the data that can be targeted — is no easy task for standard IT teams that haven’t undergone extensive cyber security training. SonicWall network and cyber security solutions meet the needs of school districts at the highest efficacy — all at price points that fit within K-12 budgets.

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Our team of E-rate funding experts ensure your SonicWall solution aligns with the rules and regulations of the E-rate program.

SonicWall Security as a Service (SECaaS) is an alternative solution for schools that do not have a large capital outlay to invest in a future-proof security solution or a dedicated IT team trained to manage cyber security.

“Security-as-a-Service provides more flexibility,” said Jenna Burros, Director of Business Services, at the Calistoga Joint Unified School District in California. “It is such an improvement to be able to have enough control to differentiate various levels of accessibility.”

Under Burros’ guidance, the California school district upgraded the flexibility and granularity of its existing content-filtering solution, while also keeping costs at minimum — a key obstacle for K-12 organizations regardless of E-rate eligibility.

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and its partners are best positioned to meet the needs of K-12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K-12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

E-rate Episode Video Series for K-12 School Districts

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded organizations access to affordable technology and security services. This includes schools, libraries and rural healthcare organizations.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

Applicant Steps & Resources

Prep: Before You Begin
Step 1: Competitive Bidding
Step 2: Selecting Service Providers
Step 3: Applying for Discounts
Step 4: Application Review
Step 5: Starting Services
Step 6:  Invoicing 

Resources provided by USAC

SonicWall Named 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA)

SonicWall has recently been named the 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) by the MITRE Corporation, an international not-for-profit security institute.

What does this mean for SonicWall and the cyber security world at large? SonicWall has a new way to contribute to cyber security education and defense. The purpose of the CVE program is to provide a method and consortium for identifying vulnerabilities in a standardized manner.

SonicWall now has the authority to identify unique vulnerabilities within its products by issuing CVE IDs, publicly disclose vulnerabilities that have been newly identified, assign an ID, release vulnerability information without pre-publishing, and notify customers of other product vulnerabilities within the CNA’s program.

“This program takes us one step closer to reaching the transparency security administrators need in order to make swift and educated decisions when it comes to threat protection,” said SonicWall Chief Operating Officer Atul Dhablania in an official announcement. “SonicWall looks forward to working with MITRE in a collaborative effort to expand the arsenal of information needed to properly equip those who are being targeted or looking to strengthen their security posture.”

On a larger scale, the program is effective because an entire network of certified organizations works together, with the backing of numerous researchers and support personnel, to identify and stay ahead of emerging threats.

CVE Numbering Authorities (CNAs) are organizations that operate under the auspices of the CVE program to assign new CVE IDs to emerging vulnerabilities that affect devices and products within their scope.

The program is voluntary but the benefits are substantial, among them the opportunity to disclose a vulnerability with an already assigned CVE ID, the ability to control disclosure of vulnerability info without pre-publishing, and the notification of vulnerabilities for products within a CNAs scope by researchers who request a CVE ID from the CNA.

Becoming a part of the CVE program is a chance to not only connect to a vast network of organizations working to identify cyber threats, but also to contribute to the effort as a whole.

California School District Amps Up Content Filtering with SonicWall’s Security-as-a-Service

We know how much value SonicWall network security brings to our customers, and we know how much value our partners add when incorporating our solutions into their solutions for our customers.

The case of Calistoga Unified Regional School District is an excellent example.

Calistoga is in California’s Napa Valley. The district has more than 850 students, divided among an elementary school, junior/senior high school and an alternative-program continuation high school for students between the ages of 16 and 18. Administration offices are in a separate building near the junior/senior high school.

The district felt that its existing content-filtering services were not providing all the functionality it needed. Calistoga couldn’t get the flexibility and granular control over content filtering it needed to define different roles and access permissions for students, faculty and staff.

Like all K-12 school districts, Calistoga’s content filtering is there to protect against inappropriate and malicious web content, as well as to control application access.

