Posts

Cloud Security Solutions for Public Institutions

The Role of Technology in Cybersecurity & Safety

 

Earlier this week, I traveled to Austin, Texas to join the Texas Department of Information Resources (DIR) Information Security Forum. I was invited to lead a session on how cloud security can help public institutions secure sensitive data stored in the cloud and help safety management teams keep employees, students, and others safe. It was a fantastic discussion, and very well-received by attendees. Here is a brief overview of what we discussed.

Cloud Security Solutions for Public Institutions - layered security - 21. Information Security Needs To Take A Layered Security Architecture Approach

There is no cybersecurity “silver bullet” (cliché, I know, but true). Information security pros layer security to provide both comprehensive and redundant protection. In many areas of business, redundancies are a bad thing. But in cybersecurity and campus safety, where the consequences for failure are high, redundancy is necessary. During the session, we talked about the different layers of cybersecurity that attendees use today, and answered questions about some that they were less familiar with.

  1. Employee Education: I think every IT security pro out there knows that the single greatest point of failure in cybersecurity is the people using the information. Human error causes far more data breaches than malware or any other type of malicious attack. In fact, a recent report found that 1 in 4 workers are aware of security guidelines, but choose to ignore them! This is why ongoing employee education is the foundation for any good security strategy.
  2. Network Security: Sometimes referred to as perimeter security, this layer includes your firewall, agents, browser extensions and the like that protect the perimeter of your network environment. This layer represents the more traditional, common approach to cybersecurity that should be part of your infrastructure to protect on-premise servers, software, and your network.
  3. Web Security: Web security takes things to the next step by placing technology similar to a firewall in front of off-premise information, such as the cloud. These tools include cloud access security brokers (CASB), proxies, secure web gateways, and mail transfer gateways (MTA). Web security can also be referred to as “man-in-the-middle” security features that most commonly focus on securing access to cloud environments.
  4. API – Based Content Filters: To be clear, not all content filters use APIs. Some types of APIs would land in the last layer. API content filters work differently than proxy based filters in that there is no “man-in-the-middle”, they integrate directly with the cloud application in use.
  5. API-Based Cloud Security: If your organization uses cloud applications for operations, such as Google G Suite or Microsoft Office 365, API-based cloud security is a requirement. This is because none of the other layers can protect or monitor the information stored and shared in the cloud. They can only monitor access going into and coming out of it. Cloud security tools provide IT security with the visibility and control they need to secure sensitive data and remain compliant with regulations.

2. Why Cloud Security?

Next, we took a deeper dive into cloud security. Many people don’t realize just how important cloud security is. Many think that if they have a firewall and a gateway, they’re covered. This simply is not true. With cloud computing there is no perimeter. If there is no perimeter, there is nothing for the firewall to protect. Traffic can easily bypass firewalls and gateways to gain access to cloud environments.

There are also legal reasons and compliances that require organizations to use cloud security. If you are storing student, employee, and/or customer personally identifiable information in Google Drive or SharePoint, for example, you need to secure it. And, again, a firewall or gateway simply won’t do the trick.

Cloud security solutions provide IT security teams with control over the information and account behavior within cloud applications. They can see who has access to what files, what is being shared with whom, and much more. IT teams get threat protection, data security, and user behavior & monitoring with a good cloud security tool.

FREE CONTENT FILTER COMPARISON GUIDE FOR K12 SCHOOL DISTRICTS >>

3. What Does Safety Have To Do With Cybersecurity?

Cybersecurity and safety are closely related in several ways. Cyberbullying in schools and in the workplace have led to devastating incidents on-campus, with workplace violence, suicides, and school shootings becoming a depressing norm in U.S. society. Further, there are incidents of unwanted sexual advances, explicit and/or offensive content being shared throughout the office or school. This type of behavior is more than just a distraction.

Finally, criminals and hackers are finding ways to use smart building technology to gain access to buildings, spy on workers and meetings, and threaten students. These types of incidents are not just people trying to harass or otherwise “get a rise” out of people. In some cases, they’ve attempted to run ransom schemes by threatening violence and more through campus surveillance systems.

4. What Is The Difference Between Cybersafety and Cybersecurity?

Cybersecurity’s role is to protect technology infrastructure and information from unauthorized access and attacks. Cybersafety focuses on protecting the physical and emotional well being of employees, faculty, and students using the technology.

