Being a network administrator for a K–12 institution can be a tall task. Hackers, malware, and other malicious attackers are constantly trying to break into your system from the outside. Meanwhile, students come up with new and devious ways to evade your protections and take control of your network. And you’re stuck in the middle trying to tackle every threat at once.
In 2017, K–12 schools have increasingly been targeted by hackers who are after valuable tax data they can use for a wide variety of frauds and scams. Phishing and DDoS attacks are a huge risk, and schools represent a tempting target because attackers know they’re understaffed and overworked.
The good news is that there have never been more ways to get the most out of a stretched budget and a small staff. With a few smart moves, you can protect yourself from attacks within and without, keep abreast of everything going on in your network, and improve your resilience in case an unexpected problem crops up. With all the extra help, you might even be able to take an actual summer break.
1. Get Creative With E-Rate Funding
Ever since the E-Rate Modernization Orders in 2014, school districts have been able to get more creative with how they leverage government assistance to add technology that improves learning while laying the groundwork for long-term growth. There’s a lot of flexibility in what you can spend on, and it’s important to realize that in 2017 it’s about more than just having Wi-Fi for your school.
There’s still a long way to go: according to an FCC survey of E-Rate recipients, “nearly half of respondents reported lower speed Internet connectivity than the average American home — despite having, on average, 200 times as many users.” If your district wants to implement new learning tools like live streaming video, interactive web apps, and teleconferencing capabilities, you need to have a fast connection.
Opening up the floodgates can also increase your exposure, which is why it’s important to double down on security. That’s where E-Rate funding can be a major help.
2. DDoS Mitigation
One of the oldest types of attacks is still one of the most popular: Distributed Denial of Service (DDoS) attacks. There’s a lot of different ways to pull one off, and they can range from the very simple to the extremely sophisticated.
A DDoS attack coordinates several computers, controlled through the use of bot software, to overwhelm a single target. Through large amounts of traffic, DNS requests, or repeated actions like login requests, the goal is to take a target offline, slow it down, or otherwise lock it up. There’s a lot of different ways that this can be achieved, but they all essentially target either a specific application or the network itself.
The important thing to understand about DDoS attacks is that they’re one of the easiest attacks to put together, but can also be among the most complex. A young “script kiddie” looking to try something new can take a quick trip to the right forum and download a tool to wreak havoc, whether that’s to disable online coursework or just to see what will happen. On the other end of the spectrum, professionals often incorporate a DDoS attack into a more elaborate attempt at a breach. In these cases, it’s used more as a distraction while they slip in and grab what they’re really after.
Regardless, investing in DDoS mitigation is a smart investment and one that is increasingly more affordable. At the end of the day, you don’t want to be rushing around to put out the fires when critical operations are being targeted, especially if there’s something more that could be going on.
3. Upgrade Your Equipment
Another big source of attacks is unpatched software and devices. School networks, where upgrades come in waves, and IT staff, often stretched thin just keeping everything running, are especially vulnerable simply not being able to keep up with every new release. The problem here is that these releases come in response to a publicized exploit, so falling behind can leave the window cracked open for an attacker.
There’s a lot of things you can do to make sure that your network is up-to-date. Automate as much as possible, to make sure you’re taking advantage of every bit of help you can get. Pay special attention to any exceptions or exemptions — often these are made for senior-level equipment and accounts, which paradoxically can do the most damage if they’re compromised. Don’t compromise security just because someone isn’t willing to adapt.
Aging equipment can also be a major vulnerability. Tight budgets often force an “if it ain’t broke don’t fix it” mentality that can leave you with legacy devices that haven’t been supported in years. Using E-Rate funding to address these infrastructure issues can pay big dividends by stopping a problem before it starts.
4. Consider Managed Services
With new cloud capabilities and powerful broadband, it’s never been easier to outsource a major part of your IT requirements using Managed Services. 24/7 network monitoring was once a gargantuan task, considering the ratio of users to IT staff, but is now par for the course with managed services. Knowing that your network is under constant protection frees you up to be proactive in other areas.
The great thing about the growth of Managed Services has been the explosion in the variety of solutions they offer. Beyond network monitoring, there are a lot of options in terms of threat response, firewall services, resilience, and even maintenance that used to require bigger in-house headcounts. Again, Managed Services can be eligible for E-Rate funding to help make more options affordable on a K–12 budget than ever before.
What You Can Do Right Now
Being a K–12 Administrator can be a tough task. From the inside, you need to deal with students who naturally want to push boundaries and break rules. Meanwhile, from the outside, more attacks than ever before are targeting schools to get at financial, health, and other valuable data. Protecting yourself is more important than it’s ever been. Here’s what you can do this summer:
Look at your options for E-Rate funding to make solutions more affordable.
Consider DDoS mitigation to defend against the most common (and damaging) attack.
Upgrade your equipment and take a second look at where exceptions have been made.
Use Managed Services to turbocharge your network security.