“Our No. 1 priority is making sure that the students are protected,” says Jenna Burrows, Calistoga’s Director of Business Services.

Regulatory requirements regarding content filtering are also part of the picture. The Children’s Internet Protection Act (CIPA), is the most directly relevant. Content filtering is also important with regards to the Family Educational Rights and Privacy Act (FERPA), which protects students’ personally identifiable information (PII) from unauthorized disclosure, and is a requirement for districts to be eligible for discounts through the federal E-rate program.

Faced with a clear need to upgrade their content-filtering capabilities, Calistoga turned to their local managed services provider, Napa Valley Networks (NVN). NVN has been a SonicWall partner for more than 15 years. NVN recommended SonicWall’s Content Filtering Service for Calistoga.

But NVN didn’t stop with content filtering. After an initial audit of Calistoga’s network, they uncovered an issue with the district’s gateway. NVN’s Vice President and Chief Technology Officer, Kyle Lumley, says the existing gateway “didn’t give them the control or feature set that they needed.”

NVN’s recommendation for Calistoga was a SonicWall SuperMassive 9800 next-generation firewall with High Availability capability.

All well and good so far. More granular, customizable content filtering and a new gateway to provide better control for the present, as well as being better able to handle future increases in networked devices and utilization.

Then came the 400-pound gorilla. How could Calistoga afford to pay for these improved capabilities? School districts work under very tight financial constraints.

Fortunately, NVN and SonicWall had a solution.

Calistoga leveraged SonicWall’s Security-as-a-Service (SECaaS). Rather than paying a large amount upfront as a capital expenditure, Calistoga pays a much more manageable monthly fee which fits within its operating budget. Burrows says this is a much more reasonable solution for the district.

Additionally, much of the cost is eligible for discounts through the federal E-rate program.

NVN coordinated the transition to the new gateway and Content Filtering Service. All went well, even in the face of tight deadlines. Calistoga’s happy with the results.

Read the Case Study here.

Exertis and SonicWall Pave the Way for KCSiE Guidance and Safer Internet Day

Note: This is a guest blog by Dominic Ryles, Marketing Manager at Exertis Enterprise, SonicWall’s leading distributor in the United Kingdom. Exertis is committed to providing a range of channel focused services designed to enhance your current technical knowledge and expertise in the areas of IT Security, Unified Communications, Integrated Networks and Specialist Software.


The Internet is forever changing education. Opening up a world of opportunities and transforming how students learn. New technologies inspire children and young people to be creative, communicate and learn, but the Internet has a dark side, making them vulnerable with the potential to expose themselves to danger, knowingly or unknowingly.

On the 5th September 2016, the UK Government through the Department of Education (DfE) updated the Keeping Children Safe in Education (KCSiE) guidelines to include a dedicated section for online safety. This means that every school and college will need to consider and review its safeguarding policies and procedures, focusing particularly on how they protect students online. The guidance calls for effective online safeguarding mechanisms with a mandatory requirement for all schools and colleges to have an appropriate filtering and monitoring systems in place, striking a balance between safeguarding and ‘overblocking,’ and being conscious not to create unreasonable restrictions on the use of technology as part of the education process.

When we think of ‘inappropriate material’ on the internet we often think of pornographic images, or even access to illegal sites to download movies and music,  but due to the widespread access to social media and other available platforms, the Internet has become a darker place since it first opened its doors back in 1969. Physical danger from divulging too much personal information, illegal activity such as identity theft and participation in hate or cult websites can lead to cyber bullying, and radicalisation in the modern day school, thus making children and young people vulnerable.

