printer friendly version

Logical security

Information technology is undoubtedly playing an increasingly important role at educational facilities, and with this comes the ever-present threat of online security issues.

Security threats facing educational institutions

Security threats in the educational space are not much different than the ones faced by the modern day corporate. The blended threat aspect is as relevant to educational institutions as it is within the corporate environment.

However, as far as content and contact management is concerned, the educational institute is subject to some unique threats.

The threat in this space comes in two distinct forms: one being the contact that the student or learner can make online, the second is the content that the learner has access to online.

To some degree, both these threats are a form of a blended threat, the use of technology to perform or attempt a criminal act combined by the age-old aspect of social engineering.

Contact: online chat rooms and those within the classroom setup represent a unique threat to educational institutions. A perpetrator can quite easily disguise him- or herself as a fellow learner/friend or associate.

It is no secret that child molesters and kidnappers use these methods to solicit personal information in order to manipulate the unsuspecting learner into a relationship. This could lead to personal contact and further consequences.

Institutions are faced with the challenge not only to make the child/student aware of these threats but also to successfully teach these students to be on the look-out for these online perpetrators to successfully identify and avoid this type of contact.

An example of this type of awareness is to avoid handing out any personal information online that can lead to personal contact, including telephone numbers, addresses, sport activity schedules, home address, names, surnames, favourite places to visit, etc.

There is technology available that can manage activity online and monitor content and information in the flow of these online chats. We encourage professional assistance in implementing counter-measures with regards to these threats.

Content: a threat as relevant to the institution as it is to the corporate - with one distinct difference, of course - that of age restriction. Whether intentional or unintentional, it is quite easy for a student to get his or her hands on the wrong content. A simple search conducted online could quite easily end up providing a student with access to the wrong content.

The modern day information age fortunately provides us with ANY information with the click of a button. Students unfortunately are inquisitive and will bend the rules if they can. Again one needs to have clear rules and regulations together with the right technology to protect against this.

Again we encourage professional assistance when mitigation strategies are being put in place to protect students from this. We find that often, especially in the home environment, that students are way more capable than the parent or teacher in being able to bypass certain counter-measures.

The threats continue to evolve and change their profiles almost on a weekly basis. There is always some perpetrator who will seek an alternative method towards misconduct.

In the past we could draw a clear differentiating line between the 'what' (content, more recently known as malware) that attempts to compromise information systems and the 'who' that is trying to initiate this threat and lead to this compromise.

Nowadays, this differentiating line has disappeared completely. 80% of threats are disguised as 'legitimate' applications entering or leaving our networks, and prove to be rather difficult to detect.

Software vendors are consistently providing different mechanisms to protect against these threats. The rate of technology adoption, though, is clouded by the age-old traditional grudge purchase of ensuring protection against a possibility or likelihood of a compromise.

In our professional opinion is it not a matter of 'if' but rather 'when' this compromise will occur.

Solutions

The majority of institutions only integrate traditional logical security solutions, namely firewalls and anti-virus, with singular content management technologies in place. This defence strategy has proved ineffective in the past, as early as 9/11 - when we saw the first flavour of the so-called blended threats by names Code RED and NIMDA.

There are schools that try to take care of the IT security challenge by themselves. It is not unique, though, and it is only in the past 24 months that outsourcing security began in the corporate environment. The bottom line is that information security has become a highly specialised field and there is a limited availability of skills in the market. Staff shortage and a lack of proper knowledge in the field compounds the problem for schools/institutions and corporate.

There are software solutions available to schools that can be professionally installed to combat the potential threats to schools and pupils. We strongly recommend that institutions investigate the options and act before it is too late.

Christo van Staden is a director at Carrick Holdings.

Christo van Staden

Share this article:

Further reading: