Regardless of the industry you operate in, threats to cyber security are an ever-present danger to business. In fact, a survey conducted by the Australian Cyber Security Centre (ACSC) found that during 2015 and 2016, 90% of respondents were affected by some form of cyber security breach or threat. Although the Energy and Banking sectors experienced the highest percentage of total compromised systems, Education & Research still accounted for 2.6% of incidents.
With this in mind, we’ve compiled some things that you may want to consider when reviewing or developing your school's strategies to reduce online risk.
The Cost of Inaction
The ACSC Threat Report for 2016 indicates that while implementing strong counter-measures can appear costly, the direct and indirect costs of reacting to a threat could be significantly higher, such as:
- Investigating the extent and impact of a compromise
- Developing and implementing reactive strategies with shorter timelines
- Loss of productivity, income and intellectual property
- Reputational costs, negative news and media exposure.
Stay up to date
Software updates can often get a bad rap, whether it’s losing unsaved work due to a forced update & restart, or annoying notifications that happen at the most inopportune times. We’ve all been guilty of ignoring those updates at some point (or switching off automatic updates completely). Before you do that next time, it may be worth considering why the update is there in the first place.
In the case of the recent ‘WannaCry’ ransomware attack, a vulnerability was exploited that had already been patched by Microsoft and a simple update could have prevented much of the damage that was caused.
Weak passwords provide an easy way to circumvent the other measures you may have in place.
Have a quick think about all of the online accounts that you currently have? Chances are they span across your work, social media, banking and more. How many of those accounts have the same password? #guiltyrighthere
You may want to think about:
- having a different password for each account
- adding complexities to existing passwords such as characters, numbers and upper and lower-case letters
- checking that default passwords that can come with some accounts and devices have been changed
- investigating how quickly you de-activate access to accounts that are no longer used.
For example, terminated staff and parents and students who are no longer with the school.
Are your physical IT assets protected to the same standard as your virtual systems? Safeguarding your fixed & portable assets is an obvious but sometimes missed first line of defence.
Things to keep in mind might be:
- Critical IT infrastructure such as server rooms. Are there policies in place to control, limit or log access?
- Portable devices such as laptops. How easy is it to connect to your school's network and how long do devices and software accounts stay logged in for (i.e. time-outs) in case devices are accidentally left unattended?
Back it up!
Do you know how quickly your school could get back up & running in the case of an event?
Backing up your critical systems can not only help in a fast recovery from theft or security breaches, but also from other complications such as natural disaster, hardware failure or loss of devices.
- How often are you taking backups of critical data? At a minimum, daily backups are a sound strategy
- Don’t put all your eggs in one basket- consider both online/offline and onsite/offsite storage locations for your backup sets
- Are the processes and responsibilities for backing up and restoring data clearly outlined?
What's your Digital Footprint?
A digital footprint is a collection of information about a person gathered by tracking online actions. According to Rob Livingstone, active data traces such as social media posts, uploading content, web browsing and device usage all contribute to our digital footprint. The information that you leave behind could be used for unsavoury means.
Some ways to reduce your digital footprint while operating online include:
- Checking your privacy settings for browsers, apps, and digital accounts (especially social networks)
- Use anti tracking tools, or ‘private browsing’ mode
- Delete unused accounts or memberships
Education – Not just for students
Regularly facilitating professional development on network and IT policies with staff can provide a strong cornerstone to your school's cyber safety. You may have employed high-tech digital and/or physical safeguards and developed stringent policies, but they lose effectiveness if staff are either unaware or do not understand the importance of following them.
Consider avenues to upskill staff on how to keep themselves and the school safe while online including what to do if a breach of policy (accidental or not) occurs.