Sometimes security breaches happen unexpectedly. University researchers from England and Sweden have devised a variant of malware that can exploit a smartphone’s microphone to steal device passwords and codes. In 2019, 60% of businesses in the US, UK, France and Germany experienced a printer-related data breach. Even low-tech fax machines have security holes that could allow a hacker to steal data through a company’s network.
These are just a few security holes, but they should be enough to keep any K-12 school network administrator from sleeping at night. Regular third-party security audits will help you sleep better. Using the following ideas to boost your security will also help:
Click on the banner below for personalized content and exclusive information when you sign up as an Insider.
Check for expired security certificates
Most organizations need SSL certificates to keep information on their websites private and prevent unauthorized access. IT typically configures these certificates the first time a website is deployed.
Unfortunately, security failures can occur when security certificates are allowed to expire. It is the responsibility of IT staff to ensure that all certificates are up to date. So be sure to add an annual certificate review in IT policies and procedures.
TO EXPLORE: Take the quiz to assess your district’s cybersecurity readiness.
Implement SSL / TLS protocols and keys
Transport layer security is a robust successor to SSL. Both security protocols encrypt data transfers between servers and devices. They also help authenticate user access.
SSL / TLS works with security certificates, but IT staff is responsible for configuring SSL / TLS public and private data access and encryption keys for each server, network resource, and user so that only certain users (each with a private access key) can access network resources (which have public keys, since several people will use them).
Avoid storing LAN Manager hashes
On Windows machines, some organizations still use Microsoft LAN Manager hashing algorithms to convert user passwords to two Data Encryption Standard keys for security purposes. These keys are then stored in Windows.
Unfortunately, LM hash protection is vulnerable to rapid brute force attacks. You can guard against this by disabling the storage of LM hashes in Windows.
MORE ABOUT EDTECH: Protect your district from credential stuffing with these password tips.
Consider using server message block signing
Man-in-middle attacks occur when a malicious actor steps into the middle of a data transfer and pretends to be a legitimate participant so that they can intercept valuable information.
If you are a Windows store, you can reduce the risk of MITM by implementing the Server Message Block protocol on Windows domain servers. SMB affects the digital signature at the packet level of communication protocols, making it more difficult for MITM attacks to break through.
Perform regular third-party security audits
Computer security audits were once a luxury. Now, they should be an essential part of the IT budget. You can never know enough about security or the next generation of risks, but security experts can help you stay informed and prepared.