School network management: Balance technology and IT education
How a mixture of technology and effective IT education can help secure access to the network and keep serious security breaches at bay.
Published June 5, 2019If you’re responsible for school network management at a school, college or university, I don’t envy you. You have a tough job.
Not only do you need to keep out the usual external threats like viruses, trojan horses, hackers and the like from your network; you need to ensure that you protect against students’ own blasé attitude towards IT security.
It’s not just a myth — students are security lax.
Research from our study of Insider Threat Personas shows that 66% of youngsters aged 16–24 have shared a password with someone else at least once — compared with just 30% of those aged 55+.
And password sharing isn’t just a one-off for students either. Over a third (35%) of youngsters aged 16–24 say at least one person has their login details for one website or another — compared with just 11% of those aged 55+.
Students often don’t see password sharing as a problem. In fact, it has been seen to become a trend in behavior. Indeed, the "millenial' generation have been known to see password sharing as a sign of affection — a bit like giving a set of house keys to a partner. As is the case with most things in life, you learn from mistakes, and many people aged 16–24 may not have faced serious consequences from giving their password to somebody… Yet.
The concerning knock-on effect of this behavior is that students often take this relaxed view of security into the workplace, where they may have access to sensitive information on the company network. While at school or uni, students may have been putting their own confidential data at risk, now they’re putting their employer’s. A risk no company wants.
Companies are at least aware of the threat of young professionals when they join the workforce. In our Insider Threat Peer Report, we interviewed a number of senior IT professionals who were willing to discuss their company’s own internal IT security — a rare treat, simply because most organizations don’t want to talk about how they keep their digital assets safe.
In the report, when asked who posed the greatest security threat to their company, John Giordiano, IT manager at The Scenic Route, made an interesting point:
“I find that older users, although more paranoid about threats, don’t comprehend the scope of being secure and will forget simple things. Whereas the younger crowd can comprehend the scope of being secure but tend to blindly trust new technology because it comes in a shiny package.”
Today’s youngsters have grown up in a digital age where access to information is near instant, just a moment away with the touch of a smartphone. They expect to be able to operate at the fast pace they’re used to at school, university and at work. If your security measures slow them down, they risk causing frustration, which can cause students or employees to find ways to circumvent those measures.
Either implement a security solution that they don’t notice or that gives them no choice but to obey procedures.
The academic environment is very different from the workplace environment. The culture of education promotes the freedom to exchange ideas and access information instantly for the benefit of learning. IT teams must find an appropriate way to balance these access values that define education while protecting and safeguarding data and information systems.
IT security education is key to this balance. But when educating students about IT security, talk to them in a language they’ll understand. We’ve mentioned that they might share a password like a set of house keys, but you wouldn’t just leave your keys lying around. Do that and you risk someone stealing your beloved games console, laptop or smartphone.
And while lending front-door keys to a friend might seem relatively safe if you get those keys back, once you give a password to a friend, they can access your files whenever they like until you effectively change the locks by changing your password. The more people that have a copy of your keys, the more likely you’ll be burgled.
There are also plenty of security solutions available for you to back up user education, such as UserLock. With real-time monitoring, risk indicators, policy rules and a complete view of network activity, it’s possible for you to:
Apply two-factor authentication (2FA) to verify student and employee identities before granting access to the network.
Detect suspicious access, and alert students and administrators automatically to login anomalies.
Manage and secure mobile students, whether they’re on laptops, tablets or smartphones.
Restrict and monitor access to sensitive files so students can only access the files and systems they need.
Restrict concurrent logins, eliminating the possible windows in which unauthorised users can access sensitive information.
With a mixture of technology and effective IT education, it’s possible to keep serious security breaches at bay. Securing the network — and making your life easier as an IT manager — doesn’t have to seem an impossible task.