The proliferation of wireless and bring your own device (BYOD) endpoints means school networks depend more on wireless networks.
As such, schools have to ensure that they secure these networks, but threats such as phishing attacks, human error, compliance failures and lack of planning can complicate this process.
One expert says how schools react to a cyberattack is almost more important than whether they suffer an attack.
Hugo Hutchinson is Wavelink's national business development manager for cybersecurity company Fortinet, which has been supplying Australian schools with wireless LAN solutions for neary 10 years via its network of resellers.
The fundamental wireless requirements of schools have not changed, and include the need for pervasive coverage, multiple devices per user, and support for high-bandwidth applications,” Hutchinson told The Educator.
However, he said the ever-increasing demands for protection against a growing range of cyberthreats from both external sources and BYOD devices that may be infected makes the Fortinet range of wireless solutions the ideal offering for schools.
“Mobile computing initiatives are changing the way children learn,” he said.
“Laptop carts, video learning and one-to-one computing programs, which have combined with small IT staffs and shrinking budgets to drive the need for a reliable and intelligent wireless network.”
Hutchinson said important features for schools include support for wireless data, voice, and video, high user densities, the ability to provide wireless coverage over large areas, a user-friendly setup and support for simultaneous multiple devices and operating systems.
Hutchinson says cyberattackers are getting smarter, and their ability to mimic legitimate emails can be “astonishing”.
“Busy staff who receive an email that purports to be from the principal or another staff member don’t necessarily identify the email as a phishing attempt because it seems so realistic,” Hutchinson said.
“They therefore fall for the scam, which can cost the school both financially and reputationally. It’s important to ensure all staff are educated about the risk of a phishing attack and know how to identify a potentially-suspicious email.”
Another serious pitfall, says Hutchinson, is human error.
“Whether because of phishing attacks or other errors, people can be the weakest link,” he said.
“They can inadvertently send passwords via email, connect unsecured devices to the network, or bypass security controls to get their jobs done more efficiently without realising that they’ve opened the network up to intrusion.”
Hutchinson said it is important to set policies around what people can and can’t connect to on the network, and then to communicate that clearly and consistently.
“Lack of planning is something else that schools need to be wary of. The nature of cybersecurity means that many schools will be targeted at some point. The question is how they will react,” he said.
“It’s essential to have a plan in place that includes what to do in an emergency, who is responsible for what actions, and what steps people need to take to mitigate an attack as soon as possible.”
Develop a strategy for wireless security
The good news, says Hutchinson, is that there is greater awareness of the need for strong cybersecurity than ever.
“Legislation in Australia and around the world has brought the importance of data protection into sharp focus, however, wireless security is often overlooked despite the fact that it plays such a pivotal role,” he said.
“Responding quickly and appropriately to both mitigate the effects of the attack and notify the people affected can help protect brand reputation and minimise losses.”
Hutchinson added that it is important for schools to have a strategy for wireless security and follow it.
“All staff and students need to understand what security is, what risks face the school, and how to play their part in protecting it,” he said.