What’s the difference between vulnerability testing and penetration testing?

vulnerability testingAll networks, regardless of their size, are at risk from many cyber security threats.

To successfully protect your organization from these threats, you can’t rely on a single line of defense. For example, your cybercrime protection strategy should include both vulnerability testing and penetration testing. These terms are often confused with each other, but they are quite different. As Tripwire recently reports, “It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network.”

Vulnerability Testing, Explained

Vulnerability testing is the act of identifying known vulnerabilities in your network devices including firewalls, routers, switches, servers and applications. It’s usually performed by specific software, often set to run automatically and continually (antivirus software is a form of vulnerability testing). Because the scanners rely on published and regularly updated lists of known cyberthreats, vulnerability testing will only red flag vulnerabilities that are known, and that can be fixed. As you might imagine, there are many cyberthreats that aren’t known, or have no known fix. The latter is called a “zero-day vulnerability”—a vulnerability that is discovered but does not yet have a patch (It’s called “zero day” because developers have “zero days” to fix the problem since it could immediately be exploited by hackers). Google is just one of many companies who have recently reported a “zero day” issue (they reported a vulnerability in their Chrome web browser).

Due to the scope of organizational networks, vulnerability testing may require many different automated tools to manage a company’s assets, and many of those tests will need to be product-specific. For this reason, these tests are usually installed and managed by administrators or the IT team.

Penetration Testing, Explained

While vulnerability testing looks for known network vulnerabilities, penetration testing goes beyond that, examining sloppy business processes, lax security settings, or other weaknesses that a hacker could exploit. Issues that might be found include the transmission of unencrypted passwords, password reuse and forgotten databases storing valid user credentials.

Often, these tests take the form of authorized attacks, simulated on a computer system. The tests can determine if and how effectively an attack can be stopped. They can involve a script and exploit technology and people (including phishing strategies to trick employees). While they don’t need to be conducted as often as vulnerability testing, they should be done at least once a year.

While a vulnerability scan can be automated, a penetration test requires active participation. This usually means using a third-party vendor who can mimic the actions of an external hacker. While vulnerability testing can be done relatively quickly, penetration testing can take days or even weeks. Due to their more hands-on and involved nature, penetration testing costs can be much higher than that of vulnerability testing.

Security Testing Reports

Both vulnerability testing and penetration testing will produce reports detailing the problems found. Vulnerability testing reports are long but straightforward, listing the source of the problem, a description of the problem, and remedial action, which is usually to install a patch.

The report from a penetration test, on the other hand, will list fewer items and won’t be as straightforward. The report will describe what and how the attack was performed, but exact details may be vague. A remedy will be suggested, and while that fix could be simple, such as limiting team access to certain applications, it also may require a lot of time and effort, including staff training. A strong report will provide detailed recommendations.

A Third Party Vendor You Can Trust

When choosing a third party source for penetration testing, or to set up your vulnerability testing, you will want a team with significant breadth and depth of experience, especially in your organization’s area of business. At Single Path, we work with many organizations in such a capacity, with a particular expertise in small-to-medium sized businesses and schools and school districts. Our security solutions also include security risk assessment, data loss prevention solutions and more. We can help protect your organization in many ways.

Contact us for more information!

The Google Calendar Phishing Scam, and How to Avoid It.

While there are millions of phishing scams, every now and then a particular threat emerges that does more damage (and gets more publicity) than most. The recent Google Calendar phishing scam, which first gained attention last May, is the latest to gather national attention, and hurt more people and organizations than the average cyber threat.

What is the Google Calendar Phishing Scam?

A few months ago, cybersecurity firm Kaspersky Labs revealed how scammers were weaponizing the Google Calendar and other Google services. As Wired explained in a recent article: “Phishers have realized that they can take advantage of seemingly innocuous calendar settings to plant their own events laced with phishing links on victims’ schedules.”

