How to safeguard your school's data

How to safeguard your school

In the Information Age, the onus is on schools to protect their data from cyber threats.

In the wake of the WannaCry and Petya cyberattacks which digitally crippled businesses worldwide, the question of how safe schools are from such risks has been raised.

According to one survey, most people believe cybersecurity education should be the responsibility of parents. However, 71% of respondents said it should be a high school teacher’s responsibility.

In any case, it is up to principals as school leaders to take initiative when it comes to protecting their data and ensure their schools, students and teachers are not exposed to cyber threats.

Below, The Educator speaks to Marcin Wilinski, general manager Services at Ricoh Australia, to find out how schools can mitigate the risks, and what the company is doing to support schools in this complex area.

TE: Cybersecurity is something that schools are increasingly aware of. Are there any ways in which Ricoh Australia is helping schools safeguard their data?
Ricoh assists schools in three key areas: information management, network and endpoint device security. Eliminating access to files and directories on computers is a crucial strategy employed to tighten up network security and eradicate unintentional access to data. Endpoint device security should be deployed to manage the proliferation of devices used in the broader environment.  This includes mobile devices, laptops, and desktop PCs. Schools should also implement a robust information strategy policy that includes the use of a document and records management system to manage staff and students records that satisfies governance and compliance requirements and limits access to authorised users only.

TE: The advent of portable digital devices used by thousands of students obviously adds another layer of complexity to this issue. How do Ricoh’s solutions extend to student data (and device) protection?Ricoh Services supports an educational institution’s digital device infrastructure through a well-structured centralised program as well as an end-to-end program that promotes rapid adoption of digital device protection. 
This may start with the supply of procurement school approved devices including software and hardware support, BYOD integration and extend into building and supporting a robust network and system infrastructure to ensure seamless access.

Our solutions are customised to the school’s requirements through a ‘Classroom and School Office Assessment’ with our IT specialists. During this detailed review we look at existing devices, the school’s current network and future user requirements, including the increase of internet based mobile learning.  We understand that content accessed on laptops, tablets and smartphones within schools is on the rise and requires an added level of security.

With this in mind, the Ricoh Services team implements and supports the configuration of all devices, the distribution of software and the provision of data and documents, mixed on-premise and in cloud hosted centralised data supported by the LAN/WLAN network layer.

TE: Helping schools stay ahead of the hacker curve is clearly a massive challenge moving forward. What advice would you give to worried principals who are considering scaling back digital devices as a result of cyber risks/threats?
Firstly, before scaling back digital devices and restricting learning innovation, the school needs to identify if it’s security policy supports learning and operational programs that are appropriate and continue to evolve with changes in technology, it’s usage and any required governance.

Principals are now like CEOs and need to understand vulnerable points of where most attacks and threats are captured, whether it is on the perimeter or core infrastructure and if it’s through the network, password, application and human touchpoints.  With over 60%* of attacks occurring inside an organisation there are plenty of opportunities to mitigate that exposure through management of network access, data backup and retrieval practices, end user administration and password policies, application updates and human/social engineering.

By building on these practices with URL encryption, two-step verification, email/SPAM, social network privacy settings schools are in a stronger position to meet that remaining 40%* of external activity.

*2015 IBM Security Intelligence Survey