Education: Don’t Fail to Layer Network Security With Geo-IP

Written by: Francesco Trama | Published on: January 11th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

What kind of organizations are among the most at risk for cyberattacks? Banks and financial institutions? Software developers and tech firms? Perhaps, but one of the biggest victims is one you might not think about: schools and educational institutions. You might not realize it, but schools are a prime target for network security breaches, and cybersecurity for education is of utmost importance. Why? Let’s take a look.

Cyber Vulnerabilities in Education

There are a number of factors that make educational institutions appealing to cyber attackers. From elementary and high schools, to trade schools, to online colleges, to brick and mortar universities, educational institutions have a cornucopia of private data. There’s financial information and personal data on students and faculty, but also health records, patient data from student health-care files, and much more.

In K-12 schools, there’s a risk of outside threats, but also of attacks by disaffected students looking to wreak havoc. As more and more of their academic careers are based in-network, including learning apps and software, grading programs, plagiarism detectors, online testing, and even full online classes, today’s students are much better versed in the cyber world of education, and have a lot more to gain from breaking into it.

In fact, over 15,000 students in a school district in Long Island had their names, student IDs, and personal financial data, posted to a public forum in 2013. The suspect? A 17 year old student who may also have gained access to social security numbers, medical histories, and more. Sometimes, the culprit could even be another school. In 2014, students in a Jersey City school district had their personal data breached by a local charter school, which used the info to mail out unsolicited registration forms.

Universities have even more to lose from a security breach. At least eight of them, including Harvard and UC Berkeley, have been victims of cyberattacks over the past two years alone. Penn State’s engineering department performed research used by the U.S. Navy, opening them up to multiple cyberattacks and threats of espionage. These attacks eventually caused them to shut that portion of their network off from the Internet entirely; and, there are myriads of other universities whose programs deal with sensitive government or corporate information on a daily basis, making them very tempting targets for a cyber attacker.

The loss of money and data from a cyber breach is a terrible blow for any educational institution. But even more damaging can be the blow to their reputation, once it becomes known that they can’t keep their students’ data safe. Research funding from the government or corporations may be pulled, students, faculty, and alumni whose data was compromised may want to sue, and enrollment by prospective students may decrease as well. Clearly, something must be done to guard against these attacks and keep private data safe in an educational environment. But what?

The Necessity for Cybersecurity in Education

The value of information isn’t the main factor that makes schools and universities a target for cyberattacks. The environment itself has a much greater impact. In this world of smartphones, tablets, and laptops, logging into the school network on your own personal device is par for the course at any college, university, or even high school. With the prevalence of file sharing, social media, and mobile apps, the spread of malware is practically a certainty.

Because of this, comprehensive cybersecurity is absolutely vital in and around any educational institution. In many instances, there are issues of government compliance in cybersecurity that a school or university must measure up to. Although, it is important to consider that mere compliance isn’t always enough to fend off attackers. Federal regulations for cybersecurity aren’t enough to keep up with the threats that schools face. In order to keep their network safe, and the private data of their students and faculty, an educational institution must take additional security measures to block attackers.

A persistent attacker with a multitude of bots at their disposal can eventually break through even a highly secure firewall; it’s important to filter out these attacks before they even reach the firewall. One of the most effective methods of blocking cyberattacks is with a Geo-IP filter. It blocks IPs by location, thus reducing the number of attacks that a firewall has to deal with. However, educational environments often cater to students from all around the world. Therefore blocking all traffic to and from another country isn’t a viable option.

Instead, the proper tool is a more granular Geo-IP filter—i.e. one that can distinguish between cyberattacks and legitimate network access requests at a much more detailed level. Geo-IP technology has progressed significantly in recent years, allowing it to distinguish more easily between legitimate and sinister traffic, even from the same country of origin. This way, thousands of cyberattacks against the network can be blocked from access, while still allowing legitimate traffic from international students to continue uninterrupted.

Whether it’s an elementary school, high school, or university, it’s important that any educational institution be able to protect the data they’ve been entrusted with, and provide a safe and secure learning environment for their students. This is why cybersecurity in education is more than just a good idea. It’s absolutely essential. How protected are your students from attempts to breach your network?