In the Google Calendar phishing scam, scammers send a wave of calendar event invites to Google Calendar users, where they are automatically loaded onto each calendar. That’s why so many of us use a Google Calendar: it’s easy for anyone to invite you to a meeting, from an office mate to a friend (or a scammer). Once the invite is sent, you get an automatic calendar notification which further legitimizes the phony calendar event. Spammers use the location and topic fields of those invites for enticing text, such as informing you of an award or cash payment, with a phishing link. If you click on the link you are taken to a form asking for your banking or credit card information, often to “verify your identity” before you can claim your fake reward. These same notifications may pop up on your device repeatedly, until they are clicked or deleted.

As Maria Vergelis, a security researcher at Kaspersky explains, “The ‘calendar scam’ is a very effective scheme, as currently people have more or less gotten used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.”

Phishers can use the same calendar strategy to invite you to a fake meeting and send you a link “to RSVP.” As TechRadar warns, “These fake invitations could include a malicious link that could not only be used to steal login credentials (like a standard phishing attack), but also to provide other sensitive information, such as how to gain access to a building where the ‘meeting’ is due to take place.”

Google is aware of this problem and is “working diligently to resolve this issue” according its online help forum. At the moment, however, there’s no estimated timeline for when people can expect a fix. 

How to Protect Yourself from the Google Calendar Phishing Scam

Google Calendar users can protect themselves against unwanted invites that are part of the Google Calendar phishing scam through the Google Calendar app itself.

  1. In Google Calendar, click the “gear” icon on the top right and select Settings.
  2. Scroll down to Event Settings and select the option “No, only show invitations to which I’ve responded.”
  3. Also, under View Options, make sure that “Show declined events” is unchecked, so those events don’t continue to show up even after you’ve rejected them.

Unfortunately, these precautions aren’t perfect, because they limit some Google Calendar functionality, but it’s better to be safe than sorry.

What Comes Around

In 2016, Apple Calendars were affected by a ploy that was a harbinger of the Google Calendar phishing scam. During the holiday season some Apple Calendar users received a flood of spam invites to holiday sale events for major brands including Ray-Ban®. There were warnings at that time that cybercriminals could use similar methods to send phony invites with links to viruses, and for identity theft. It took a few years, but it seems those predictions were right, but with spammers using Google Calendars.

Protect Yourself with Single Path

Being smart about technology is the first step toward protecting yourself and your organization from schemes such as the Google Calendar phishing scam. For example, our earlier article Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked can help you detect if your computer has been hacked. Also, if you know how to perform a routine cyber security risk assessment, you can figure out your technology vulnerabilities, and take proactive action now. At Single Path, that’s what we do every day: give training to staff, offer numerous security solutions to stay out of cyber-trouble, and provide consulting services on how to recover when cyberattacks happen. Let us help you and your organization stay safe, and scam-free.

Ask us how to get started.

The Why and How Behind Protecting Student Data and Teacher Data

In May of 2017, The Economist declared that data has replaced oil as the most valuable resource in the world. This means organizations that keep a lot of data, such as schools, are at significant risk from those trying to steal it. Districts and individuals who follow best practices for protecting student data and teacher data, however, can help stave off many threats.

The Numbers Behind the Why

In 2018 alone, K-12 schools reported 122 cyber attacks, resulting in “the theft of millions of taxpayer dollars, stolen identifies, tax fraud and altered school records,” per an article in Campus Safety magazine. Just one of those attacks affected 500,000 students and staff in the San Diego Unified School District, where names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices were stolen.

Those 122 cyber attacks were just the successful ones. In May 2018, the K-12 Chief Information Officer at the Kentucky Office of Education Technology testified to Congress that four billion attempted attacks had been launched against Kentucky’s education data infrastructure over the last academic year. It was also reported that phishing attacks had increased 85 percent from the previous year (see our previous blog posts on phishing techniques, Part 1 and Part 2). 

