Creating School Cyber Rules

Creating School Cyber Rules

Campus security guides will help managers take care of their tech stack

Campus IT managers are responsible for managing their school’s tech stack. Worries vary. Are all the laptops correctly setup? Is the network able to handle the load? Is the firewall activated? Unfortunately, there are a ton of security variables the IT team cannot control, but require policies and guidelines for the institution’s attendees.

You will need to consider what happens when an infected device comes into the school. How can a student’s laptop be secured when he comes back to college? How can the fallout from a security-unaware teacher be contained?

The first step towards a solution is awareness. Schools, universities and academic institutions where students and faculty can access computers and mobiles (both institutional and personal) need to share guidelines and best practices for safe IoT device usage on campus networks.

Many schools and colleges share this on their website as part of their cyber security basics or tips & best practices for cybersecurity in-campus. We took a look at a handful of these campus guides and put together a quick walkthrough on the best practices for creating these guidelines.

Remember, the objective here is to secure your institution’s attendees and faculty’s data and devices as well as your school’s networks from the harms these rogue devices can generate.

Campus Cybersecurity Guides

A good example of a comprehensive cyber security guide is the one published by the University of Northern Colorado. This online tutorial summarizes the cybersecurity basics every student should follow to make their personal computer more secure.

The UNC guide includes a cybersecurity overview, student resources and security recommendations. It advises students to keep a clean machine, protect their personal information, connect to the Internet with care and to be a good online citizen.

A similar, but more expansive approach, is taken in the Cybersecurity Tips & Best Practices Guide from the University of California at Berkeley Information Security Office. Divided into two sections – Basics for Securing Your Data and Data Responsibilities and Guidelines — the Berkeley Guide provides resources for cybersecurity awareness and best practices on a variety of topics.

The first section –Preventing Laptop Theft to Security Basics: 101 to Netiquette and Ethics– zeroes in on individual responsibilities. It encourages students and staff to physically secure laptops, register devices, install tracking software and meet minimum encryption standards for data security.

The second half of the guide delves into the Berkeley Data Responsibility and Standards Guidelines, which protect the confidentiality and integrity of Berkeley Campus Data. In identifying data security as a shared responsibility, this section also includes information on Phishing: Suspicious Phone Calls, Texts, Emails, Ransomware: Malware Attacking Computer or Mobile Devices, and Security Basics: 101.

General Student Security Guides

Unlike the University of Northern Colorado and Berkeley, which offer comprehensive cybersecurity guides, other schools elect to wrap cybersecurity into an overall student security guide that covers multiple facets of the student lifestyle.

The University of Rochester Off-Campus Guide details how students who rent housing in the local community can stay safe and become good neighbors. The guide includes everything from how to find affordable housing close to campus to transportation and rules for partying. But it also includes useful information on how to protect laptops and other electronic devices from theft and hackers.

Similarly, the Residents’ Guide published by the University of the West of England is written to provide students with useful information about living in university accommodations and covers everything from dormitories to academic facilities to waste and recycling to safety.

Key Concepts to Include in Your School’s Guide

Having seen a few different variations of cybersecurity and in-campus security guidelines from schools and universities, we can establish that there are certain concepts you cannot miss.

Start from the bottom: personal safety. Berkley’s security 101 is a great example of what core concepts both students and employees need to understand in order to establish a standard line of defense.

Without these basic security concepts, such as password hygiene, users become a direct risk that could potentially bypass any policy in place:

  • Password hygiene
  • Common phishing tactics
  • Anti-malware and other security software
  • Credential protection
  • Scam detection
  • Welcome to the campus security guide

Create proper use guidelines for staff. Faculty laptops and computers should uphold certain standards of use, too. By encouraging and limiting dangerous interactions, you can better isolate and secure the data and platforms your staff interacts with.

  • Configure automatic lock-screens.
  • Install an anti-theft / data protection tool.
  • Limit unnecessary software usage.
  • Implement zero-trust browsing policies.
  • Instruct users on data handling.

Map data interactions and create policies. The educational industry handles private information and sensible data from both parents and students. From financial details, such as loans and payment information, to personal data, such as personal records, social security numbers and performance.

This data passes the hands of teachers, administrative employees, parents and thirdparty vendors who provide software platforms to manage them. All institutions should map these data points of origin, handlers and points of transference to ensure all responsible parties are informed of their obligations to this data.

Takeaways

Maybe it is time for your school to pull together a security guide. If you do, we recommend that it addresses both personal responsibilities for educational devices and respect for the campus learning system that contains everyone’s personal data. After all, staying safe is both an individual and a school-wide effort.

This article originally appeared in the March April 2020 issue of Campus Security & Life Safety.

Digital Edition