Digital literacy is now as important as other forms of literacy, and students that don’t get to participate in digitally-enabled learning will be at a disadvantage against their global peers. Schools that are keen to see their students thrive outside the classroom are investing in digital infrastructure but are concerned about digital threats. The US alone witnessed a tripling of cyberattacks against schools in 2019 and a record breaking increase again in 2020.
Digital transformation is unavoidable in a world that is increasingly digital first and even digital only, but digital threats are avoidable. We have previously discussed the types of costs that a school will suffer in the event of a cyberattack. This blog will dive deeper into the threats that schools face and how schools can strengthen their cyber defences with K7 Security’s enterprise cybersecurity solutions.
Vulnerable Facilities and Users in Schools
Schools are typically vulnerable to cyberattacks in areas where computing devices are allowed to connect to the school’s network, internet, or to external storage devices.
Administrative Offices
These offices may only have a few computers but they are vulnerable because a) they need to connect to the internet for email and other web access, and b) they have a lot of interaction with external and internal stakeholders and can therefore be used as a point of entry by threat actors to enter and then spread malware through the school’s network. Computing users in administrative offices may be particularly vulnerable to phishing attacks as their work requires them to open attachments that may be laced with malware or access links that lead to data stealing websites.
Computer Labs
These labs have multiple computers which are usually networked, and the labs’ goal is to encourage young minds to be curious and creative. The number of devices, constantly changing users, and nature of activity make such labs an easy point of entry for threat actors.
Classrooms
Many classrooms now feature at least one computing device. This device may not permit direct internet access but it may have network access and/or be allowed to connect to external storage devices like thumb drives to allow presentations, videos, and other documents to be transferred to the device, which allows malware to enter and spread through the organisation or enables the theft of organisational data. If the devices provide on-demand internet access, their users may be susceptible to threats through the internet as threat actors create malicious websites that imitate the look and feel of legitimate websites.
Online classrooms can greatly increase the risk of cyberattacks as students and staff interact through a multitude of 3rd party services, which could lead to cyberattacks, compromise privacy, and create data sovereignty concerns.
Faculty Devices
Laptops used by teaching staff can pose a unique threat as they may be used at home to connect to personal internet with no restrictions on internet access which could lead to malware ingress, and then carry the digital infection to the school when they connect the laptop to the official network.
K7’s Cyber Defence for Schools
K7 provides enterprise-grade protection for both school devices and networks.
Cybersecurity for School Devices – K7 Endpoint Security (K7 EPS)
K7 EPS protects desktops, laptops, and servers from viruses, ransomware, Trojans, phishing, zero-day attacks, and a variety of other cyberthreats including sophisticated memory injection attacks. The console provides administrators with centralised control over blocking of applications (and even versions of applications), what peripherals (such as USB storage or Wi-Fi dongles) can be allowed to connect to endpoints, and which websites (or categories of websites such as news or shopping) can be accessed by users.
Faculty who need to use their laptops both in the school and at home can be allowed different firewall and Wi-Fi access through In-Office/Out-Of-Office configuration. Schools that use G Suite/Google Workspace gain protection and eliminate distractions with the in-built domain-based segmentation for G Suite which prevents access to personal Google accounts without requiring complex and unreliable web filtering.
K7 EPS also does not require admins to watch the console all the time for threats, and provides notifications of threat events to enable quick investigations. Further, the solution also provides a policy override feature that enables quick security configuration changes for select features across the organisation.
Ensuring safe use of computers in the lab is made easier by enabling monitoring of internet use and restricting website access for groups of users; automatic scanning of USB media storage for threats when connected prevents entry of malware into the school network when students need to connect their personal USB drives to lab computers.
Addressing Management Concerns
School leaders are concerned about the additional investment required to deploy enterprise cybersecurity solutions, such as investing in servers and more powerful hardware, upgrading operating systems, the disruption to academic activities while the solution is rolled out across the institution, and the cost of the IT talent required to manage such sophisticated solutions.
K7 EPS is designed to address these concerns:
- No Server Investment – The K7 EPS console can be installed on any device in the network, and does not require a server OS; Apache, IIS, or other middleware are not required. A database is included in the subscription; 3rd party database support is available, but such a database is not required for K7 EPS to function
- No Hardware Upgrade – K7 EPS is world-renowned for its efficient protection and has been judged by AV-Comparatives of Austria to have the least impact on device performance compared to other cybersecurity solutions. Endpoint hardware upgrade is not required as device performance is not affected
- Legacy Support – Using the latest operating systems is recommended but institutions that use older devices with legacy operating systems need not worry about protecting such devices. K7 EPS supports Windows XP SP2 (32 bit) onwards for desktops/laptops and Windows 7 SP1 onwards for servers
- No Bandwidth Upgrade – K7 Threat Labs analyses hundreds of thousands of malware samples a day and distributes multiple malware definition updates every day to protect schools from the latest cyberthreats. These updates are designed to be lean and can protect organisations that have just 24kbps of connectivity, avoiding the need for bandwidth upgrades
- Rapid Rollout – K7 EPS is designed to support rapid rollout with a small installer for quick downloads, automatic uninstallation of existing endpoint cybersecurity solutions from endpoints, a single installer for both 32-bit and 64-bit operating systems, and customisable endpoint installers to avoid waiting for suitable groups and policies to be assigned after installation. Quick deployment ensures that academic and administrative functions are not disturbed
- Minimal IT Effort – K7 EPS is pre-configured with robust out-of-the-box settings that are appropriate for most organisations. The intuitive interface makes it easy to implement any configuration changes that may be required, and administrators can often use the console with no training. Basic computer/network knowledge is enough to manage K7 EPS and advanced IT skills are not required
Cybersecurity for School Networks – K7 Unified Threat Management (K7 UTM)
The K7 range of UTM appliances provide gateway security to protect organisational networks through AAA (Authentication, Authorisation, and Accounting) user management, access control, and network and application-level attack protection in a hardened, security-specific platform.
The devices include a secure, multi-zone, Stateful Packet Inspection (SPI) firewall with integrated Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) to stop hacking attempts and Denial of Service attacks.
K7’s award-winning enterprise cybersecurity provides peace of mind to both small and large organisations across the world. Please read our case study on protecting an American high school that has a 1-1 computing environment, or contact us to learn more about how we can help you protect your IT infrastructure, staff, and students.