Why Teachers are at Risk

Teachers are targets because of the vast amount of demographic and administrative data that the school or district collects including teachers’ names, addresses, dates of birth, photos, Social Security numbers, banking information, performance data, health conditions, education credit information, and work records. Stealing this information can lead to identity theft and financial fraud. For example, recently hackers infiltrated the Cleveland school district’s payroll system, and were able to steal a large number of employee paychecks. Hackers did the same to teachers in the Atlanta Public School district.

Why Students are at Risk

Like teacher data, student data is also vulnerable as schools collect an ever-growing amount of information to meet state and federal requirements. Protecting student data is important as it can be particularly attractive to hackers due to clean credit histories and the availability of hard-to-collect information such as students’ mothers’ maiden names. How profitable can hacking be? According to a report from the Parent Coalition for Student Privacy, a child’s Social Security number can be sold for $25 to $35 on the dark web. Multiply this by hundreds or even thousands of students, and one school’s data base can be worth six figures.

How To Start Protecting Student Data, and Teacher Data

Protecting student data, and teacher data, is an ongoing job that involves a lot of time and resources. At the very least, you should incorporate the following seven best practices for protecting student data, and teacher data, as soon as you can.

1.    Secure Devices

While network protection may seem like your first priority, protecting your physical assets is just as important. A stolen computer can include a goldmine of data. As we wrote in a previous blog post, “The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school.” Keep unused computers locked safely, and track all the hardware you have. You can’t protect what you don’t know you have.

2.    Encrypt Everything

Encryption scrambles text to make it unreadable by anyone other than those with the keys to decode it. By keeping back-up files as well as emails and shared files encrypted, hackers will be unable to read them, should they gain access to them.

3.    Make Strong Passwords

As we’ve reported previously, 60% of people use the same passwords for everything and 81% of data breaches are due to weak, default or stolen passwords. Too many people repeat the same password over and over, so if one password is stolen, many sites are compromised. Other users choose passwords that are easy to remember, but also easy to guess. A password manager can be a critical tool in creating impossible-to-replicate passwords.

4.    Back-Up Data

The easiest way to thwart a ransomware scheme is to have a back-up of your data. Back-ups also protect you from any sort of disaster, whether natural or hacker-originated. Cloud computing can make backing up data, and restoring it later, much easier. Complete cloud migration now can eliminate a lot of headaches later.

5.    Educate Staff

Most data breaches stem from human error. For example, the 2017 Equifax data breach, one of the biggest in recent memory, was blamed on a single employee failing to follow security warnings. Even the most senior IT professional can make a mistake, but the more someone knows about threats, the less of a chance they will fall victim to one. That’s why training your staff on best practices, such as how to spot a phishing email, or what not to divulge on social media, can make a big difference.

6.    Educate Students

Not all students may fully understand the criminality of cybercrime, whether they are attempting to hack a school’s network or conducting a DDoS attack as a prank (which is exactly what happened to the school district in St. Charles, Illinois). Per an article on educational tech news provider EdSurge, “Students could potentially piggyback onto unsecured WiFi networks without ever leaving school property, making them susceptible to cybercrime. Providing lessons in ‘digital citizenship’… can go a long way to help protect school assets and the student’s identity.”

7.    Call Single Path

Most districts have limited expertise or resources to plan, implement and share the processes needed to protect their teachers and students. Often, a third-party provider will best be able to monitor, manage and protect the school or district. At Single Path, that’s exactly what we have done for many school districts, such as Great Lakes Academy in Chicago. Our comprehensive suite of services, including managed cloud services and security offerings are designed for businesses and schools to assess, prepare and protect against risk. Let us help you start protecting student data and more.

Ask us how to get started! 

SharePoint vs. OneDrive for Business: Which is Right for You?

