Your school’s Internet security policy: Blueprint to protect your students, staff and network
Your school's Internet security policy is the most important component of your entire ITC infrastructure and framework. It is your appropriate use guidelines, network inventory, strategic plan, operating procedure manual and data protection specifications all rolled into one. It is not something that you can outsource. Sure, you'll need expert assistance in formalising your school's Internet security policy, but the actual rules, procedures, datasets and user roles are unique to your school, your network and your appropriate use policies. If you don't have a comprehensive blueprint with clearly defined rules, you can't build a secure network. It's as simple as that.
"You have to define the rules before you can enforce them," says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's cyber security solutions. "Creating a realistic Internet security policy is not a technical issue but a managerial and administrative imperative. You can leave the specific details of actually designing, installing and configuring your security framework to the professionals – be they in-house, a contractor or in the cloud – but you are responsible for giving them clear instructions. Anything else leads to confusion, cost over-runs, poor performance and, ultimately, gaps in your network security profile.
Start with what you have
Most schools in New Zealand already have de facto Internet security policies. "You have guidelines for appropriate use, policies on which staff can access which student records, back-up and archive procedures to protect your data in case of a disaster and other key considerations," continues Khan. "But have you specified what type of reports you need to satisfy compliance and overview requirements? Do you have a policy for locking down any personal devices that staff might be using to access your network? Do you have an emergency plan if your network is hit with malware? Or a disk failure? And do you have all of these procedures set out in one document available to key staff and a summary for students, all staff and even parents?
While there are online security policy templates for New Zealand schools, they outline general content rather than specific rules. "The best way to ensure that your security policy is up-to-speed is with a workshop and whiteboard including you, your ICT providers, key staff and any IT-savvy board members," continues Khan. "Outline what you have now, what you know, what you want, what you think the risks are and any other pertinent information. List, to your best ability, your data, applications, ITC-related business processes, infrastructure, traffic patterns and Internet usages and anything else that comes to mind. Once you have the general scope defined, you can start to drill down into specifics.
The decisions are yours alone
"Policies are top down," concludes Khan. "Management sets the tone and the ICT team provides the details. But they need your guidance. They have the skills to configure the network security infrastructure to enforce your security policy. But they need the rules spelt out. It is not their role to make decisions on who should be able to access what and when. It's your call. The Fortinet team at Ingram Micro – along with our specialist education sector Partners - have extensive experience in developing network security policies for New Zealand schools. Give us a call and we can help steer you in the right direction. Your students are our future. It's our responsibility to ensure that they stay safe online.
For further information, please contact:
Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793
David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437
Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276
Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com M: 021 241 6946