We have all had at a flood of information come at us in the last nine months regarding ransomware, malware, and cyber security options from all different quarters (cyber-seminars, vendors, various government agencies, and from even yours truly). It is easy to see how one could get a bit lost as to how to decide what the right first step is to improve the security posture of your school district. It could be easy for any of you to get frozen in analysis-paralysis and never actually take that first step.
To help with this problem, I am going to try to break this whole topic down into a simple framework for district's (or any other organization) to follow in tightening up your cyber security defenses.
Our suggested top six areas of cyber security focus for school districts:
Perimeter protection – Are you still using an old, outdated first-generation firewall at your Internet perimeter, or are you using a newer Next-Gen Advanced Threat Protection device?
Content Filtering – As a school, you all are already using some form of Web content filtering, but content filtering in today's modern world also extends to both Email and DNS content. With Email being one of the top two threat vectors into your organization, Email filtering is now about so much more than merely SPAM filtering. And proper DNS filtering can potentially stop malware C2 traffic in its tracks before it can start to take hold. Does your district have both of these additional content filtering controls in place?
Endpoint Protection – Are you still using an old, outdated first-generation anti-virus product on your endpoints, or are you using a newer Next-Gen Endpoint Detection and Response tool?
Controlling Remote Access – are you managing, limiting, and logging remote access into your network, or is remote access wide-open from anyplace on the Internet? Do you require all remote access logins to use some form of multi-factor authentication to mitigate against compromised credentials?
Identity Management – are you controlling, limiting who and what devices are allowed access onto your internal district networks? Are BYOD and vendor network devices identified and then segmented outside the rest of the internal system?
Network Visibility – Do you have any tools in place that can help you understand what is in the traffic flow across your network? Can you identify what "normal' traffic looks like, and know when unusual traffic is detected?
While it is a great way to get started if you need one, the above list is by no means a complete solution for every cyber security problem.
We have been discussing with many of you some broader lists like the CIS Controls Top 20 or the more recently released NIST Ransomware Protection Framework that serve more of that type of purpose. But tools like these two most likely will take years to work through and implement fully.
This short framework of six focus areas can help you quickly make an impact while you continue to work on the many processes and procedure suggestions from those broader lists.
If you would like help evaluating this for your district, reach out to us. We are here to help.