Threats to cyber security are an ever-present danger to businesses in any industry.
In fact, the latest report from the Australian Cyber Security Centre (ACSC) found that malicious cyber activity in Australia continues to increase in frequency, scale, and sophistication. The ACSC received 59,806 cybercrime reports in the 19/20 financial year alone and, crucially, they note that many of these could have been avoided or substantially mitigated by good cyber security practices.
With this in mind, we’ve compiled some things that you may want to consider when reviewing or developing your school's strategies to reduce online risk.
The Cost of Inaction
Cybercrime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses. While implementing strong counter-measures may appear costly, the direct and indirect costs of reacting to a threat could be significantly higher, such as:
Investigating the extent and impact of a compromise
Developing and implementing reactive strategies with shorter timelines
Recovering data, rebuilding, and hardening networks
Loss of productivity, income and intellectual property
Reputational costs, negative news and media exposure.
Stay up to date
Software updates can often get a bad rap, whether it’s losing unsaved work due to a forced update and restart, or annoying notifications that happen at the most inopportune times. We’ve all been guilty of ignoring those updates at some point (or switching off automatic updates completely). Before you do that next time, it may be worth considering why the update is there in the first place.
In the case of the well-known ‘WannaCry’ ransomware attack, a vulnerability was exploited that had already been patched by Microsoft, and a simple update could have prevented much of the damage that was caused worldwide.
Weak passwords provide an easy way to circumvent the other measures you may have in place.
Think about all of the online accounts that you currently have - chances are they span across your work and personal life, including social media, banking and more. Now how many of those accounts use the same password? #guiltyrighthere
You should keep in mind:
Having a different password for each account
Replacing old passwords with a much stronger passphrase, which is harder than traditional passwords to crack
Checking that default passwords that can come with some accounts and devices have been changed
Investigating how quickly you de-activate access to accounts that are no longer used. (For example terminated staff, or parents and students who are no longer with the school.)
Are your physical IT assets protected to the same standard as your virtual systems? Safeguarding your fixed and portable assets is an obvious but sometimes missed first line of defence.
Things to keep in mind might be:
Critical IT infrastructure such as server rooms. Are there policies in place to control, limit or log access?
How easy is it to connect to your school's network?
How long do devices and software accounts stay logged in for (i.e. time-outs) in case devices are accidentally left unattended?
Back it up!
Do you know how quickly your school could get back up and running in the case of an event?
Backing up your critical systems can not only help in a fast recovery from theft or security breaches, but also from other complications such as natural disaster, hardware failure or loss of devices.
How often are you taking backups of critical data? At a minimum, daily backups are a sound strategy
Don’t put all your eggs in one basket- consider both online/offline and onsite/offsite storage locations for your backup sets – TASS offers a robust cloud solution to help keep your data safe
Are the processes and responsibilities for backing up and restoring data clearly outlined?
What's your Digital Footprint?
A digital footprint is a collection of information about a person gathered by tracking online actions. According to Rob Livingstone, active data traces such as social media posts, uploading content, web browsing and device usage all contribute to our digital footprint. The information that you leave behind could be used for unsavoury means.
Some ways to reduce your digital footprint while operating online include:
Checking your privacy settings for browsers, apps, and digital accounts (especially social networks)
Use anti-tracking tools, or ‘private browsing' mode
Delete unused accounts or memberships
Education – Not just for students
You may have employed high-tech digital and/or physical safeguards and developed stringent policies, but they lose effectiveness if staff are either unaware or do not understand the importance of following them.
Research shows that nearly half (47%) of Australians feel confident in their cyber security, yet just 34% have put in place extensive security measures - so education needs to be a key part of your strategy. Regularly facilitating professional development on network and IT policies with staff can provide a strong cornerstone to your school's cyber safety.
Consider avenues to upskill staff on how to keep themselves and the school safe while online including what to do if a breach of policy (accidental or not) occurs.