Now that we are in the thick of National Cyber Security Awareness month (NCASM), stories are popping up everywhere about information security and its impact to school districts. Both success stories and areas for improvement are being celebrated as school districts all over the country look to be more “cyberaware” and continue to do their part to ensure a more secure and safe online environment for everyone. Schools have unique vulnerabilities as they must maintain personal identifiable information (PII) for both children as well as faculty members.
Miami-Dade County Public Schools is a leader when it comes to understanding the importance of cybersecurity. Being the fourth largest school system in the U.S. with an enrollment of more than 356,000 students, network security has always been of paramount importance to them. So much so, that they recently were awarded the Trusted Learning Environment Seal by the Consortium for school networking.
The team at Miami Dade ensures security for over 400,000 connected devices on any given day. Within the education industry, they face the challenge of providing “a learning environment where you expect to be free and do whatever you want and keep it secure as well,” says Paul Smith, district director for data security and technical services at Miami-Dade. He says the schools “have to try to make it as transparent as possible but sometimes the two different goals conflict.”
Schools must also be cognizant of regulations such as the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student education records. This is not easy when they face vulnerabilities from outside threats as they rely more on technology for day-to-day operations and incorporate more software, apps, online programs and web-based testing into classes. There’s also the wealth of data that schools routinely collect on students and store on their servers, from attendance records to medical issues.
In recent years there have been multiple stories of student’s data being stolen – from personal information like school ID numbers to free lunches. But the cyber breaches don’t stop with students. Teachers are vulnerable as well, and in the past have also been a target for personal information. Schools today are experiencing greater vulnerability to insider threats and students that want to cause trouble, making extra layers of a security more important than ever. In fact, what’s really needed for vulnerable situations is for the network to automatically detect abnormal behavior before something happens.
According to Matt Lawson, Principal Architect at NetApp, “school districts are facing some unique challenges when it comes to securing data. It’s really important that schools have strong encryption processes and backup and disaster recovery systems in place. Many schools are also implementing abnormal behavior detection software programs which are incredibly useful in understanding where there may be vulnerabilities before they become disruptions. ” Matt continues, “there are also some great tools available for BCDR that allow you to create point-in-time copies of file systems, which can be used to protect data—from a single file to a complete disaster recovery solution. Because you get real time snapshot of your system, you can then go back and restore your system without losing much, if any information. Snapshots are created in less than a second, they have zero impact to performance, and are a proven method and strategy to protect and recover your data and files against CryptoLocker and other ransomware like it.”
There is no doubt that being able to secure your schools and have the right tools in place for protection is of utmost importance, but another thing to note is that your efforts must be backed by leadership in order to see results. To quote Deborah Karcher, CIO, Miami-Dade County School District who led the team that recently won the Trusted Learning Environment Seal, she says, “Security needs to be taken seriously and it needs leadership behind it to [ensure] your employees and students follow security guidelines.”