If you heard about the attack on the Los Angeles Unified School District in early October, you probably heard that 400,000 students’ private data was put at risk and that the hackers demanded a ransom. When speaking about the attack, the police chief made a point of saying that cyberattacks are “the number one threat to our safety” and that everyone is vulnerable. Even so, the education sector seems to have an especially large target on its back, with LAUSD being the 50th education entity to be hit with ransomware in 2022. If you want to avoid being next, there are a few key steps to take – including getting rid of flat networks. The status quo has to go.
Are You Prepared to Pay the Costs of Convenience?
All too often, schools blend their guest and student networks together. Such a move flies in the face of every single, basic security recommendation ever made, so why do they do it? Convenience. Yes, it’s more convenient but that’s because it’s insecure.
If your network is flat because of convenience, then ask yourself: Are you prepared to pay the costs of that convenience? The costs of an attack like the one at LAUSD are many, ranging from student safety to financial, operational, reputational, and more.
A Properly Segmented Network is a Must
If someone doesn’t know much about computer networks, they won’t know that a flat network is bad. Similarly, anyone without knowledge about security won’t know the importance of network segmentation. Still, ignorance doesn’t excuse inaction. A properly segmented network reduces the speed at which a cyber criminal can move across your network, making it a key priority.
In order to segment your network, you need to develop a route, which involves creating an access control list. This is the point at which many schools and districts balk. They don’t want to have an access control list, so they end up having no idea who’s coming and going. Once again, it’s more convenient. But it’s dramatically less secure.
Related:Free internet could erase the digital divideK-12 IT teams need to rethink their approach to cloud storage costs and security
Author Recent PostsRyan Cloutier, CISSP, President, SecurityStudioRyan Cloutier, CISSP, is the president at SecurityStudio, which works to fix information security industry problems through simplification. A passionate cybersecurity thought leader Ryan can be reached at rcloutier@securitystudio.com. Latest posts by eSchool Media Contributors (see all)
Want to share a great resource? Let us know at submissions@eschoolmedia.com.