Creating School Cyber Rules -- Campus Security Today

Creating School Cyber Rules

Campus security guides will help managers take care of their tech stack

By Nicolas Poggi
April 14, 2020

Campus IT managers are responsible for managing their school’s tech stack. Worries vary. Are all the laptops correctly setup? Is the network able to handle the load? Is the firewall activated? Unfortunately, there are a ton of security variables the IT team cannot control, but require policies and guidelines for the institution’s attendees.

You will need to consider what happens when an infected device comes into the school. How can a student’s laptop be secured when he comes back to college? How can the fallout from a security-unaware teacher be contained?

The first step towards a solution is awareness. Schools, universities and academic institutions where students and faculty can access computers and mobiles (both institutional and personal) need to share guidelines and best practices for safe IoT device usage on campus networks.

Many schools and colleges share this on their website as part of their cyber security basics or tips & best practices for cybersecurity in-campus. We took a look at a handful of these campus guides and put together a quick walkthrough on the best practices for creating these guidelines.

Remember, the objective here is to secure your institution’s attendees and faculty’s data and devices as well as your school’s networks from the harms these rogue devices can generate.

Campus Cybersecurity Guides

A good example of a comprehensive cyber security guide is the one published by the University of Northern Colorado. This online tutorial summarizes the cybersecurity basics every student should follow to make their personal computer more secure.

The UNC guide includes a cybersecurity overview, student resources and security recommendations. It advises students to keep a clean machine, protect their personal information, connect to the Internet with care and to be a good online citizen.

A similar, but more expansive approach, is taken in the Cybersecurity Tips & Best Practices Guide from the University of California at Berkeley Information Security Office. Divided into two sections – Basics for Securing Your Data and Data Responsibilities and Guidelines — the Berkeley Guide provides resources for cybersecurity awareness and best practices on a variety of topics.

The first section –Preventing Laptop Theft to Security Basics: 101 to Netiquette and Ethics– zeroes in on individual responsibilities. It encourages students and staff to physically secure laptops, register devices, install tracking software and meet minimum encryption standards for data security.

The second half of the guide delves into the Berkeley Data Responsibility and Standards Guidelines, which protect the confidentiality and integrity of Berkeley Campus Data. In identifying data security as a shared responsibility, this section also includes information on Phishing: Suspicious Phone Calls, Texts, Emails, Ransomware: Malware Attacking Computer or Mobile Devices, and Security Basics: 101.

General Student Security Guides

Unlike the University of Northern Colorado and Berkeley, which offer comprehensive cybersecurity guides, other schools elect to wrap cybersecurity into an overall student security guide that covers multiple facets of the student lifestyle.

The University of Rochester Off-Campus Guide details how students who rent housing in the local community can stay safe and become good neighbors. The guide includes everything from how to find affordable housing close to campus to transportation and rules for partying. But it also includes useful information on how to protect laptops and other electronic devices from theft and hackers.

Similarly, the Residents’ Guide published by the University of the West of England is written to provide students with useful information about living in university accommodations and covers everything from dormitories to academic facilities to waste and recycling to safety.

Key Concepts to Include in Your School’s Guide

Having seen a few different variations of cybersecurity and in-campus security guidelines from schools and universities, we can establish that there are certain concepts you cannot miss.

Start from the bottom: personal safety. Berkley’s security 101 is a great example of what core concepts both students and employees need to understand in order to establish a standard line of defense.

Without these basic security concepts, such as password hygiene, users become a direct risk that could potentially bypass any policy in place:

Password hygiene
Common phishing tactics
Anti-malware and other security software
Credential protection
Scam detection
Welcome to the campus security guide

Create proper use guidelines for staff. Faculty laptops and computers should uphold certain standards of use, too. By encouraging and limiting dangerous interactions, you can better isolate and secure the data and platforms your staff interacts with.

Configure automatic lock-screens.
Install an anti-theft / data protection tool.
Limit unnecessary software usage.
Implement zero-trust browsing policies.
Instruct users on data handling.

Map data interactions and create policies. The educational industry handles private information and sensible data from both parents and students. From financial details, such as loans and payment information, to personal data, such as personal records, social security numbers and performance.

This data passes the hands of teachers, administrative employees, parents and thirdparty vendors who provide software platforms to manage them. All institutions should map these data points of origin, handlers and points of transference to ensure all responsible parties are informed of their obligations to this data.

Takeaways

Maybe it is time for your school to pull together a security guide. If you do, we recommend that it addresses both personal responsibilities for educational devices and respect for the campus learning system that contains everyone’s personal data. After all, staying safe is both an individual and a school-wide effort.

This article originally appeared in the March April 2020 issue of Campus Security Today.

How Micro-Segmentation Helps Secure Digital Threats Facing Educational Sector
11/13/2024
Building a SOC to Enhance Campus Security Operations
11/07/2024
ASIS K-12 School Security Standard Should Arrive in 2025
11/06/2024
University of New Haven Deploys ZeroEyes’ Proactive Security Technology
10/30/2024

Featured

Black Hills State University Takes an Open, Scalable Approach to Video Security

Black Hills State University recognized the need for a centralized video system to improve campus security and streamline operations. The university sought a solution that could unify its main campus with a satellite location, enable cross-department access, and scale with future growth. By implementing open platform video technology, BHSU laid the foundation for a comprehensive, flexible, and scalable security infrastructure. Read Now
- Video Surveillance
Pennsylvania School Uses Locked, Rolling Security Grille to Control Spectators, Secure Building

St. Jude School in Mountain Top, Pennsylvania, is a private Catholic elementary school that serves students from Pre-K through grade 8. Recognized as a Blue Ribbon School by the U.S. Department of Education, St. Jude offers diverse educational programs designed to foster a nurturing and challenging learning environment, and extracurricular activities like sports are an integral part of promoting teamwork, discipline, and physical fitness. Read Now
- Facility Security
Fire-Rated Glazing Assemblies Modernize Academic and Social Hub

In spring 2023, the University of Pittsburgh opened the doors to a seven-story west wing addition to Alan Magee Scaife Hall. The medical school building features several updated lecture halls, labs and classrooms. It also includes team-based learning and small group rooms as well as an entire floor dedicated to medical students. This floor is meant for students to congregate, study and build community. Read Now
- Fire Life Safety
Access Control Trends Continue to Strengthen School Safety Security

Class period bells have been ringing across campuses for a few months now, but that doesn’t mean the subject of safety was fully settled before the start of the new school year. As one wise person once said, “It’s a journey, not a destination”. That’s why it remains a leading issue among administrators, faculty, students, and communities. Schools are striving to be at the top of their class when it comes to the ability to control access instantly and securely, monitor suspicious behavior accurately and consistently, and respond to threats immediately and effectively. Ultimately, they aim to provide a reassuring, comfortable, and conducive environment for a rich learning experience. These goals apply whether at a community college in Southern California, a major university in Pennsylvania, or a rural K-12 district in Michigan. Read Now
- Access Control

Webinars

BriefCam

Maximizing Your Investment: The ROI of Video Analytics
Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems, Safety Technology International Inc., AtlasIED, Omnilert, Paxton Access Inc., Napco Access Pro, Hirsch, CENTEGIX

Lessons Learned from an Active Shooter Crisis
Push-to-Talk over Cellular – The NEXT Revolution

Whitepapers

HID Global

Securing K-12 Schools From the Inside Out
HID Global

The Truth Behind 9 Mobile Access Myths
NaloxKit

The Critical Need for Naloxone on School Campuses