Skip to main content
The Matthew White column

How to protect my school network?

A lot of schools, even ones with Managed Services provided by an external IT company, are not as secure as they think. Most of the time, if the governors had a full IT security audit, they would be shocked at the security holes they are accountable for.

When we have taken over the support of schools from other companies, the first thing we do is have the customer agree to upgrades needed to bring the network to a base level of security. Understandably, this can often mean extra costs and unless it’s clearly shown why there is a benefit, many people balk at doing this. We try to show the impact of not doing these upgrades in simple terms.

The good news is that most often, schools and small businesses don’t need to spend much money to bring the systems up to a sufficient level of security. That last sentence has the key – sufficient level of security. You’ll never protect against State Sponsored Actors on a school’s IT budget, but nor do you need to. You need to protect against scripts and automated attacks, and organised crime. Yes, organised crime… nowadays ransomware and many phishing hacks are done by organised farms of Hacking as a Service.

Here is a powerful insight to this from a high quality UK security firm. 7 Elements have helped one of our customers when they were being hit with a Distributed Denial of Service attack that was more sophisticated than normal.

The last part of their notice is the most important. Those are basic, IT security hygiene items that don’t cost much, but have a powerful affect on security.

I’ve repeated them here:

  • Use of Multi-factor authentication (MFA)
  • Effective Backup Routine
  • Segmented Networks
  • Timely patching of OS and software to remove known security vulnerabilities

Done right, these shouldn’t cost much, but putting it simply – they have to be done.

If you aren’t doing these simple measures, then you need to speak with your IT service provider. Also, if you have a serious network security problem, use the contact details on their page to speak with one of their security experts directly.