Educating users about how to avoid major security risks is possibly the greatest weapon one has in combating cybercrime and ensuring safety. There arises the need to create awareness through messages, campaigns, workshops and expert discourses to highlight internet safety and privacy. However, all the tools and tricks in the book won’t do much good if people aren’t following best practices in cyber security. Frequent reminders about the risks and the steps to mitigate them will help keep network security on top of the mind.
Provide separate network set-up for official and students’ purposes
There's absolutely no reason for a school to have only one network for everyone there. It's insecure and practically begs for hackers (or bored students) to try to break in. The network your students and parents use should in no way connect to the main administrative network of the school. Implementing a 'guest' network for students, visitors, and even some staff members to connect to with their devices works well because it keeps sensitive data on the administrative network safe and also makes traffic much easier to monitor.
Hide the administrative SSIDs
The Service Set Identifier (SSID) is the name for a network as it appears on devices' lists of nearby access points. However, an access point does not have to broadcast this name. A hidden SSID can still be connected to, but it gives no hint of its existence. A user has to know the exact network name to be able to connect. If you do this with the SSIDs of your administrative network, it will vastly decrease your chances of being hacked. So, it's important to make sure the teachers don't get sloppy and give the students access anyway.
Train staff on cyber security
Modern networking security truly is a group effort, and all it takes is one 'weak link' to cause the entire security chain to crumble. Many teachers tend to be lax about security, especially with students they trust. Others may tend to fall into bad habits like writing down SSIDs, user names, and passwords. And most of them, unless they've got relevant, real-world experience, may never have had the training to defend themselves against 'social engineering' fast-talk techniques designed to trick them into giving up secure information. When you implement WiFi in your school, your staff will need to step up its security. These days, employee negligence is the number one cause of data breaches.
Utilize active scanning methods. Broadly, there are two kinds of software network security measures: passive and active. Passive systems simply log access and leave it up to the administrators to police use.
Active security systems are just that - active. They 'watch' the network for any suspicious activity and alert administrators if anything strange or unexpected happens. A modern WiFi network can be a partner in its security systems. Be sure you purchase your network hardware, like access points, from a reliable vendor who's known for his quality of security.
Establish a strong BYOD (Bring Your own Device) Policy
Many schools embrace this and incorporate mobile computing into the standard curriculum. It’s even common for educational institutions to issue communication gadgets to be used for schoolwork. Establishing a firm 'bring your own device' (BYOD) policy can help manage the risk of a data breach when tech-savvy students have access to school networks. As part of a BYOD policy, schools can segregate administrative and guest networks.
Protect school-owned technology when it’s offsite
We’ve all grown accustomed to using mobile computing devices while on-the-go, and education staff is no exception. Teachers are typically given laptops for home use, whether it be for grading school work or research. When users connect to wireless hotspots in hotels, cafes, airports, or less-than-secure home networks, they are no longer protected from whichever security measures their school may have in place. Most people don’t carefully monitor their browsing or usage habits, and all this unmonitored offsite connectivity increases risk immensely.
There’s the chance that the laptops themselves contain sensitive data and are likely to get hacked on open networks, or they could more easily come back to connect to the school network chock full of viruses or other malware. Remote filtering technology is a way to protect laptops and mobile devices when they’re being used on other networks than the schools. With remote filtering, all registered devices are forced to connect to the internet through a web security gateway. This ensures that web traffic from these devices is subject to the web access and security policies of the organization, no matter from where one logs in. It’s a relatively inexpensive option that could save schools from many potential headaches.
(Maj Prince Jose, SM (Retd) is an Indian Army IT expert. He is a celebrated Kargil war veteran)