Earlier this year, Exertis, in conjunction with SonicWall, set out on a mission to raise awareness of KCSiE through a series of online and offline activities to the channel. We first put together our comprehensive ‘Appropriate Web Filtering and Monitoring for Schools and Colleges’ guide, which to date has received an overwhelming response from our partner base. The guide provides our reseller partners with all the information they need to understand the statutory changes, and how the SonicWall and Fastvue security solutions can enable educational establishments to become compliant. Towards the latter part of 2016, we registered to support Safer Internet Day (SID) 2017, a day dedicated to raising awareness of online safety for children and young people. Already in its sixth year, Safer Internet Day is run by the UK Safer Internet Centre, a combination of three leading UK organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. It will be the first year both companies have supported Safer Internet Day and we have been busy raising awareness in our local community. We approached two schools; St Margaret Ward Catholic Academy and The Co-Operative Academy and commissioned them to produce a large canvas painting with the topic ‘What does the internet mean to you?’ Students and teachers from both schools will come together to create two canvas paintings depicting the good and the bad of the internet from their perspective. We have given the schools 4-weeks to complete the art project and will be revisiting both schools on Safer Internet Day, 7th February to meet with the students and teachers behind the project, provide a talk around e-Safety, and with it, hope to raise awareness of children and young becoming safe on the Internet.


About Safer Internet Centre.

The UK Safer Internet Centre are a partnership of three leading organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and last year reached 2.8 million children. To find out more. Please visit – https://www.saferinternet.org.uk/

About Exertis (UK) Ltd.

Exertis is one of Europe’s largest and fastest growing technology distribution and specialist service providers. We partner with 360 global technology brands and over 28,850 resellers, e-commerce operators and retailers across Europe. Our scale and knowledge, combined with our experience across the technology sector, enables us to continue innovate and deliver market leading services for our partners. To find out more, please visit our website – http://www.exertis.co.uk/

Are School-issued Mobile Devices Safe to Use on Off-campus Networks?

A few weeks ago my eldest son was given a Chromebook by his school which he brought to the house to do his homework. Before the Chromebook, he did his homework on the PC I had set him up with in his room. The nice thing about that is I have a firewall with a content (aka URL or web) filtering policy in place so I have control over the websites he can access since he’s getting to the internet through our home network. But not everyone has a firewall and/or content filtering to protect their kids from inappropriate and potentially harmful web content.

Schools providing K-12 students with mobile devices so that they can access content over the internet has grown over time as administrators, teachers and parents see the benefits of an untethered learning environment. A Project Tomorrow report indicates that almost half of the K-12 teachers surveyed said that their students have regular access to mobile devices in their classroom. Some of those devices are school-issued. However as students enter high school more prefer to use their own personal mobile device in the classroom whether it’s a laptop, Chromebook, tablet or smartphone.

In an earlier blog I wrote about five things K-12 schools should look for in a network security solution. One of those is web filtering. K-12 schools need a URL filtering policy in place that includes technology to protect students from inappropriate or harmful internet content if they want to be eligible for discounts through the government’s E-rate program, also known as the Schools and Libraries program. While most schools have a filtering policy in place to protect students when they’re in the classroom, what happens when they take that device home? Does the mobile device have some way to enforce the policy beyond the school’s network perimeter?

This leads me back to the story about my son’s Chromebook. Without some mechanism in place that blocks access to inappropriate websites when the device is outside the firewall he could take the Chromebook anywhere there is a Wi-Fi connection and have unrestricted internet access. From a parent’s point of view, depending on the student’s age that’s probably not a good thing. From the school’s perspective, administrators don’t want to be viewed as the provider of a tool that enables children to look up inappropriate videos, images or text without some form of control in place.

One solution school IT administrators use to solve the problem is to force all traffic from the device back through the school’s firewall once the device connects to the internet. The nice part about this approach is that the school can use the same policy whether the device is inside or outside the firewall perimeter. There is some downside though. Routing all traffic from every school-issued device regardless of its location back through the school network consumes valuable bandwidth which can be costly.

A unique solution SonicWall offers is our Content Filtering Client. Residing locally on the Windows, Chrome OS or Mac OS X mobile device, the client extends web filtering policy enforcement to devices used outside the firewall perimeter. Administrators can apply the same policy or a different one depending on whether the student is using the device is being used inside or outside the network. The device will also switch over to the inside policy once it reconnects to the school’s network. The combination of the Content Filtering Service and Content Filtering Client provides “inside/outside” web filtering coverage.

