In recent years, the changes to regulations regarding data breaches in Australia has highlighted the importance of keeping data protected. The education industry has especially has recognised this need and has moved towards the use of new next-generation enterprise-grade firewalls at schools and colleges.
The need for this change has been accelerated since educational organisations are now considered in the top five targets by hackers. This is because schools and colleges store sensitive data, including student’s medical records, parents’ and staff members’ financial and personal data. As an example, a data breach that occurred in June 2019 at Nagle College in Western Australia. It’s not only external threats schools have to worry about either. As students become more tech-savvy and as video explanations on how to bypass a firewall become more abundant on YouTube, schools find themselves having to deal with internal threats as well. This, combined with the fact that many schools have limited technical staff, creates a ‘breach’ recipe for disaster.
The large fines and reputational risk that schools face as a result of a data breach in Australia has led multiple schools to replace traditional, non-enterprise grade firewalls with more capable next-generation, enterprise-grade firewalls in order to meet the highest level of data protection requirements. The Governance and Risk Committees of many schools are now requiring enterprise-grade firewalls in their schools.
With so many firewalls available on the market, what should schools look for in a firewall?
- Firstly, the firewall should be a globally recognised next-generation enterprise-grade firewall. This means the firewall manufacturer has a large support and development team that allows it to quickly address any issues as they arise (and before they arise). The manufacturer should supply to a large and diverse range of Industries as this ensures visibility of the latest threats.
- The next-generation enterprise-grade firewall should be feature-rich and must be capable of SSL decryption, signature-based application control, user identification, web filtering and threat intelligence. Without these features, the school will have limited visibility of applications being used, will find it very difficult to assess how students are spending their time on the internet, no control over web content students can access and no ability to stop zero-day attacks.
- Enterprise-grade firewalls are consistently scrutinised for industry best-practice. Schools should review reports compiled by industry analysts, such as Gartner, who constantly assess and compare firewall providers and their capabilities. Gartner, for example, is known for their ‘Magic Quadrant‘ (figure 1 below). For a firewall provider’s firewall to appear on Gartner’s Magic Quadrant, their firewall must be subjected to Gartner’s rigorous testing and assessment.
- Schools who are not sure how their current solution compares can have it reviewed by an independent provider or cybersecurity auditor. Good providers will perform a security assessment by placing a next-generation firewall alongside the current solution to compare the two. Penetration testing with vendor-agnostic software in order to pinpoint the weaknesses.
Schools’ duty of care to their students extends beyond their physical wellbeing to their digital protection. Schools invest in good quality locks, security alarms and cameras for their physical facilities. In a similar way, they also need to make sure they take that one important step further and ensure they secure their staff, students and students’ parent data.
Our next blog in this series will discuss “Now you have your next-generation enterprise-grade firewall, why you need to look beyond their layer 7 design to ensure the cyber wellbeing of your students.