Cybersecurity protects information like social security numbers, names, addresses, HIPPA health information and more that are stored in networks, computers (or other devices), and in the cloud.

Cybersafety scans for explicit content, threats of violence, self harm, and cyberbullying. Technology can be used to filter domains, scan email, documents, images, messaging apps, and even social media channels to flag potentially harmful content and alert the proper authority to handle it before it becomes a bigger issue.

As our lives are more and more entwined with technology and the digital world, cybersecurity and cybersafety will only continue to merge. IT and security professionals need to recognize this and work together to keep people safe and their data secure. ManagedMethods is a cloud security platform that helps education, public sector, nonprofits, and mid-sized companies do just that. Our platform is used to secure over 1,000,000 user accounts (and growing) as well as help IT professionals gain control over how information in all those accounts is being stored, accessed, and shared.

It was a great pleasure to meet and talk with the attendees at the 2019 DIR Security Forum. If you have a chance to go to this FREE event next year, I highly encourage it!

Cyber Safety vs. Cybersecurity: What’s The Difference?

Cyber safety is important, but it isn’t a replacement for cybersecurity

I recently attended the TCEA SysAdmin conference in Texas and was intrigued by the workshop: Cyber Safety and Security. Miguel Guhlin presented important ideas regarding the differences in cyber safety and security that are often missed by K12 district administrations.

In truth, my team and I hear the misconception just about every day. We often talk with directors, managers, and system admins who are currently using tools such as Gaggle, GoGuardian, Bark, or Securly and believe they are covered. In truth, if your district is using G Suite for Education and/or Office 365, your content filter and campus safety tools are not enough to secure sensitive, regulated data.

I get it. The amount of information and noise around the subject is overwhelming. As Guhlin writes: There is a beguiling amount of jargon and vocabulary relevant to cybersecurity (systems and things) and cybersafety (people).

Last week I received a notification that a student decided to use pepper spray at my son’s middle school. As much as that freaked me out, I know it gets a lot worse. So trust me when I say that, as the father of two school-aged children, I absolutely believe in the need for campus and cyber safety technology in our schools.

I’m also well aware of the risks to my kids’ (as well as my wife’s and my) identity security as a result of insufficient cybersecurity. K12 school cyber attacks are on the rise. As is identity theft for school-aged students, whose credit information can often be used for years before fraud is detected.

For these reasons, I am passionate about cyber safety and security in K12 school districts. The important thing for district IT and system admins to understand is that these are two fundamentally different topics. As are the solutions needed to managed them.

What Is The Difference Between Cyber Safety and Cybersecurity?

cyber safety v cyber security diagramFundamentally, cyber safety focuses on people while cybersecurity involves information.

Cyber safety uses technology to help protect the physical and emotional well being of students, faculty, and staff on campus. These tools focus on protecting students from viewing explicit or violent content on school networks and computers, and from bullying and other inappropriate behavior. These tools monitor domains and content through filters to keep students safe and will alert teachers or staff when intervention is necessary.

Cybersecurity protects school technology infrastructure, such as networks, computers, cloud applications, and data from cyber attacks. Think hackers getting personal information like social security numbers, birth dates, addresses, etc… There are many reasons why schools need cybersecurity. It protects students and staff information from identity theft and secures information that districts are held liable for, such as health information covered under HIPAA.

Cybersecurity also ensures classroom continuity. When a school’s network goes down due to hacking, such as a denial of service attack, teachers and students can’t access their materials stored in the cloud. Sometimes this may only last minutes, but in some cases can last days.

FREE CYBER SAFETY AND SECURITY EBOOK FOR K12 SCHOOL DISTRICTS >>

What Does Cyber Safety Technology Do?

Gone are the days when a student rides the bus home and leaves school behind for the day. Students are constantly connected to friends, classmates, teachers, and coaches. They carry school with them everywhere they go on their phones, iPads, Chromebooks, etc… Today’s connected students are under constant pressure and, unfortunately, now bring the bullying home with them. They experience personal safety and mental health pressures in and out of school that we never dealt with as children.

