Employees with local administrative rights have the ability to:
• Download software. While most software that would be downloaded is harmless, allowing users to download whatever they need opens a risk that they will accidentally or maliciously download harmful malware that could spread to the entire school environment.
• Change security settings. Controls such as password complexity, automatic lockouts, and cookie settings can all be changed by local administrative users. This makes it difficult for the IT leaders to ensure all systems are configured consistently and are hardened using security best practices.
While these are the top areas independent schools have struggled with, there are other pitfalls such as lacking a dedicated security team and limited security monitoring capabilities that affect many school security programs. IT departments within independent schools are often spread thin, with minimal resources for staffing. The primary focus is always to keep devices connected and functional to ensure that students are provided with the resources needed to further their education. It is important for schools to understand that cybersecurity is not just the responsibility of the IT department, but of the entire organization. Departments such as the business, finance, development, and admissions offices all play a critical role in keeping sensitive data and systems safe. These offices should work as a team with IT to build a strong security program.
Do you have a cybersecurity team at your school? Who is involved? Let us know in the comments below!
Sign in to comment. New to ATLIS? Sign up for a free account.
Cross-posted from Access Points magazine.
Matt Flora is senior director, cybersecurity risk and advisory, at Ankura Consulting.