Close

HPE Aruba Networking Blogs

4 Ways to Modernize Cybersecurity in K12 Schools

By Elaine Shuck, Senior Marketing Manager, Aruba

Educational data is a valuable black-market commodity. And cybercriminals know it.

School districts have fallen victim to ransomware attacks, phishing scams and the human fallibility of their own staff and students. Identity thieves want to steal students’ personal information for sale on the dark web. Criminals know that school districts handle large amounts of money, and they are trying to trick business managers into redirecting legitimate vendor payments. Cloud applications can create new security risks that IT staffs, accustomed to traditional on-premises systems, are unprepared to guard against. And of course, there are always students who try to bump up their grades.

The rise of successful cyberattacks is not lost on school CIOs. Cybersecurity is the top priority for K12 leaders, according to CoSN.

In fact, data breaches were the most frequent cyber-incident in K12 last year, according to the K12 Cybersecurity Resource Center, run by the consulting firm EdTech Strategies. Student data was included in more than 60 percent of those breaches.

Four Key Steps to Modernize Cybersecurity
Many school districts have not modernized their cybersecurity for this new reality. Their IT staffs are generalists, working to maintain the applications, systems and instructional technology that are used across many school sites. Cybersecurity specialists are in short supply everywhere, and schools can’t compete with the triple-digit salaries that companies can offer. IT budgets are stretched, and only basic network security is covered under E-rate.

With a secure network foundation, you can protect your school district without adding security hurdles that get in the way of instruction.

1. Know what’s on your network. From instructional technology on Chromebooks and iPads to specialized lab equipment that lets students explore physics to virtual reality that lets kids walk back through history, schools have an incredible diversity of devices. Many schools encourage students to bring their own tablets and laptops into the classroom. And most students have at least one mobile device in their pocket or backpack. Surveillance cameras and smart building control systems are an important part of school safety and efficiency measures.

Yet, many of the devices that connect every day, especially IoT devices, cannot run traditional security software. IoT devices are notoriously unproven when it comes to cybersecurity.

You can’t manage what you can’t see, and knowing what is connected to the network is the foundation for creating effective security policies and reducing security and compliance risk. Aruba ClearPass Device Insight gives IT managers clear visibility into all connected devices. ClearPass can accurately identify all wired and wireless devices, whether traditional devices like laptops and tablets, or previously difficult-to-detect IoT devices such as interactive whiteboards, 3D printers, temperature and environmental sensors, student ID cards and security cameras.

2. Control what’s on your network. Take a strategic approach to controlling what’s connecting to the network. With centralized policy control, IT can ensure that students, faculty, administrators and visitors have ready access to the application and resources they need—but nothing else. All users devices must be properly authenticated to verify that they really are who they say they are. And if the data is sensitive, make sure communications are encrypted.

Aruba ClearPass can discover, profile, authenticate and authorize users, their devices and IoT devices before allowing them on your network or giving them access to digital resources. IT can control access by user device, role, location and even time of day, including for applications.

Aruba supports WPA3, the successor to WPA2 authentication, which improves security and simplifies device onboarding. Nothing changes from the user perspective, but they get a truly secure connection. All wireless traffic is encrypted. And WPA3 makes it much easier to onboard IoT devices.

3. Let the network help. IT has long used network segmentation to enhance security, such as keeping visitor traffic separate from instructional applications or administrative applications. But setting up virtual LANs (VLANs) or access control lists is a painstaking manual process, and when a policy is changed, it can mean many hours of reconfiguring switches.

Aruba Dynamic Segmentation is an easier way to establish and enforce that separation. IT can ensure that network access policies are enforced consistently for each user, device and application—at every school site, administrative building or bus depot. It’s more than just keeping visitor, instructional and administrative applications separate. You can also ensure that IoT device traffic is isolated, mitigating the risk that a hacked IP camera or printer could ruin your week.

Aruba ClearPass is used to centrally manage policies, which are dynamically enforced throughout the network by the built-in Aruba Policy Enforcement Firewall. No more driving to school sites to update switches to ensure a great user experience and policy compliance.

4. Stop attacks that have slipped past your firewall. A quick glance at the news media shows that cybercriminals can slip past perimeter defenses and freely move about until they find a lucrative target inside the network. To combat these attacks, organizations are continuously monitoring inside their networks for suspicious activity. Attackers may hide in legitimate network traffic, but they do leave digital footprints.

Aruba IntroSpect combines User and Entity Behavioral Analytics with Network Traffic Analysis. That’s a long way of saying that IntroSpect uses machine learning and analytics to continuously monitor anything with an IP address, and detect hidden attacks that traditional perimeter security have missed. Instead of hunting through a mountain of security alerts, IntroSpect points IT staff to the highest priority risks. And it can be integrated with other security solutions to take enforcement action.

What About E-rate?
E-rate has long helped school district fund networking, Internet service and firewalls. But there’s a growing outcry for E-rate to address more sophisticated—and increasingly common—cybersecurity challenges. In a response to the FCC’s request for public comment, many stakeholders, including CoSN, have urged the FCC to help school districts secure the networks they manage.

Next Steps
Cybersecurity incidents are becoming more common—and more damaging. It’s time to take action to enhance security without adding to the IT workload. Learn how Aruba can help.