Nearly all North American organizations (97 percent) use the cloud, whether for back up protection or big data analytics. Cloud file storage in particular is popular due to its easy storage and retrieval of files, 24/7, from anywhere and on any connected device. Companies have many platform options for cloud storage, but two of the most popular are SharePoint and OneDrive, both from Microsoft. There is a lot of confusion over the differences between SharePoint vs. OneDrive for Business. Let’s evaluate the five key components of these two document management systems to help you make an informed decision on which is best for your organization.

But First, What is SharePoint vs. OneDrive for Business?

Launched in 2001, SharePoint provides storage and lots more, letting users collaborate on files, documents and projects. It comes with a large range of document libraries, task lists, calendars, workflows, wikis and other features, all from a shared company web portal. 

OneDrive for Business is, in essence, a simplified version of SharePoint. (There are differences between the personal and business versions of OneDrive, but we’ll focus on the business version here.) With OneDrive, files that would usually be saved to a folder on a user’s work desktop or laptop can now be stored on the cloud, without a lot of extra bells and whistles.

  1. Collaboration and Document Management
    SharePoint was designed specifically as team collaboration software for businesses that need multiple individuals and teams to work on documents and products at the same time. Features like a mailbox, custom lists and web pages are all part of the platform. Users access SharePoint via a branded company page that can include news, calendars, tasks and more. SharePoint provides countless options for integration and customization. 

    OneDrive is typically used by individuals and business teams who need a central location to store and access files, and not much else. As a user, you are assigned a personal account in which to keep your individual documents. When you want to share a document, you email links to your team members.

  1. Web Publishing
    Many companies use SharePoint’s engine to build and maintain their company website, internal documentation and even web apps. By publishing documents directly to the organization’s branded website, you can make them available for access and download by customers or employees. There are also internal analytics tools to build help documentation, FAQ pages, add customizable features and more 

    With OneDrive, while you can email links to documents, you cannot publish those documents directly to a web page from the OneDrive platform. You’ll need Office 365 or another CMS/website platform to publish your work publicly.

  1. Security
    SharePoint provides much greater control of user access. You can specify various access privileges to restrict which team members are allowed to view certain files or information. This is a great option for sharing information within teams or divisions, and restricting what information can be shared outside these groups. 

    With OneDrive, any user with the right link can access your files without logging in. This increases the chances of confidential data loss or theft.

  1. Setup and Training
    With SharePoint, you need the right expertise to set it up correctly. This means you may need to consult IT specialists who are more familiar with the software. SharePoint also requires training to fully understand it, and use it. 

    OneDrive is intuitive; most users with web or file sharing experience can get started immediately.

  1. Pricing
    SharePoint has high monthly costs, and the initial cost of infrastructure, license and customization can also be substantial. 

    You get what you pay for! While both OneDrive and SharePoint have subscription models, OneDrive fees are significantly less expensive.

SharePoint vs. OneDrive for Business–Which Should You Choose?

If you’re looking for collaborative document management system for your business, SharePoint may be the ideal solution. But if you’re looking for individual back up protection and storage only, OneDrive should do the job. If you’re still unsure when deciding between SharePoint vs. OneDrive for Business, it might be better to consult an expert. At Single Path, we regularly meet with small-to-medium size businesses, schools and other organizations to determine the optimal solutions for their unique needs, from managed cloud services to security solutions. We’ll find the best service providers, reduce costs, improve accessibility and back it all with attentive, personalized support. We help you make a smart choice when looking at SharePoint vs. OneDrive for Business, and more.

Ask us how to get started.

On-Premise vs. Cloud Storage: Which is Best for You?

On-premise storage means that you use your own server hardware and software, likely stored in your building, to house your data. Cloud storage, on the other hand, resides in remote servers across town or across the country. Which option is best for your organization? Let’s look at the advantages and disadvantages of on-premise vs. cloud storage.

Initial Costs

On-premise data storage necessitates high startup costs. Each server will cost thousands of dollars, and you may need to hire a professional IT company to set it all up. Evaluating, purchasing and installing the equipment may also be time consuming: it may take months to fully integrate a new server.

