Security policy: The first line of defence for your school’s network
Network security starts with people. Your people. Staff, teachers, administrators, visitors and anyone else who might have access to your network. To protect your network, you need to have a clear set of rules that specify exactly what each class of users is allowed to do on-line. This is known as an acceptable use policy. If users follow the rules, your network will stay much more secure.
And network security ends with people. In this case, however, it's the people who look after your network. If indeed any disruptions do occur, their actions will dictate how fast the issues are resolved. This process is also driven by policy, your network security policy.
Working hand-in-hand, these two policies are at the very foundation of prudent network management and essential for effective network security.
Policies key to network security
"Acceptable use and network security policies are the most important aspect of any ICT implementation," says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's network security solutions.
"Too many security breaches occur simply because people make mistakes on-line. Opening a dodgy email, accidentally deleting critical data, overloading the system, anything outside of normal procedures. But if people don't know the correct way to do things, they can't be blamed. So it's up to you to educate your stakeholders the difference between right and wrong.
Written acceptable use and network security policies spell out exactly what must be done to ensure maximum uptime and minimal disruption. "Almost all of your current hardware, software and applications have some sort of security functions built-in," says Khan.
"Cataloguing your ICT resources and documenting what actions they perform is the first step. Even simple things like back-up routines, access/read/write permissions for databases and applications and patch update procedures for infrastructure are essential for smooth operations and should be documented.
But having policies is just the start. "You need to ensure that everyone is aware of their on-line responsibilities," continues Khan. "What are the rules on downloading? Facebook? Web surfing? Who monitors internet traffic? Who sets the thresholds for alerts for unusual activity and what happens if those alerts are triggered? And does anyone test your uninterruptible power supply (UPS) every six months? These are all valid questions and need to be addressed.
Setting your policies
There are literally hundreds of templates for acceptable use and network security policies on-line that you can use as a model. Indeed, you already have many of your procedures and policies in place. But are they all written down in easily-accessible documents? Are they part of your human resource orientation? Are they current? And who reviews them and how often?
"Your technology partner is well-qualified to review your acceptable use and network security policies," says Khan, "as they know what's on your network. They can help with the technical side and provide the tools to enforce the policies.
"Creating and maintaining appropriate use and network security policies is an on-going process," concludes Khan. "Every time you make a change in your network, you need to update the policies to account for any additional responsibilities. But if you get the basics right and take the time to review and amend your policies on a regular basis, you'll be able to ensure a safe, secure and reliable network for students, staff and teachers."
For further information, please contact:
Hugo Hutchinson, Business Development Manager at Ingram Micro hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276