Creating School Cyber Rules -- Campus Security Today

Creating School Cyber Rules

Campus security guides will help managers take care of their tech stack

By Nicolas Poggi
April 14, 2020

Campus IT managers are responsible for managing their school’s tech stack. Worries vary. Are all the laptops correctly setup? Is the network able to handle the load? Is the firewall activated? Unfortunately, there are a ton of security variables the IT team cannot control, but require policies and guidelines for the institution’s attendees.

You will need to consider what happens when an infected device comes into the school. How can a student’s laptop be secured when he comes back to college? How can the fallout from a security-unaware teacher be contained?

The first step towards a solution is awareness. Schools, universities and academic institutions where students and faculty can access computers and mobiles (both institutional and personal) need to share guidelines and best practices for safe IoT device usage on campus networks.

Many schools and colleges share this on their website as part of their cyber security basics or tips & best practices for cybersecurity in-campus. We took a look at a handful of these campus guides and put together a quick walkthrough on the best practices for creating these guidelines.

Remember, the objective here is to secure your institution’s attendees and faculty’s data and devices as well as your school’s networks from the harms these rogue devices can generate.

Campus Cybersecurity Guides

A good example of a comprehensive cyber security guide is the one published by the University of Northern Colorado. This online tutorial summarizes the cybersecurity basics every student should follow to make their personal computer more secure.

The UNC guide includes a cybersecurity overview, student resources and security recommendations. It advises students to keep a clean machine, protect their personal information, connect to the Internet with care and to be a good online citizen.

A similar, but more expansive approach, is taken in the Cybersecurity Tips & Best Practices Guide from the University of California at Berkeley Information Security Office. Divided into two sections – Basics for Securing Your Data and Data Responsibilities and Guidelines — the Berkeley Guide provides resources for cybersecurity awareness and best practices on a variety of topics.

The first section –Preventing Laptop Theft to Security Basics: 101 to Netiquette and Ethics– zeroes in on individual responsibilities. It encourages students and staff to physically secure laptops, register devices, install tracking software and meet minimum encryption standards for data security.

The second half of the guide delves into the Berkeley Data Responsibility and Standards Guidelines, which protect the confidentiality and integrity of Berkeley Campus Data. In identifying data security as a shared responsibility, this section also includes information on Phishing: Suspicious Phone Calls, Texts, Emails, Ransomware: Malware Attacking Computer or Mobile Devices, and Security Basics: 101.

General Student Security Guides

Unlike the University of Northern Colorado and Berkeley, which offer comprehensive cybersecurity guides, other schools elect to wrap cybersecurity into an overall student security guide that covers multiple facets of the student lifestyle.

The University of Rochester Off-Campus Guide details how students who rent housing in the local community can stay safe and become good neighbors. The guide includes everything from how to find affordable housing close to campus to transportation and rules for partying. But it also includes useful information on how to protect laptops and other electronic devices from theft and hackers.

Similarly, the Residents’ Guide published by the University of the West of England is written to provide students with useful information about living in university accommodations and covers everything from dormitories to academic facilities to waste and recycling to safety.

Key Concepts to Include in Your School’s Guide

Having seen a few different variations of cybersecurity and in-campus security guidelines from schools and universities, we can establish that there are certain concepts you cannot miss.

Start from the bottom: personal safety. Berkley’s security 101 is a great example of what core concepts both students and employees need to understand in order to establish a standard line of defense.

Without these basic security concepts, such as password hygiene, users become a direct risk that could potentially bypass any policy in place:

Password hygiene
Common phishing tactics
Anti-malware and other security software
Credential protection
Scam detection
Welcome to the campus security guide

Create proper use guidelines for staff. Faculty laptops and computers should uphold certain standards of use, too. By encouraging and limiting dangerous interactions, you can better isolate and secure the data and platforms your staff interacts with.

Configure automatic lock-screens.
Install an anti-theft / data protection tool.
Limit unnecessary software usage.
Implement zero-trust browsing policies.
Instruct users on data handling.

Map data interactions and create policies. The educational industry handles private information and sensible data from both parents and students. From financial details, such as loans and payment information, to personal data, such as personal records, social security numbers and performance.

This data passes the hands of teachers, administrative employees, parents and thirdparty vendors who provide software platforms to manage them. All institutions should map these data points of origin, handlers and points of transference to ensure all responsible parties are informed of their obligations to this data.

Takeaways

Maybe it is time for your school to pull together a security guide. If you do, we recommend that it addresses both personal responsibilities for educational devices and respect for the campus learning system that contains everyone’s personal data. After all, staying safe is both an individual and a school-wide effort.

This article originally appeared in the March April 2020 issue of Campus Security Today.

Featured

Campus Parking Problems: Modern Security Solutions

Parking: for many, it’s an everyday fact of life. Whenever we drive somewhere, we must consider parking, and often, that parking experience sets our mood and expectations for the rest of the journey. Whether a quick grocery store pickup or long-term airport parking, the parking lot is an integral part of whatever type of campus you’re visiting. This includes destinations like retail stores, your local high school, hospitals, and the park-and-ride systems present in major cities. Read Now
- Facility Security
The Critical Need for Naloxone on School Campuses

The opioid crisis is escalating across the United States, increasingly affecting all segments of the population, including students on K-12 and college campuses. As the threat from opioids, especially fentanyl, becomes more widespread, it's critical for schools to have naloxone available—an antidote for opioid overdoses. This article discusses why naloxone should be as common as Automated External Defibrillators (AEDs) in educational settings. Read Now
- Fire Life Safety
Best Practices for A Holistic Approach to Video Solutions in Campus Security

Video surveillance is one of the most common security measures implemented by educational institutions today, but installing cameras is just the beginning. Adopting a holistic, comprehensive approach to video surveillance is a more effective way to safeguard campus communities and fully realize the value of your investment in physical security systems. Read Now
- Video Surveillance
Back to School Planning is a Year-Round Commitment

With summer underway, K-12 and college students, faculty, and staff are taking a well-earned break to recharge and gear up for the fall. It’s also the season when security professionals can get in and get busy installing upgrades and retrofits before the new school year starts. It’s a brief window, but, thanks to diligent planning throughout the year, the pros are always ready to hit the ground running at the last bell of spring term to make the most out of the limited time available. Read Now
- Access Control

Webinars

Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Omnilert, Salient Systems, AtlasIED, LiveView Technologies, IPVideo Corporation, ASSA ABLOY Opening Solutions, Axis Communications, Inc., Safety Technology International Inc., IntelliSee, i-PRO Americas Inc.

Enhancing Campus Safety and Student Success: Practical Solutions for Threat Mitigation and Performance Improvement
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules, ZeroEyes, Omnilert, AtlasIED

Shooter Detection: The First Line of Defense
Hanwha Techwin, Salient Systems, Evolv Technology, Omnilert, Eagle Eye Networks Inc, Traka ASSA ABLOY, i-PRO Americas Inc., Digital Watchdog, IPVideo Corporation, ProdataKey

Exploring Multiple Facets of Campus Security Summit

Whitepapers

Axis Communications, Inc.

Virginia School Security Grants
Winsted Corporation

All-Star Lineup
Axis Communications, Inc.

Meeting Responsibilities for School Campus Staff