The rapidly growing implementation of Wi-Fi in classroom environments has brought forth concerns regarding the strength of network security in schools. Although school districts are working to build advanced networks in support of cutting edge 21st century classrooms, parents, teachers, and students have wondered how all that connectivity might impact data security.
In many ways, it’s an understandable worry. It’s easy to visualize sensitive information travelling through the air in and around a school, only to be intercepted by a black-hat villain lurking on campus outskirts, waiting for a prime opportunity to intercept valuable data. But dramatic scenarios like these don’t always paint a realistic picture of what really goes into maintaining a well-secured K-12 network.
So, what type of network security problems do school districts need to be concerned about? And, better yet, what are some possible ways to manage these concerns?
Problem: School networks need to support a large number of BYOD users.
BYOD users are those who utilize their personal devices in order to perform organizational work when on campus. In the K-12 environment, a BYOD user could be anyone from a teacher who utilizes apps on her personal tablet to keep track of classroom-related tasks to a student who brings a laptop from home in order to do research for a term paper in the library.
For most of those BYOD users, the ability to easily and quickly connect to a reliable and readily-available Wi-Fi network is a basic expectation of working or doing schoolwork in the 21st century. For the IT managers whose jobs involve managing those networks, however, the problem of supporting a large number of BYOD users can be an immense challenge. IT personnel charged with the responsibility of managing a network for a larger school – say, a high school of over 1,500 students and with over 100 administrative staff members – then you’ve really got a challenge. Especially when you consider that each of those people will likely be bringing more than one device from home.
What’s more, the added concern about student behavior online is always present. So then, if you have to support a BYOD campus, it is likely that students will require a different set of credentials than will staff. Any guest users will need to be given access in a way that won’t leave the network more vulnerable to attack. Additionally, all end-users will require a different set of credentials than will those in the IT department.
How can you keep a network operating efficiently and securely in a complicated scenario like this?
Solution: Deploy an effective network access control solution.
With network access control (NAC) solutions, IT managers can give different types of users who require access to different types of resources the proper credentials they need. Not only do NAC solutions help control who accesses the network, it can also control the number of devices they use to access it. Virtual local area networks (VLANs) segment traffic so that different parts of the network have different security permissions. Users can be given the ability to access the proper network based on certain criteria or rules which, for example, can help keep a mischievous teenager away from private network-based IT resources.
A NAC solution that works well for one campus may not necessarily be the proper solution for another. At the very least, however, networks with a large number of BYOD users should be using certificate-based access that is tied to a framework which allows for refined identity and policy management. Whether a school’s IT department decides to utilize mobile device management (MDM) or deploy a containerization solution like mobile application management (MAM) depends on what’s best for that particular environment.
Problem: School networks need to be protected from outside threats.
As with any other enterprise network, K-12 networks are highly visible, have a great deal of activity, and are therefore highly susceptible to outside attacks. Ransomware attacks against school districts in particular have risen in recent years and are among the most desirable targets for attackers, likely due to the smaller IT teams they employ as well as the smaller budgets with which they must often operate.
Between January 2016 and March 2018, there have been over 314 reported cyber attacks against school districts in the United States “resulting in the disclosure of personal information, the loss of taxpayer dollars, and the loss of instructional time. Some of these incidents have resulted in identity theft, as well as criminal charges for the perpetrators.”
Solution: Maintain backups and updates with vigilance.
In order for IT managers to keep their schools’ networks as secure as possible, regular backups of critical information must be performed. Current versions of all operating systems as well as all currently released software patches should be maintained. Antivirus signature databases should also be kept up-to-date at all times. These updates should be regularly carried out based upon a strict maintenance schedule.
Additionally, end users can be one line of defense against attackers, so long as they’re educated about properly identifying possible signs of malware and phishing attempts. Network segmentation and deployment of firewalls and email security solutions are highly recommended security measures as well.
Problem: Students and staff lack network safety knowledge.
When managing an enterprise Wi-Fi network, one of the biggest challenges facing IT pros isn’t so much the technology as it is the humans who use it. In addition to managing networks in challenging environments, maintaining vigilance against malware and data theft, and properly executing and adhering to strict security policies, IT managers often find themselves challenged by issues created (often unintentionally) by their own end-users.
Solution: Properly educate all end users about digital citizenship.
Unfortunately, all it takes is one student downloading one suspicious attachment or accepting access to one fake Google Doc to bring down a network. A less-than-tech-savvy end user accidentally DDoSing a network (flooding the network’s bandwidth) is not an unheard of occurence. Then, throw in one nocuous teenager with an intent to disrupt end-of-year testing periods or with a desire to take his teacher’s digital gradebook into his own hands, and the true complexity of the human side of network security begins to become apparent.
With that said, it is important for IT managers to take digital citizenship training into their own hands. Connect with other administrative leaders and make a game plan for ensuring network use policies are clear to all end-users, including all staff and all students. Anyone who uses the network should undergo instruction about the possible dangers of opening unknown emails, downloading suspicious files, and which end user actions are considered malicious, unacceptable, and unethical.
School districts in need of a network overhaul require a comprehensive assessment of their current maintenance processes in addition to an examination of the network’s actual infrastructure. Once IT administrators have a new network in place, they must put in place policies, plan management schedules, and implement educational processes for all end users in order for the network to run as seamlessly as possible – 21st century learning depends upon it.
If your school is ready for a network solution that supports these goals, schedule a free consultation with a Samsung Wi-Fi expert today. Learn what makes Samsung different from other networks and how a stable, secure, and reliable infrastructure is vital in today’s classrooms. Your school has specific needs – we have specific solutions.