Draft Network Security Checklist
Many small and medium-sized school or Districts do not have adequate network security. Here's how to make sure you do. Now more than ever, you depend on your network for your most important school or District operations, such as communication, inventory, billing, sales, and trading with partners. Yet up to now, you might have held off on protecting your network, for several reasons:
General Security Planning Tips The following tips can help you develop and win support for an effective network security plan:
Network Security Checklist: Every school or District should have a written (and thoughtfully prepared) Technology Plan with a focus on network security plan in place. A thorough policy will cover topics such as:
· Acceptable use policy, to specify what types of network activities are allowed and which ones are prohibited
· E-mail and communications activities, to help minimize problems from e-mails and attachments
· Antivirus policy, to help protect the network against threats like viruses, worms, and Trojan horses
· Identity policy, to help safeguard the network from unauthorized users
· Password policy, to help employees select strong passwords and protect them
· Encryption policy, to provide guidance on using encryption technology to protect network data
· Remote access policy, to help employees safely access the network when working outside the office
Answering the following questions can help you develop your own policy:
Inventory Your Current Security Technologies Do you have any of the following?
· Firewall, to keep unauthorized users off your network
· Virtual private network (VPN), to give employees, customers, and partners secure access to your network
· Intrusion prevention, to detect and stop threats before they harm your network
· Content security, to protect your network from viruses, spam, spyware, and other attacks
· Secure wireless network, to provide safe network access to visitors and employees on the go
· Identity management, to give you control over who and what can access the network
· Compliance validation, to make sure that any device accessing the network meets your security requirements
Identify Your Most Important Digital Assets and Who Uses Them:
Exactly what are your company's digital assets (such as intellectual property and student records)?
· What are they worth?
· Where do those assets reside?
· Who has access to these assets, and why? Can all employees access the same assets?
· Do you extend access to school or District partners and customers?
· How do you control that access?
What Would a Security Breach Do to Your School or District?:
What is the potential financial impact of a network outage due to a security breach?
· Could a security breach disrupt your students or staff work?
· What would happen if your Website went down?
· Do you have e-commerce (lunches, fees, or budgets) features on your site? How long could the site be down?
· Are you insured against Internet attacks, or against the misuse of your students' data? Is this insurance adequate?
· Do you have backup and recovery capabilities to restore information if necessary after a security breach?
Consider Your Current and Future Needs:
How do you expect your school or District plan to evolve over the next few years?
· How recently have you updated your network equipment? Software? Virus definitions?
· What type of security training do you provide to your employees?
· How will growth affect your digital assets and their value to your school or District as a whole?
· In the future, are you likely to have a greater need for remote employees, student, parent, or partners to access those digital assets?
Many small and medium-sized school or Districts do not have adequate network security. Here's how to make sure you do. Now more than ever, you depend on your network for your most important school or District operations, such as communication, inventory, billing, sales, and trading with partners. Yet up to now, you might have held off on protecting your network, for several reasons:
- Network security might seem too complex, and tackling it might seem like too much work. But you can take a step-by-step approach as described in the checklist below, and then get an outside consultant to help you complete your security plan.
- You might think network security is an expense that won't help your school or District grow. Instead of thinking about network security as a technical concern, consider it a school or District continuity issue. Networks have become a basic part of doing school or District today, making security planning as important as sales and marketing.
- You may believe that smaller companies are less likely to be a target of attacks. But as large companies beef up their network security, hackers are increasingly focusing on small and medium-sized school or Districts.
General Security Planning Tips The following tips can help you develop and win support for an effective network security plan:
- Focus on return on value rather than return on investment. Consider the harm a network security breach could do to your school or District, such as lost of student information, FERPA or HIPPA issues, or lost funds.
- Never assume that network attacks will come only from outsiders. Your employees and students can create security vulnerabilities, and disgruntled or former students or staff can cause considerable damage.
- Don't be tempted to confront security concerns with a piecemeal approach rather than a single, unified strategy that protects your whole network.
- Work with others in your District to develop and roll out security strategies, focusing on technology, training, and physical site security with tools like surveillance cameras.
- Find the right balance between security and usability. The more secure your network is, the more difficult it can be to use.
Network Security Checklist: Every school or District should have a written (and thoughtfully prepared) Technology Plan with a focus on network security plan in place. A thorough policy will cover topics such as:
· Acceptable use policy, to specify what types of network activities are allowed and which ones are prohibited
· E-mail and communications activities, to help minimize problems from e-mails and attachments
· Antivirus policy, to help protect the network against threats like viruses, worms, and Trojan horses
· Identity policy, to help safeguard the network from unauthorized users
· Password policy, to help employees select strong passwords and protect them
· Encryption policy, to provide guidance on using encryption technology to protect network data
· Remote access policy, to help employees safely access the network when working outside the office
Answering the following questions can help you develop your own policy:
Inventory Your Current Security Technologies Do you have any of the following?
· Firewall, to keep unauthorized users off your network
· Virtual private network (VPN), to give employees, customers, and partners secure access to your network
· Intrusion prevention, to detect and stop threats before they harm your network
· Content security, to protect your network from viruses, spam, spyware, and other attacks
· Secure wireless network, to provide safe network access to visitors and employees on the go
· Identity management, to give you control over who and what can access the network
· Compliance validation, to make sure that any device accessing the network meets your security requirements
Identify Your Most Important Digital Assets and Who Uses Them:
Exactly what are your company's digital assets (such as intellectual property and student records)?
· What are they worth?
· Where do those assets reside?
· Who has access to these assets, and why? Can all employees access the same assets?
· Do you extend access to school or District partners and customers?
· How do you control that access?
What Would a Security Breach Do to Your School or District?:
What is the potential financial impact of a network outage due to a security breach?
· Could a security breach disrupt your students or staff work?
· What would happen if your Website went down?
· Do you have e-commerce (lunches, fees, or budgets) features on your site? How long could the site be down?
· Are you insured against Internet attacks, or against the misuse of your students' data? Is this insurance adequate?
· Do you have backup and recovery capabilities to restore information if necessary after a security breach?
Consider Your Current and Future Needs:
How do you expect your school or District plan to evolve over the next few years?
· How recently have you updated your network equipment? Software? Virus definitions?
· What type of security training do you provide to your employees?
· How will growth affect your digital assets and their value to your school or District as a whole?
· In the future, are you likely to have a greater need for remote employees, student, parent, or partners to access those digital assets?