The cloud, however, demands far less of an initial financial investment, and can typically be launched immediately.

The On-Premise vs. Cloud Initial Costs Winner? Cloud storage. Easy.

Extra Costs

On-premise costs are unpredictable, such as repair costs, which can be excessive. Systems also must be upgraded regularly and require regular maintenance. Some companies delay or avoid that regular maintenance which can eventually lead to operational downtime and loss of data.

On-premise storage costs also include:

  • Powering a single server, for instance, can cost over $1,000/year, per server.
  • The cost of ongoing depreciation, and server replacement can be substantial. Servers typically last for about six years, after which they may become obsolete and need to be replaced.
  • Mainframe equipment, for example, may need a full-time IT professional or a team to manage servers and troubleshoot.

Cloud storage providers, on the other hand, have a very different payment model. They charge by the amount of data you need stored, charging you a set fee every month, like a subscription. Generally, that will be your only cost, as the provider is responsible for upgrading its technology and installing the latest security protocols, upgrades and advances. The savings can be substantial: SherWeb conducted a study in which it found the average cost of an on-premise server was $1,476.31 per month, while the average cost of a cloud server was $313.90 per month. But, high storage needs means high fees. Organizations that need several Petabytes of data storage often find monthly cloud services costs are so high they’re prohibitive.

The On-Premise vs. Cloud Extra Costs Winner? Probably the cloud, but It depends on how much storage you need.

Scalability

On-premise scalability can be difficult. If your data storage demand grows, new equipment may need to be ordered, paid for, and installed before the storage can be used. When you include labor, testing and downtime while making the upgrades, the costs and time add up. If you need to reduce your storage, you’re still stuck with the same equipment.

With cloud storage, however, more storage means simply purchasing more storage space, which you can use immediately. You can also reduce your storage needs, and monthly fees, when you don’t need as much storage. However, you’ll want to check that storage amount every now and then. Many organizations tend to overbuy their cloud storage space. A 2017 report from RightScale showed that $900 million of cloud storage spend was wasted every year.

The On-Premise vs. Cloud Scalability Winner? Cloud storage, but only if you buy the right amount of storage.

Security

On-premise storage may be more secure, but not always. First of all, no storage is going to be 100% effective at keeping data safe. But local servers are less accessible to hackers than cloud storage (breaches across the cloud are regularly reported by the media). And a survey from Nexsan found that only 58% of IT professionals “considered access to files away from the office to be ‘private and secure’.” And when it came to sharing files outside of the business, only 3% did. Local servers are also at risk from fire, natural disaster and theft.

Cloud security, on the other hand, can be impressive. According to the Annual Cloud Computing Survey (2017), U.S. businesses using the cloud rank its security as a top benefit. And nearly 70% of U.S. businesses that use the cloud feel more comfortable storing data there than on a legacy system. Encryption and other security tools can go a long way to making cloud storage more secure.

The On-Premise vs Cloud Security Winner? Clearly, it depends on who you speak with, but if you use a trusted vendor, like Single Path, to set up and manage your cloud storage, you should feel confident your cloud storage is just as safe as keeping it local.

Accessibility

In 2017, 43% of Americans spent at least some of their time working remotely (According to the NY Times), and that number is rising. The ability to work off-site has been shown to increase productivity, operational efficiency and business agility.

For on-premise storage, however, accessibility is limited. Getting and sharing files can be slow and difficult.

With cloud computing, accessibility is a major advantage. Since data exists “in the cloud” any gadget connected to the Internet can access it, anywhere, at any time.

The On-Premise vs. Cloud Accessibility Winner? This is an easy one. Cloud computing.

The On-Premise vs. Cloud Storage Winner Can Be You

While cloud storage has many advantages in many areas, this doesn’t necessarily mean it’s right for you. While most small-to-midsize companies will find significant cost savings with cloud storage, others may find their exorbitant amount of data makes cloud storage too expensive. If you’re unsure, call us. At Single Path, we help clients navigate their server options every day, including helping them get on the cloud, secure their data, and modernize their systems. We provide Managed Cloud Services for many organizations, from businesses to school districts. So, which option, on-premise or cloud storage, is best for you? Call us and let’s find the best solution.

