Creating School Cyber Rules
Campus security guides will help managers take care of their tech stack
- By Nicolas Poggi
- April 14, 2020
Campus IT managers are responsible
for managing their school’s tech
stack. Worries vary. Are all the laptops
correctly setup? Is the network
able to handle the load? Is the firewall
activated? Unfortunately, there are a ton
of security variables the IT team cannot control,
but require policies and guidelines for
the institution’s attendees.
You will need to consider what happens
when an infected device comes into the
school. How can a student’s laptop be secured
when he comes back to college? How can the
fallout from a security-unaware teacher be
contained?
The first step towards a solution is awareness.
Schools, universities and academic
institutions where students and faculty can
access computers and mobiles (both institutional
and personal) need to share guidelines
and best practices for safe IoT device usage
on campus networks.
Many schools and colleges share this on
their website as part of their cyber security
basics or tips & best practices for cybersecurity
in-campus. We took a look at a handful
of these campus guides and put together a
quick walkthrough on the best practices for
creating these guidelines.
Remember, the objective here is to secure
your institution’s attendees and faculty’s
data and devices as well as your school’s
networks from the harms these rogue
devices can generate.
Campus Cybersecurity Guides
A good example of a comprehensive cyber
security guide is the one published by the
University of Northern Colorado. This
online tutorial summarizes the cybersecurity
basics every student should follow to make
their personal computer more secure.
The UNC guide includes a cybersecurity
overview, student resources and security recommendations.
It advises students to keep a
clean machine, protect their personal information,
connect to the Internet with care
and to be a good online citizen.
A similar, but more expansive approach, is
taken in the Cybersecurity Tips & Best Practices
Guide from the University of California
at Berkeley Information Security Office.
Divided into two sections – Basics for Securing
Your Data and Data Responsibilities and
Guidelines — the Berkeley Guide provides
resources for cybersecurity awareness and
best practices on a variety of topics.
The first section –Preventing Laptop Theft
to Security Basics: 101 to Netiquette and Ethics– zeroes in on individual responsibilities.
It encourages students and staff to physically
secure laptops, register devices, install
tracking software and meet minimum
encryption standards for data security.
The second half of the guide delves into
the Berkeley Data Responsibility and Standards
Guidelines, which protect the confidentiality
and integrity of Berkeley Campus
Data. In identifying data security as a shared
responsibility, this section also includes
information on Phishing: Suspicious Phone
Calls, Texts, Emails, Ransomware: Malware
Attacking Computer or Mobile Devices, and
Security Basics: 101.
General Student Security Guides
Unlike the University of Northern Colorado
and Berkeley, which offer comprehensive
cybersecurity guides, other schools elect to
wrap cybersecurity into an overall student
security guide that covers multiple facets of
the student lifestyle.
The University of Rochester Off-Campus
Guide details how students who rent housing
in the local community can stay safe and
become good neighbors. The guide includes
everything from how to find affordable
housing close to campus to transportation
and rules for partying. But it also includes
useful information on how to protect laptops
and other electronic devices from theft
and hackers.
Similarly, the Residents’ Guide published
by the University of the West of England is
written to provide students with useful information
about living in university accommodations
and covers everything from dormitories
to academic facilities to waste and
recycling to safety.
Key Concepts to Include in
Your School’s Guide
Having seen a few different variations of
cybersecurity and in-campus security guidelines
from schools and universities, we can
establish that there are certain concepts you
cannot miss.
Start from the bottom: personal safety.
Berkley’s security 101 is a great example of
what core concepts both students and
employees need to understand in order to
establish a standard line of defense.
Without these basic security concepts,
such as password hygiene, users become a
direct risk that could potentially bypass any
policy in place:
- Password hygiene
- Common phishing tactics
- Anti-malware and other
security software
- Credential protection
- Scam detection
- Welcome to the campus security guide
Create proper use guidelines for staff.
Faculty laptops and computers should
uphold certain standards of use, too. By
encouraging and limiting dangerous interactions,
you can better isolate and secure the
data and platforms your staff interacts with.
- Configure automatic lock-screens.
- Install an anti-theft / data protection tool.
- Limit unnecessary software usage.
- Implement zero-trust browsing policies.
- Instruct users on data handling.
Map data interactions and create policies.
The educational industry handles private
information and sensible data from both
parents and students. From financial details,
such as loans and payment information, to
personal data, such as personal records,
social security numbers and performance.
This data passes the hands of teachers,
administrative employees, parents and thirdparty
vendors who provide software platforms
to manage them. All institutions
should map these data points of origin, handlers
and points of transference to ensure all
responsible parties are informed of their
obligations to this data.
Takeaways
Maybe it is time for your school to pull
together a security guide. If you do, we recommend
that it addresses both personal
responsibilities for educational devices and
respect for the campus learning system that
contains everyone’s personal data. After all,
staying safe is both an individual and a
school-wide effort.
This article originally appeared in the March April 2020 issue of Campus Security Today.