Archive:

The education landscape has been elevated by the permeation of cloud-based learning and administrative tools, as well as a 1:1 student-to-device ratio in many of our nation’s schools. Students now have access to personalized, educational resources and virtual experiences that were impossible just ten years ago. Likewise, school administrators are able to more efficiently serve students through the use of cloud‑based applications and data storage.

What makes this evolution possible?

Many districts have utilized the E-Rate program as a means to build out the network infrastructure necessary to support these new learning initiatives and increased traffic. But, equally important is the fortification and defense of the network from cyber security threats. As excited as students and educators are to embrace new learning tools, their widespread adoption poses an inherent risk—both to individual users and districts at large. It’s no surprise that district IT leaders identified broadband/network capacity and cyber security as a tie for their top priorities in a recent Consortium for School Networking (CoSN) survey.

At the beginning of the 2018–2019 school year, the FBI issued a Public Service Announcement regarding cyber threats to K-12 students and systems, warning that “U.S. school systems rapid growth of education technologies (EdTech) and widespread collection of student data could have privacy and safety implications if compromised or exploited.”

The path to securing sensitive information

School districts are a hot bed of sensitive information including student geolocation, IP addresses, health records, academic reports, and a myriad of other personally identifiable information (PII) which make schools attractive targets for malicious attackers. What’s more, some of the most disruptive security breaches actually come from within—student hacking events are on the rise, with students gaining access to change grades, post inappropriate content on school channels and disrupt network access.

With an average cost of $233 per record in a data breach¹, educators and district IT leaders need to have a well-communicated, actionable plan that leverages sophisticated technology to monitor, manage and mitigate today’s security risks.

Below are several security solutions that should be considered as part of this plan.

• A managed network security solution. Managed network security solutions are great for organizations looking for comprehensive security that is fully managed. Features such as firewall, anti-virus, content filtering, intrusion prevention and application control are infused into one robust Unified Threat Management (UTM) solution which is then managed and maintained by security experts. Managed network security solutions can aid with CIPA (Children’s Internet Protection Act) compliance and may also qualify in part for category two E-Rate funding.

• Security Information and Event Management (SIEM). SIEM is a combination of two separate but highly complementary security technologies. Security Information Management (SIM), which includes log management and compliance reporting, and Security Event Management (SEM), which provides real-time monitoring and incident management for security-related events from networks, security devices, systems and applications. Together, they provide an advanced layer of vigilance and detection against attempted intrusions and ease the burden of stringent compliance standards.
• DDOS protection. A must-consider security service for every organization is distributed denial of service (DDoS) mitigation. DDoS attacks occur when a hacker takes control of Internet communications, overwhelming the network with traffic, and ultimately knocking it offline. These attacks can be very disruptive to teaching, learning, communications and day-to-day operations. DDOS mitigation services provide end-to-end monitoring, detection, validation and mitigation of DDoS threats on any network. When in place, attacks can be detected and acted on in real time, reducing the vulnerability of sensitive records and saving districts thousands in data recovery.

Technology alone should not substitute for best practices. In a CoSN survey, one‑third of school IT leaders said they had not encouraged staff to update passwords and a mere 11% said they required two-factor authentication for district accounts. Simple, free measures to increase security protection include changing passwords frequently and limiting the use of a password to one system.

It is incumbent for all leaders to take the necessary steps to protect personal data. Investing in the right technology, in conjunction with implementing security policies and processes will ensure your school district remains adequately protected against even the most sophisticated attacks.

¹ Ponemon Institute, “2019 Cost of a Data Breach Study: Global Overview,” July 2018

Comments closed

By its most basic measure, the FCC E-Rate program has done a remarkable job of bringing broadband to K-12 schools. 98% of U.S. schools now have high-speed internet access of at least 100 kbps per student, a more than ten-fold increase in just a few years.¹

However, the bar is constantly rising. What was once considered adequate high-speed access is now insufficient for digital learning. Schools must get aggressive to meet the FCC’s long-term goal of 1 Mbps per student, which will enable digital learning in every classroom. Today, only 28% of school districts currently provide that level of connectivity.