If you’re an IT director or administrator with responsibility for implementing network security and content filtering across the school district and would like to learn more about Dell SonicWALL Content Filtering Services and why they are an essential component of your network security strategy, read our technical white paper titled “K-12 network security: A technical deep-dive playbook.”

Three Core Network Security Tips From a K-12 IT Expert

Every moment of every day, anyone or any organization, government or institution – including K-12 – can fall victim to the latest threats and cyber-attacks. If you’re accountable for the network security of an entire school district, you know your success rests largely on everyone understanding and staying current with today’s complex and dynamic risk environment and how to avoid it.

K-12 IT expert Larry Padgett bears this out: “The most important thing is to get everybody to agree that technology security is everyone’s game, everybody on campus, and every division, department and schools must be fully engaged. Otherwise, it is going to be very difficult to be successful.”

Larry is the Director of IT Infrastructure, System Support, Security, and Governance for the School District of Palm Beach County (SDPBC). A career technology leader for more than 29 years, Larry oversees an IT infrastructure that is considered larger than the Coca-Cola® Company in terms of the number of ports and how his networks are laid out. SDPBC is one of the largest school district in the United States, with 187 schools and 225,000 thousands user accounts under management, including students, faculty, and general staff.

I had the privilege of meeting Larry at the 2015 SonicWall World Conference in Austin, Texas, where I had the opportunity to ask him specifically about the things that he is doing differently that allowed SDPBC to be successful.

Larry explained how security vendors typically talk about security as a layered approach but it can’t end there. He then described SDPBC’s winning approach to security rests on three core pillars: people, process and technology.

You must identify those who are, and who aren’t, fully engaged in exercising cyber hygiene within your district. You are responsible for every PC, servers and applications on your network. You’ll need to know if you are getting support from the board and leadership level down to everyone in the district.

People

  • How do you know if they are knowledgeable about security?
  • Can they identify the risks?
  • Do they all understand the risks?
  • What trial and test do you have in place to measure how knowledgeable they are about security?

If they’re not all engaged, you’re simply not going to be as successful as you could be. If they’re not as knowledgeable as they need to be, you would want to start discussing security as an everyday topic in your staff meetings, in the classrooms and, more importantly, in your executive and board room discussions. If security isn’t one of the top topics on the board agenda, you have much important work to do to get their buy-in, because nowadays, security is a key risk metric. Your ultimate goal is to get everybody to agree that security is everyone’s game so they become proactively involved in helping your institution be successful.

Process

When there are people involved, you also need to have processes in place that would allow you to make sure that you are doing the right things, that they are doing them well and that what they do is actually effective for the state of business you’re currently operating in.

  • What processes are you using?
  • Have you written them down?
  • How do you know if they are being followed?
  • How are they monitored and measured?

These are questions that enable you to think through all of the risks that you’re going to mitigate, and follow-through with implementing robust security policies and practices that can help put you in a better position for success.

Technology

Begin embracing a layered security approach as part of your defense-in-depth framework, because it provides you an effective and proactive way to help fend off today’s advanced threats. At a minimum, the top five security services that you must have as part of your layered security defense are:

  1. A capable intrusion prevention system with threat detection services that can provide complete anti-evasion and inbound anti-spam, anti-phishing and anti-virus protection
  2. SSL inspection to detect and prevent today’s advance evasive tactics and compromised web sites from sneaking malware into your network though the use of encryption
  3. Around-the-clock threat counter-intelligence for your next-generation firewalls and intrusion prevention systems, so you can receive the latest countermeasures to combat new vulnerabilities as they are discovered
  4. Email filtering and encryption to secure both inbound and outbound communications
  5. Security for endpoints, since most network infections begin with a compromised user device