Story image

Your school’s Internet security policy: Blueprint to protect your students, staff and network

23 Aug 16

Your school’s Internet security policy is the most important component of your entire ITC infrastructure and framework. It is your appropriate use guidelines, network inventory, strategic plan, operating procedure manual and data protection specifications all rolled into one. It is not something that you can outsource. Sure, you’ll need expert assistance in formalising your school’s Internet security policy, but the actual rules, procedures, datasets and user roles are unique to your school, your network and your appropriate use policies. If you don’t have a comprehensive blueprint with clearly defined rules, you can’t build a secure network. It’s as simple as that.

“You have to define the rules before you can enforce them,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “Creating a realistic Internet security policy is not a technical issue but a managerial and administrative imperative. You can leave the specific details of actually designing, installing and configuring your security framework to the professionals – be they in-house, a contractor or in the cloud – but you are responsible for giving them clear instructions. Anything else leads to confusion, cost over-runs, poor performance and, ultimately, gaps in your network security profile.”

Start with what you have

Most schools in New Zealand already have de facto Internet security policies. “You have guidelines for appropriate use, policies on which staff can access which student records, back-up and archive procedures to protect your data in case of a disaster and other key considerations,” continues Khan. “But have you specified what type of reports you need to satisfy compliance and overview requirements? Do you have a policy for locking down any personal devices that staff might be using to access your network? Do you have an emergency plan if your network is hit with malware? Or a disk failure? And do you have all of these procedures set out in one document available to key staff and a summary for students, all staff and even parents?”

While there are online security policy templates for New Zealand schools, they outline general content rather than specific rules. “The best way to ensure that your security policy is up-to-speed is with a workshop and whiteboard including you, your ICT providers, key staff and any IT-savvy board members,” continues Khan. “Outline what you have now, what you know, what you want, what you think the risks are and any other pertinent information. List, to your best ability, your data, applications, ITC-related business processes, infrastructure, traffic patterns and Internet usages and anything else that comes to mind. Once you have the general scope defined, you can start to drill down into specifics.”

The decisions are yours alone

“Policies are top down,” concludes Khan. “Management sets the tone and the ICT team provides the details. But they need your guidance. They have the skills to configure the network security infrastructure to enforce your security policy. But they need the rules spelt out. It is not their role to make decisions on who should be able to access what and when. It’s your call. The Fortinet team at Ingram Micro – along with our specialist education sector Partners - have extensive experience in developing network security policies for New Zealand schools. Give us a call and we can help steer you in the right direction. Your students are our future. It’s our responsibility to ensure that they stay safe online.”

For further information, please contact:

Andrew Khan, Senior Business Manager
M: 021 819 793

David Hills, Solutions Architect
M: 021 245 0437

Hugo Hutchinson, Business Development Manager
P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager
M: 021 241 6946

IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.