7 Pain Points That Cloud Migration Can Solve

The use of the cloud for data storage, sharing and communication continues to grow for both businesses and schools. In fact, virtually all North American organizations (97 percent) use the cloud one way or another, and it’s predicted that 80% of small businesses will solely rely on cloud computing by 2020. For many organizations, this is a positive development due to the many advantages that cloud migration provides. If you’re late on switching to the cloud, or only doing so for a small portion of your business, consider these seven pain points addressed by migrating your data to the cloud.

  1. Hidden expenses

Nearly two-thirds of small businesses and organizations are expected to buy new IT equipment this year, but the costs go beyond the hardware. For example, some organizations have rooms solely dedicated to servers, which not only takes up needed floorspace, but can demand costly cooling and electric bills. The organization may also face potentially high maintenance and repair bills, and will need to keep a larger IT team on staff to maintain the equipment. In fact, it’s estimated that 80% of an organization’s IT costs aren’t spent purchasing computers, but on aftermarket tech and labor costs. With cloud migration, however, many of these costs go away.

  1. Data security

One of the biggest concerns of every organization is data security, especially with data breaches and other cybercrimes continuing to grow, both at schools and businesses. These breaches can be devastating to an organizations’ bottom line, and its reputation.

Cloud providers have stringent cloud security requirements they must adhere to, and offer many advanced features that can ensure data is securely stored and handled. For example, some cloud security features can wipe a device’s data, and its access to data, in case the device goes missing. (We wrote about data security and other cloud advantages in our previous blog post: 12 Reasons to Move Your Business to the Cloud.)

  1. Lack of accessibility and mobility

The days of working on-site, and only on-site, are long gone. In fact, globally, 70% of employees work remotely at least once a week. After migrating your data to the cloud, resources can be easily stored, retrieved and recovered with just a few clicks from anywhere. Not only is data available even if your team members are at home or travelling, many applications can be run on Internet browsers. This means employees, teachers or even students don’t need access to expensive computers to run many routine, mission-critical apps.

  1. Work-life balance

Since the cloud is always on, employees can collaborate from anywhere, at any time. Cloud migration provides workplace flexibility in both hours and location; employees can work from a doctor’s waiting room, for example, rather than being forced to take an entire half day off. More and more employees expect a great deal of flexibility in their work lives; the ability to offer that flexibility can mean the difference between hiring and keeping a key employee.

  1. Scalability

Different companies have different IT needs, and those needs change as companies expand or shrink. With cloud migration, businesses can add or remove resources easily without the cost and risk of investing in physical infrastructure. This level of agility can give businesses a real advantage over their competitors. Global Dot, a leading web and cloud performance reseller, says: “Scalability is probably the greatest advantage of the cloud.”

  1. The carbon footprint

A 2014 study by New York City revealed that, on average, each student, teacher and staff member in their school districts uses 28 pounds of paper a year. The costs can be surprisingly high­–a school with 100 teachers can spend $25,000 on paper a year alone according to Edutopia. That doesn’t include toner costs and energy use: maintaining equipment, including cooling that equipment, can be even more costly. With cloud storage, that money can go right back into the budget.

But the green benefits may be even greater. According the Global e-Sustainability Initiative (GeSI), cloud computing can reduce global greenhouse gas emissions by 16.5%. While moving to the cloud is good for the environment, it may also prove to be good for business­–more than 66% of responders to a recent Nielsen study would be willing to pay more for products made by environmentally-responsible companies

  1. Disaster recovery

Data loss is a major concern for any organization. What happens to your data in the case of equipment failure, theft or even human error? Storing your data in the cloud guarantees that data is always available, and available anywhere. Cloud-based services also provide quick data recovery after emergencies such as natural disasters and power outages. Yet, despite the potential dangers and risks involved in the case of a disaster, 75% of small businesses have no disaster recovery plan in place according to IT service provider phoenixNAP.