Because staff can’t be everywhere at once, some great cyber safety solutions have been developed to help. Solutions like Gaggle, GoGaurdian, Bark and Securly are the leaders in bringing campus safety technology to K-12 schools. Using data science, machine learning and pattern matching technologies, campus safety management tools provide visibility into email, documents, shared files, images, photos and more. Some solutions, such as Gaggle, provide trained support staff to monitor red flags and notify school administrators and/or emergency personnel directly if needed.

For example, a student sends an email with the word “suicide” from their school computer, an alert is raised. Staff can then investigate the alert, and take appropriate action. Considering the current issues in campus safety, most would agree that being able to intervene before a dangerous situation happens is a good thing.

What Does Cybersecurity Technology Do?

Cybersecurity solutions help school districts protect sensitive information, such as social security numbers, from hackers. Most school districts use firewalls, gateways, content filters, spam filters, or some combination of all to help keep information secure. These measures won’t protect our kids from bullying or sharing explicit content. But they will help keep criminals from breaching network perimeters and stealing data that will be harmful to their financial future.

As more school districts migrate to the cloud, using G Suite for Education and/or Office 365, cloud application security is also needed. While firewalls and gateways protect your perimeter, cloud security protects data within your environment. As IT directors transition their districts to G Suite for Education, they often add a cloud security solution to their cybersecurity architecture to provide comprehensive protection and control.

Let’s say that a member of your faculty clicks on a phishing link in an email and that link granted hackers access to your G Suite environment. That hacker is now able to easily pass through any firewall and gateway that your team has set up and will be able to download and share all the files they want. And, unlike traditional network-based software hacks, you may never know that a breach took place.

Security Gaps In Cyber Safety

Cyber safety is important to the security of students, staff, and faculty. But the technology doesn’t cover the same threats and compliance issues that cybersecurity does. School districts need cybersecurity to protect important data like personally identifiable information from malware and phishing schemes, or even accidental sharing of information. Even something as simple as a staff member or student clicking on a spam link puts an entire school district at risk.

Further, most cyber safety solutions only cover school hardware, like Chromebooks. This means that violent, explicit, and inappropriate behavior happening on personal devices (such as smartphones and home computers) connected to school G Suite and/or Office 365 accounts may not be caught by existing filters.

To truly keep students and staff safe, IT security admins also need a cybersecurity strategy that includes cloud application security. A multi-layer approach can help schools cover campus safety and cybersecurity, while being cost effective. This allows schools to keep up with regulations when it comes to personally identifiable information while keeping students and teachers safe.

Securing School Information From Cyber Attacks

cloud security and cyber safety architectureDon’t wait until a breach happens. Gaps in your security infrastructure will cause a PR nightmare for a school and lead to significant, unexpected expenses. Not to mention the damages to those involved whose personal information is stolen. And, with so many schools adopting cloud technologies for both student and administration purposes, including cloud security is critical. While your G Suite and Office 365 applications do have some native security built in, the functionality is limited and requires expensive upgrades.

This is where ManagedMethods come in. We make protecting sensitive data in the cloud easy for system administrators. Our K-12 customers love that they can protect sensitive personal information, block malware, and quarantine inappropriate content in district cloud environments all from one, easy to use platform. ManagedMethods provides some overlap with your content filtering and/or campus safety management platforms, with the added ability to monitor and secure sensitive data stored in the cloud.

Find out how simple and easy ManagedMethods is to start working and maintain with a free 30 day trial!

K-12 Campus Safety Management and Cloud Security

Layering your K-12 campus safety management and cybersecurity tools provides the most complete coverage

School administrators have a heavy burden when it comes to keeping students and faculty safe in today’s education environments. Threats to health and safety come in many forms, including cyber threats as well as physical ones. We mainly deal with K-12 cloud security, but we work with schools that also use campus safety management tools to ensure physical safety.

The unfortunate reality for administrators is the increased need for campus safety measures. Our schools and students are exposed to so much, both on-campus and online, that ensuring their safety has become quite complicated.

Out of this need, companies are creating unique solutions to use modern technology to help administrators make their schools a safe, inclusive environment for learning. K-12 campus safety management solutions attempt to assure the well-being of students, faculty and staff members by gaining awareness of threats and potentially harmful actions within the greater school community, such as suicidal or violent intentions.