For the remaining 72% of schools on the wrong side of the digital divide, district leaders must optimize their IT solutions to make the most of limited resources. Understanding which E-Rate eligible solution is best for your district is key.

• Switched Ethernet for a virtual private LAN solution. School districts with more than one location and the need to securely share video, applications and voice data to one or more remote sites may want to rely on a switched Ethernet service. This technology extends communications across multiple district locations with fast and secure connections that range from 1.5Mb to 10 Gbps, offering private connections across a MPLS (Multi-Protocol Label Switching) advanced IP network. Switched Ethernet is a Layer 2 technology which enables point-to-multipoint configurations to create a customized LAN solution ideal for providing high-speed connections among multi‑location districts.

• SD-WAN (software-defined wide area network). SD-WAN is an E-Rate category 1 eligible service, which offers high-performance networking using low-cost IP broadband. SD-WAN acts as an overlay network that decouples network management from physical hardware, and a centralized controller determining the best path for each application to optimize performance.

• Wavelength services. Larger campuses with expansive student populations may find a better fit with wavelength services, which offer point-to-point fiber connectivity without high upfront costs. Wavelength services typically range from 1 to 100 Gbps to meet specific needs and budgets. The result is high resiliency with a lower cost per Mbps than any other managed transport.

Building a network for today’s learning environment takes much more than simply turning up the dial on bandwidth and selecting among network options.  In order to optimize your investment in data connectivity for your district, other key services– such as security, network management, voice and unified communications are also required.

As an approved E-Rate service provider since the inception of the program, Windstream Enterprise can meet you at the whiteboard to customize a robust, versatile IT solution that best meets your needs, while maximizing every dollar of E-Rate funding and your IT budget.

¹ stateofthestates.educationsuperhighway.org/#future

Comments closed

While every network is a potential target for cyber threats, K-12 school districts are especially under attack. We bore witness to one example recently while assisting a large Midwestern school district that utilizes Google Classroom (which requires Internet access for curriculum, instructional resources, homework, and testing). They were hit repeatedly with coordinated DDoS attacks that swamped their Internet service for nearly two days. Internal IT staff knew the attacks were happening, but couldn’t stop them until they engaged the help of Windstream Enterprise’s DDoS Mitigation service. The result?  Immediate detection and mitigation of the attacks and the elimination of downtime and potential losses from simultaneous data theft or ransomware attacks.

This school district was one of the lucky ones who acted swiftly. However, the network of K-12 school districts currently rank as top targets for three types of threats:

• Data theft. A recent Symantec survey found that schools incur a full ten percent of all information breaches, making them the third most breached sector. Cyber criminals go after school networks for the abundance of sensitive information they contain, from social security numbers to student health records.

• Ransomware attacks. BitSight Insights reports that 13 percent of educational institutions surveyed experienced ransomware attacks on their networks last year. That’s more than twice the attack rate for the healthcare industry, and eight times the rate for the financial sector.

• Cyber mischief. School districts increasingly are hit by distributed denial of service (DDoS) attacks, in which massive traffic overwhelms networks to shut down websites, phone systems, and Internet/application access. DDoS attacks are relatively easy to launch, and more than half of them directed at schools come internally from students.

Despite being top targets, most school districts have weak network defenses. A 2017 survey by the Consortium for School Networking found that just 15 percent of school technology leaders have a cybersecurity plan.

Making network security a priority for schools

A growing number of school districts have hardened their network defenses by adopting a managed network security solution. Managed security solutions typically deliver extensive, real-time protection against intrusion without requiring the school district to retain internal security expertise or divert general IT resources to challenging security matters.

Why do so many schools remain under-protected? Cost is often cited as the main reason. But as with most severe threats, a focus on preventing data theft, ransomware attacks, and DDoS attacks can prove far more cost-effective and prudent than dealing with them after they arrive.

Comments closed