In recent years, the changes to regulations regarding data breaches in Australia has highlighted the importance of keeping data protected. The Education industry especially has recognised this need and has moved towards the use of new Next Generation Enterprise Grade Firewalls at Schools and Colleges.
The need for this change has been accelerated since educational organisations are now considered to be in the top five sites targeted by hackers. This is because Schools and Colleges store sensitive data, including student’s medical records, parents’ and staff members’ financial and personal data. As an example, we point out the data breach that occurred in June 2019 at Nagle College in Western Australia. It’s not only external threats schools have to worry about either. As students become more tech savvy and as video explanations on how to bypass a Firewalls become more and more abundant on YouTube, schools find themselves having to deal with internal threats as well. This, combined with the fact that many schools have limited technical staff, creates a ‘breach’ recipe for disaster.
The large fines and reputational risk that schools face as a result of a data breach in Australia has led multiple schools to replace traditional, non-enterprise grade firewalls with more capable Next Generation, enterprise grade firewalls in order to meet the highest level of data protection requirements.
With so many Firewalls available on the market what should schools look for in a firewall?
- It should be a globally recognised Next Generation Enterprise Grade Firewall. This means the firewall manufacturer has a large support and development team that allows it to quickly address any issues as they arise. The manufacturer has a large and diverse range of Industries it supplies to and by doing so, it ensures it is across the latest threats.
- The Next Generation Enterprise Grade Firewall must be capable of SSL decryption, signature-based application control, user identification, web filtering and threat intelligence. Without these features, the school will have limited visibility of applications being used, will find it very difficult to assess how students are spending their time on the internet, no control over web content students can access and no ability to stop zero-day attacks.
- Schools should review reports compiled by industry analysts, such as Gartner, who constantly assess and compare firewall providers and their capabilities. Gartner, for example, are known for their “Magic Quadrant“s (Figure 1 below). For a Firewall provider’s firewall to appear on Gartner’s Magic Quadrant, their Firewall must be subjected to Gartner’s rigorous testing and assessment.
- Schools who are not sure how their current solution compares can have it reviewed by an independent provider. Good providers will perform a security assessment by placing a next generation solution alongside the current one clearly identify the weaknesses of the latter. Schools can also subject their systems to penetration testing with vendor agnostic software in order to pinpoint the weaknesses.
School ‘s duty of care to their students extends beyond their physical wellbeing and is now inclusive of their digital protection. Schools invest in good quality locks, security alarms and cameras for their physical facilities. They also need to make sure they take that one important step further and ensure they secure their staff, students and students’ parent data.
For more information do not hesitate to contact your ICT provider or Saasyan on +61 2 8001 6632 / email@example.com.
Our next blog in this series will discuss “Now you have your Next Generation Enterprise Grade Firewall, why you need to look beyond their layer 7 design to ensure the cyber-wellbeing of your students.