This morning I read the headline that a second New York school district has shutdown over Coronavirus concerns. The question becomes how does a school district function if school is closed for an extended period of time? Besides the obvious impacts to teaching and learning there is a whole lot of back office processes that still have to happen. Staff has to be paid. Bills have to be paid. District equipment still needs to be maintained and monitored - whether security, HVAC, refrigeration or the servers and switches themselves.
Here are a couple of short-term and long term solutions to make this happen:
- Immediately re-visit who in your organization has VPN accounts for remote access to the district. If you were closed for an extended amount of time, do you have accounts for everyone who needs them to run the back-end of the school remotely? If not, fix that ASAP.
- If you are expanding VPN access, you should simultaneously discuss implementing multi-factor authentication (MFA) such as Cisco DUO on the VPN accounts so you are not broadly exposing the district to breaches in the name of keeping the school running.
- If you are expanding VPN accounts, there may be access rules that are required and RDP to be configured so that the appropriate people can get to their desktops to do what they need to. We can easily implement the same MFA on RDP connections on the same license to further protect the district from the bad guys exploiting that same greater access.
- Implement a true Virtual Desktop (aka VDI) solution. A number of you have done this. Some have large VDI implementations for teaching and learning with students and students having full, remote access. Some have smaller VDI clusters just for back-office type access. This gives your staff secure access to all internal applications and resources - just as if they were sitting there. It also eliminates some of the inherent risks that come with a VPN connection. We use this internally and it is awesome.
- Implement Paladin Sentinel Monitoring and CyberSentinel Endpoint Detect & Respond (CSEDR) to have greater visibility and control over what is going on - even if you and your staff are not "in district". With these tools we are watching 24x7x365 and can intervene and remotely assist you to keep the district's back-end infrastructure running. This really does help answer the question of, "How do I know what I don't know?" We can notify, intervene or assist depending upon what your requirements are.
Also, I saw the other day that until July Google is providing their full Google Hangouts remote presentation solutions (including all the paid bells and whistles) for free to all school districts until July to help districts get through the present situation.
There are a whole lot of challenges ahead. CSI is here to help you figure this all out and support you in any way we can. Give us a call and let's sort out what needs to happen for your district.