Further, some states have enacted laws that require schools to intervene when a child is a target of bullying. For instance, David’s Law in Texas requires schools to notify parents by the next day if their child has been a target of bullying, and to notify the parents of the perpetrator within a reasonable amount of time. The law provides immunity to educators who report bullying, while schools have the authority to investigate cyberbullying and to work with law enforcement on such investigations.

What K-12 Campus Safety Management Products Do

K-12 campus safety management solutions help school districts identify and manage these various risks. Gaggle and GoGuardian’s Beacon product, for example, use powerful contextual content monitoring to flag certain types of behavior that signify intent to harm.

Beacon primarily focuses on suicide prevention. The product works across online channels, including web searches, social media, email, and more to securely build a profile on students’ online activity. It can then create an alert of activity that might signal suicidal intent and notify the proper people to intervene.

Gaggle flags safety incidences more broadly. The tool is customized to alert professionals and officials about all manner of potential dangers, including bullying, planned fights, suicidal behavior, threats of violence, weapons in school, and more. The company then has trained professionals who evaluate all the signals 24/7/365 and alert the proper authorities when needed. School districts can also elect to add-on the SpeakUp Tipline, which allows students to report incidents and threats themselves.

A few other vendors in this category include (but are not limited to):

  • Securely
  • Bark
  • Social Sentinel

FREE CYBER SAFETY AND SECURITY EBOOK FOR K12 SCHOOL DISTRICTS >>

Example Campus Safety Management Use Cases

  • A student sends an email message to a friend, mentioning intentions of suicide. The safety management solution/team analyzes and reviews the content that clearly indicates the student is in imminent danger of self-harm. A safety representative forwards the email to a school district administrator and calls the emergency contact. The student is located in a school bathroom moments before harm is done.
  • A student submits a homework assignment that requires writing an essay. The story seems to be about the student being in an abusive dating relationship. Before the teacher has a chance to read the essay, a relationship manager reads the essay and flags it for review by a school counselor, who then reaches out to the student and her parents to provide help. The school also contacts the parents of the suspected abuser, who attends the same high school.
  • A small group of students were in involved some off-campus criminal activity and they bragged about it to friends. People shared the stories of the criminal behavior over email. Keywords in the messages led the safety management solution to alert a resource officer, who read the email messages and then notified law enforcement.

Limitations of a K-12 Campus Safety Management Solution

The limitations vary greatly by product. Some of these solutions only work with school-sanctioned products such as Office 365, Google G Suite or Canvas LMS, or they only review posts to public social media sites. Students can still use private or direct messaging applications, apps with tight security settings, or non-school-provided social media and mobile applications to share their objectionable content, discuss their malicious or harmful intentions, or conduct their cyberbullying.

Tech buyers should thoroughly investigate a solution’s capabilities as well as which platforms and applications it works with. It’s important to understand what a solution doesn’t do, and what platforms and applications it doesn’t work with, as the excluded platforms and apps might be the ones that children are most likely to use to communicate with each other.

The Difference Between K-12 Campus Safety Management and Cloud Security

Campus safety management is not cloud application security—and we just can’t stress this difference enough.

Campus safety management tools are fantastic at helping keep students, faculty, and staff physically safe from violence, self-harm, and inappropriate behavior. What they don’t do is keep their personally identifiable information safe from malicious and accidental data breaches.

According to Experian, over 1 million children were victims of identify fraud, costing families north or $540 million in 2017 alone. Schools collect and store personally identifiable information (PII) for students and their parents/guardians. This data is a veritable gold mine for cybercriminals who can sell the information on the dark web. The combination of highly marketable data with relatively low security make K-12 schools and districts a tempting and easy target for malicious attacks.

But it’s not just about data breaches originating from the outside. Accidental sharing and improper storage of sensitive data happens in school districts across the country all the time. These data breaches are just as serious as malicious attacks. They expose sensitive information to anyone interested in picking it up, no matter their intention.

K-12 cloud security solutions, such as ManagedMethods, protect school districts and students from the threats of cyber-attacks and accidental exposure. When layering ManagedMethods with a campus safety management solution, school districts gain an extra layer of violent behavior, self-harm, and inappropriate content screening. But, more importantly, they gain a critical layer in cybersecurity for their G Suite and Office 365 cloud applications that tools like Gaggle and GoGuardian can’t provide. Together, the two solutions create a safe environment for students, both in the classroom and in the cloud.

Learn more about your campus cloud security options–download our free eBook today!