With educational institutions now heavily reliant on information technology to deliver services for students, keeping core systems and data stores secure has never been more important.
The challenge has been amplified during the COVID-19 pandemic as delivery of many education curriculums has shifted to an online environment. Ensuring students and teachers can securely access the systems and information they need has become a top priority.
While the task of maintaining effective security within an educational environment can seem daunting, there are five actions IT teams can take to ward off potential attackers. They are:
- Hunt for threats:
Advanced persistent threats (APTs) lurk within IT infrastructures for weeks or months before being detected. For this reason, it’s important to search for malware or attackers at all times proactively.
While traditional security tools are equipped to deal with commonly known threats, you still need to worry about unknown ones. These unknown threats are more likely to include different types of APTs that can cost an educational institution heavily.
A good way to hunt for threats is to perform in-depth log analysis, which involves sifting through logs from different sources and investigating the ones that don’t align with normal network activity.
- Fine-tune your security tools:
Apart from deploying security tools, monitoring them is essential to ensure they are operating effectively. Examining events occurring in security tools can give deep insights into the overall network security. Using an efficient security information and event management (SIEM) solution is the best way to monitor all your security tools and devices from one place.
This can provide a clear overview into an organisation’s network infrastructure by collecting log data from different sources like firewalls, antivirus software, and intrusion detection appliances, and correlating it to initiate automated remediation responses, and generate easy-to-read reports.
- Prevent unauthorised access:
Besides using tools such as firewalls and reviewing server logs for detecting malicious activities, ensure unauthorised users cannot access your infrastructure remotely. Techniques to achieve this include making use of a virtual private network (VPN) and the use of multi-factor authentication (MFA) tools.
It is also a good practice to use email filtering to block malicious attachments, and implementing a strong password policy.
- Create an incident response plan:
Regardless of how many security measures you have in place, there’s always the possibility of a successful cyberattack. By then, it’s far too late to be thinking about the creation of a response plan.
Such a plan acts as a blueprint to help an organisation detect, respond to, and recover from network security incidents. The plan should address key issues such as cybercrime, data loss, and service outages. A well-crafted incident response plan can help an organisation perform at its best by preparing for the worst.
An effective plan will cover a range of factors including forming an incident response team, detecting and containing breaches, and recovering lost data.
- Devise a forensic readiness plan:
After a major information security incident has occurred, it’s customary to undertake forensic analysis of digital evidence. For this reason, it’s a good practice to gather and preserve data that can serve as evidence in case an incident occurs.
A strong forensic readiness plan will minimise the cost of cyber investigations and blocks the opportunity for malicious insiders to cover their tracks. It also cuts down the time required to identify the attack vector and helps the organisation to recover from attacks effectively.
By following these steps, educational institutions can ensure they are adequately protected from cyber threats and able to quickly recover should one occur. The threat landscape is constantly evolving and so taking the time to get adequate security in place is something that needs to be done immediately.
Samson Santharaj is a product consultant at ManageEngine.
Email [email protected]