Let’s Get Cloud Migration Started

Incorporating and committing to the cloud can save money, increase productivity and guard against disaster. But navigating your options, training staff on proper protocols, transferring data and more can take a lot of time and effort. That’s where Single Path comes in. Our Managed Cloud Services give you access to our seasoned expertise without high initial costs or ongoing investments in upgrades. We can provide lower costs, access to the latest technology, reduced risk, adaptability to changing business conditions and superior support. We work with many organizations, including businesses and schools, and are always eager to discuss your unique situation. Cloud migration can improve security, performance and communication. Ask us how to get started! 

How to Create Your School Cyber-Threat Strategy

Cyber-threats are on the rise in our school districts, which often lack the resources to protect themselves, the training to use the resources they have effectively, and even the knowledge to identify which resources are needed.

We wrote about the cyber-threats facing schools in our last blog post. But these problems are epidemic to school districts across the country. As reported by technology and digital learning news source Edscoop.com, “A recent trend in cybercrime indicates that online attackers are increasingly targeting a demographic they know people will rush to protect: K-12 students.” The article details more than three dozen large-scale breaches of student data from cybercriminals from January through October, 2017.

The risk of a cyberattack will only continue to grow, so establishing a holistic cyber-security strategy is critical. Any strategy should include the following elements. Many of these are highlighted in a recent document published by the Council of the Great City Schools, an organization comprised of 70 of the nation’s largest urban public school systems.

1. Physical Security and End-Point Security

On-premises security isn’t only needed to protect students, but the network and computer devices housed inside the school. Using a school-owned computing device is often the easiest way to get access to confidential information. Data centers and control rooms need be locked and monitored. Classroom or office equipment may also be vulnerable to theft, so modern, video surveillance can be a powerful tool, as is locking away machines when not in use, and carefully tracking equipment and reporting lost devices promptly.

2. Employee Training and Network Security

Your network is only as secure as the staff who uses it; an unsecured password can be all a cybercriminal needs to get into your network and see, abuse or share sensitive information. Employee training for proper security protocols is critical for network security, especially for staff who use personal devices in 1:1 environments.

Monitoring who has access to information is also a critical component of network security. As reported by the online security and risk management magazine CSO, “Given the high volume of users entering and exiting a school’s network, establishing the means to identify who can and can’t gain access and which resources they have access to is crucial. For effective cybersecurity, schools should use solutions that can easily identify users and then dynamically assign access to network segments accordingly.

3. Application Security

Hackers can also gain access to your systems directly through your software applications. Downloading and installing regular updates and patches are critical, as we reported in a recent blog post detailing a Cisco networking hack that cut off Internet access and infected more than half a million devices. In that case, those who did not download security patches were left considerably more vulnerable. For that reason, your staff should only use software from trusted sources.

4. Cloud/Data Center Security

With schools moving more and more towards cloud-based solutions, the security of their cloud-based data is a critical component to security. We have touched on the advantages of using cloud computing in a number of past blog posts, including “12 Reasons to Move Your Business to the Cloud”. Cloud computing makes accessing information easier, but demands strict security processes and protections. Still, the benefits far exceed the risks (for many of those risks please see our post, “9 Facts to Know About the Risks of Moving to the Cloud and How To Manage Them”) as cloud computing provides significant back-up security should your data be destroyed or become inaccessible due to disasters both natural and hacker-made.

At Single Path, we are well versed at working closely with school districts to determine their vulnerabilities, providing solutions, and even training staff to ensure policies and protocols are understood and followed. We’re always eager to discuss our many products and services, including Security Solutions and all our Managed/Cloud Services. Let us help you chart a more secure and safer path for your organization.

Ask us how to get started!