Many schools have an internal IT team – it’s hard not to, with printers, projectors and smart boards going wrong every day. But are you certain that your IT team is doing everything in their power to keep your organisation secure, not only from external threats, but internal threats too?
Schools are very delicate in terms of IT Security. You must store critical information regarding students such as medical history, which you really don’t want to lose. For schools, losing data isn’t just about your business, as it could severely affect students’ lives as well.
In addition, schools have a very high number of constantly changing students. This means group policy and default settings must be perfect, or you could end up with hundreds of accounts with fatal security issues.
Worst of all, you are expected to provide network access to students – and if you don’t separate the networks, it could leave students (or potential hackers) with direct access to your server files.
A strict Active Directory policy will go a long way to keeping your school secure. Keeping students with very limited permissions on one active directory server ensures that students do not have administrative rights over anything. Keeping teachers with limited permissions means that even if some credentials were breached, the network is not entirely exposed.
Have a separate domain and VLAN for students and for staff. This ensures that even if a student was somehow able to give themselves administrative permissions, they would still not be able to access any staff files whatsoever. Students cannot login to the staff domain without staff credentials and access to the specific VLAN.
Back-up your data according to GDPR regulations. Should you fear GDPR? Yes. Are punishments for GDPR non-compliance a realistic threat right now? No. As of writing this article, only 170 companies have had action taken on them by the ICO. The reason you should fear GDPR regulations is because it’s raised the bar for minimum security standards. Hackers will almost always go for the least secure network that they can find – and GDPR is designed in a way that following the regulations will make your business more secure. If everyone else is following GDPR and you’re not, the thing you should fear isn’t the ICO, it’s the people looking for insecure networks.
Perform maintenance on systems frequently. Most updates for operating systems is not functionality upgrades – it’s security updates. Not performing regular maintenance means that you are missing vital security updates against the biggest ongoing threats.
Sometimes, internal IT may be too busy to work on keeping your business secure. It’s tough and time-consuming, and many people consider it “unnecessary” (until after they are hacked).
External IT Solutions often have experience with this. 99% of IT Support can be done remotely – and at Backup Data, we’ve handled the security of schools for years.
Hiring an external company for the specific needs of your business is the perfect way to reduce costs and prevent your business from becoming nothing but a statistic.
Send us an email to arrange a good time to talk. Or call us on 01223 240 088
You can also book a free network and IT consultation with us.
contact us now