Why principals must take a leadership approach to cybersecurity

Why principals must take a leadership approach to cybersecurity
The school environment is commonly viewed as an easy target for hackers, making it critical for schools to bring their cybersecurity programs up to speed or risk a serious breach.

Two major breaches have occurred in Australian schools this year and these attacks will continue to increase as schools are targeted with phishing, ransomware, and Direct Denial of Service (DDoS) attacks.

So what can principals do to ensure their schools are protected from these risks both now and in the year ahead?

Below, The Educator speaks to Hugo Hutchinson, Wavelink's national business development manager for cybersecurity company, Fortinet, to find out.

TE: In your view, why are Australian schools so vulnerable to cyber-attacks compared to other organisations?

Schools have access to a breadth of information across hundreds of thousands of students. Information such as health records, financial information and personally identifiable information are stored on each of the students in the school, which poses as a gold mine for hackers attempting to obtain this information. This information, if obtained illegally, can pose a risk to the students’ security.

Schools are slowly understanding that their requirements can be compared to that of a typical enterprise network in terms of users, devices being monitored along with bandwidth/throughput requirements.

Unfortunately, they face shortfalls in budgets required to implement a complete network/security solution so are having to make compromises which can undermine their network/security approach.

TE: What are some of the things that school leaders can do to better protect their schools from these threats?

Become aware of the risks to their environment by researching information freely available online through self-education or consulting a trusted network security partner to understand best practice approaches, which best relate to their environment. This will help ensure they have a network security technology and security education strategy in place to better secure their environment and people now and into the future. By doing this, they will also be aware of the monetary budgets required in order to successfully achieve the outcomes they confirm.

Key components of a cybersecurity program in schools include:

1. Technology. Schools need to implement technology such as firewalls and network tools to monitor the environment. Network visibility will provide important information on breaches as well as on what students are doing on the Internet. Schools should extend security to students’ home environments by implementing client software, which applies the same security policies at home as it does at school.

2. Patch management. Security technology is constantly being updated and patched by vendors. It is important that, no matter what security software is in place, the school keeps up to date with patch management.

3. Reporting. The right reporting tools will provide the right information in the event of a breach such as which files have been compromised. This will help schools get on top of a breach faster.

4. Content/web filtering. Content/web filtering is essential in a school environment to protect the children by preventing access to unsecure or unsuitable online content.

5. Education and awareness. Cyber education is important for teachers and students. They should be aware of the policies and what to look for, and what to avoid, when using the network.

Related stories:
Screen time risks highlighted in new health guidelines
How schools can help Australia compete in the digital economy