Your school's endpoint security: Solving the BYOD conundrum
Everyone uses a smartphone. It's a BYOD (bring your own device) world. Your students, their parents, your teachers, your staff and guests. Most of them simply text, surf the internet or take pictures. But increasingly, as your school provides more on-line educational services, these people can access data and applications hosted your school's internal network.
Indeed, this is to be encouraged. But at the same time, all of this network access can increase the risk that someone, somehow has inadvertently infected their smartphone with some malware that can sneak into your network and cause irreparable damage.
The recent hack of dozens of schools in New Zealand only reinforces the scope of potential risks that school networks face. While this particular incident hasn't been attributed to mobile phone-based malware, the very fact that cyber criminals could target and breach the defences of so many schools means that schools are not immune from intrusions, data loss and network downtime.
"There are two general types of cyber-attacks," says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of cyber security solutions. "The first is targeted, such as a distributed denial of service (DDoS) attack, in which the perpetrator sends millions of messages to a specific network to overwhelm the server's capacity and disrupt services. This is what happened in Australia with the census fiasco. While targeted attacks can be painful, there isn't much financial incentive for the offender from a typical school so they are fairly rare in an educational setting.
"The other type, the so-called 'drive-by web attack', is more of a threat," continues Khan. "These attacks are caused by malware that has infected a mobile device because the user has visited an infected web site, opened a dodgy email or downloaded a malware-riddled app. Ransomware is a classic example of a drive-by web attack. When the user accesses a private network – your school's for instance – the malware probes your defences using an 'exploit' that identifies gaps and then sneaks in. It then propagates itself on your network and can cause all sorts of havoc.
Protection by partition
Keeping your security solutions updated and patched is critical. "Updates reduce the number of exploits that put your network at risk," notes Khan, "and can significantly improve your network security. The other strategy you can adopt is to mandate that users who want to access your school's network from their personal devices employ a recognised end point security solution. End point security solutions, such as FortiClient, deliver simple and secure protection including malware/virus detection, rootkit removal, parental web control and support for virtual private networks (VPN) which allows quick and easy secure remote access to your school's LAN (local area network) via IPSec or SSL protocols.
"This is a key feature," he says. "In effect, FortiClient creates partitions in mobile devices that separates the professional space - access to your school's restricted applications - from the personal / public space, ie everything else. So if a user does inadvertently download drive-by malware the damage will be limited to the device itself and cannot pass into your school's network. Another benefit is that these solutions can be centrally managed for increased visibility into network access and application utilisation.
Productivity without compromise
"There are any number of end point security solutions on the market," concludes Khan. "For instance VMWare's AirWatch mobile device management solution provides a flexible model for asset management, policy enforcement and distributing profiles, apps and content based on device ownership type or user profile. But regardless whether you opt for a low-footprint solution such as FortiClient or a comprehensive approach like AirWatch, adding client-side security will provide a very real extra level of protection that allows your school to take full advantage of the BYOD revolution without compromising integrity, privacy or robustness.
For further information, please contact:Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793
David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437
Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276
Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com M: 021 241 6946