How to Secure Your School from Physical and Cyber Attacks

Stephanie Keer, National Practice Manager – Government/Education
Jon Clemons, National Practice Manager – Education IT Services

The unfortunate reality for schools today is the pervasiveness of physical and cybersecurity threats, including active shooter situations, family abductions, problematic teacher/student relations and vandalism, plus cybersecurity phishing and malware attacks. While such scenarios were almost unthinkable a generation ago, schools now find themselves regularly practicing ‘active shooter’ drills complete with classroom lockdowns and door barricades.

Physical Security

Given the rise in school shootings over the last several years, the challenge of effectively protecting students and faculty becomes even more complex. The TSA is on the forefront of layered security in airports, and their strategies can be used to make schools safer.

From a technology and procedural standpoint, a school district should examine the following six basic building blocks of security.

1. Access Control – A recent U.S. Study showed the majority of schools do not have the physical means to perform a full-blown lockdown in the event of an emergency. The ability to adequately control doorways to a school must be the first step in a security plan. The policy is simple – no one in and no one out (except security personnel). A sealed building makes situational control easier. Education of all staff and students is critical – do not open a door for anyone!
2. School Visitor Management Software – Businesses have been using this type of security software for a long time, albeit more for protection of assets. But this technology is quickly emerging as a staple in the school security market to protect their most valuable asset: students. Konica Minolta’s solution also instantly compares the identity of each visitor with a national database of over 704,000 registered sex offenders. It queries state sex offender databases on a nightly basis so it is the most up-to-date database available, with detailed information to help prevent the chance of a false positive.
3. Intelligent Video Surveillance Technology – A 24/7 record of what goes on within school buildings is a must-have layer of security being used successfully in any number of other industries and in the general public to solve crimes. It can help with bullying, student/teacher relations and vandalism.
4. Emergency Response Plan – Having a plan in place for threats from unwanted visitors as well as how to immediately assess the threat of a visitor, information about the visitor and course of action on what to do in case of an emergency is an important part of using the implemented technology in the first place.
5. Mass Notification System – If something happens, you need to be able to notify everyone instantly, including students. These alerts should be in the form of instant, segmented text messages or html e-mails sent to warn police or key district personnel of an impending situation or unwanted visitor.
6. Door Barricade System – Standard protocol for most schools in our country is based on the ALICE (Alert, Lock Down, Inform, Counter, Evacuate) Training Institute’s methodology for the two types of active shooter scenarios.

Unfortunately, in any one of these scenarios there will be what is called soft targets. Think front office personnel, kids moving between classes and kids on a playground. The ABSOLUTE best way to protect as many kids as possible is to temporarily barricade the classroom door. A mass shooter will quickly move on to soft targets once he realizes the classroom can’t be breached.

Konica Minolta has a comprehensive portfolio of solutions to help meet these special school security needs, including video surveillance systems, SchoolGate Guardian School Visitor Management system and Classroom Guardian door barriers.

Cybersecurity

Most schools have adopted cybersecurity technology solutions to deal with cyber bullies, but what happens when the actual school IT infrastructure is the one under attack? School districts spend years and billions of dollars outfitting their campuses with the best cameras, access controls and other physical security measures they could afford – all while mostly neglecting the security of the network from both the outside and inside.  Many schools do not consider themselves targets, thinking “What do I have to steal? We just teach kids.” That is the reason schools are such a great target for hackers. Schools have unbelievably valuable data to steal. Personal Identifiable Information (PII) includes data like Social Security numbers, birthdates, as well as other biographical information about students, staff and potentially parents. This information is invaluable to hackers for the purposes of identity theft. As identity monitoring has become much more popular in recent years, child identity monitoring has not.

Attacks can happen in a multitude of ways and most of the time it is extremely hard to detect unless you have the tools and resources to monitor 24/7. Every major data breach has one thing in common – the breach was not detected as it happened. Sometimes it was weeks, months, or even years after the data was exposed. Schools are not in the business of IT security; they are in the business of teaching kids. School IT departments should be focused on the learning aspects of technology, not IT Security.

Why the recent increase in security breaches?

The introduction of hybrid and remote learning increased the usage of student and faculty home networks, which are not as secure as and less frequently maintained than school networks – leaving more areas of vulnerability. Online learning also meant a proliferation of devices on school networks. These devices are incredibly complex to manage and control.  Given the less than optimal amount of time before students were sent home for months, IT could only do so much before students left and while they were at home.

Some schools initiated a 1:1 policy well before the pandemic, but these programs, including IT security and device control, did not extend the bounds of the school building. This poses an inside attack risk as students will eventually bring these devices back on campus and reconnect to the network. Lastly, hackers are praying on frustrated teachers and administrators who may be susceptible to free offers as they try to navigate hybrid learning. The offers of free software that will revolutionize your digital classroom are not what they promise – if fact, they are downright dangerous. If you are not paying for it, you are not the customer; you are the product being sold.

All these factors playing into a school’s cyber hygiene make them even more attractive to hackers and ultimately susceptible to an attack. Interfering with school technology interrupts learning, frustrates teachers and makes it nearly impossible for administration to continue their work. Not to mention, if all the school technology is corrupt, it leaves every device and piece of data in that school vulnerable. Hackers can use information gleaned from school data to execute a phishing campaign or take advantage of a pool of social security numbers. Once student or faculty data is obtained, it can be used to hold that individual for ransom. This means the hacker will give up the information in return for payment. It is a terrifyingly real scenario that happens everywhere, and school data can be the target.

To counteract this, schools need a strong security plan that includes the following tactics.

1. Stop email and server attacks while concealing critical messaging gateways and email servers. Our secure email solutions work in the cloud to block over 99% of spam, malware, viruses, worms, phishing scams, spyware, ransomware and fraudulent emails outside your network. Securing emails means better overall cybersecurity for your business.
2. Keep your systems current and running smoothly with patching IT security services provided by Konica Minolta’s IT Services Division. We fix IT security vulnerabilities and other bugs affecting your programs. Our endpoint protection services secure servers and workstations from external risks, improving IT security posture and user productivity.
3. Virus protection, antivirus solutions and cybersecurity services. Our vulnerability management services constantly monitor your IT system’s computer and network security for potential gaps and vulnerabilities.
4. Assessing your business’s security with strategic penetration testing is necessary to identify shortfalls, liabilities and other areas for improvement.
5. Advanced security services go one step further in protecting your company from security threats. A dedicated team of engineers is important for 24x7x365 support to assure you are at the forefront of security protection.

Learn more about our security strategy for your school or district online.