Like any entity victimized by a cybersecurity attack, once a school system has been breached, it’s hard to predict what bad actors will do next. That’s why it’s imperative that educators prioritize not only keeping bad actors out, but also assessing how to mitigate the damage once attackers break in.
Understanding your threat vectors.
To understand your cybersecurity posture, you have to understand your threat landscape. Threats can be broken down into two major categories: outsider and insider threats. Outsider threats can be categorized as originating from outside of an organization or entity. For example, any actor outside of a school system’s purview could be considered an outsider threat. On the other hand, insider threats are those who have access to an internal system, like those who are classified as administrators, educators, or even students.
Not all ‘insiders’ are good, and some may be unwittingly bad. In many instances, the risks posed by insiders or outsiders are essentially the same. In fact, Forrester predicts that, in 2021, we’ll see an uptick in insider threats by 300 percent — meaning that, this year, thousands of employees, students, and employers who are classified as ‘insiders’ in an internal school system will be putting their organization or ecosystem at risk, either unknowingly or deliberately. That’s why it’s critically important to prioritize cybersecurity. Schools need to get their cybersecurity right every single time. Bad actors just need to get it right once to break in and break through.
But the good news is threats, whether outside or inside, can be mitigated, and it starts with limiting access by default. In the security industry, we refer to this concept as Zero Trust – and the good news is getting started with Zero Trust is easier than you may think.
Learning how Zero Trust can help you.
Think of Zero Trust this way: Zero Trust is the digital equivalent of the ‘closed campus’ model. All individuals must check in at the school office in order to be permitted on school grounds. People are automatically denied entry to the school unless explicitly allowed. No one can leave or enter school property unless they are granted entry – you deny access by default. It’s the same idea for cybersecurity. You only give people access to the systems, applications, and data that they absolutely need to do their job or get their education.
So how can schools get started with a Zero Trust model? The first step is to know your assets. Schools need to thoroughly inventory the data and infrastructure they need to keep operations running and clearly outline who has access to the resources teachers need to successfully educate remotely.
For example, there are cybersecurity technologies that can help you build a map to visualize your environment (in this case your data center or cloud) and the communications flowing within it. Being able to see and understand your environment is key to properly securing it.
Then, utilize solutions that help you enable Zero Trust across your network. Start by securing your most critical data and assets with Zero Trust solutions. There are a wide variety of tools that can help you do this – i.e., micro-segmentation for your data center, your cloud, segmentation for your laptops, multi factor authentication (MFA), and single sign on (SSO), to name a few.
Remember, there is no one solution you can implement to achieve Zero Trust overnight. It’s a strategy and a practice that requires a plan and commitment. We work hard to keep our students, teachers, staff, and their information secure when we’re in the building — we need to do the same when we’re in the virtual classroom too. Throughout the rest of 2021, keeping students secure will only get harder. It’s imperative to build cybersecurity into your learning models today.