Eastern Carver County Schools Ratchets Up IT Security
The Minnesota school district strengthens its cybersecurity posture to safeguard its data, IT infrastructure and cloud resources amid an increase in threats.
When it comes to cybersecurity, the best defense is a multilayered security approach, much the way a homeowner protects the house perimeter with a fence, cameras and an alarm system, says Mikela Lea, principal field solution architect for CDW’s security assessment team.
“Hackers will see the layers of protection and hopefully look for an easier target,” Lea says. “But if they do try to break in, you know they will make so much noise coming into the network that you are prepared and can stop them.”
Eastern Carver County Schools in Minnesota is doing just that.
In recent years, the district’s IT leaders have prioritized IT security to stay steps ahead of would-be hackers and other cyberthreats. The district, which enrolls 9,300 students across 16 schools, deploys multiple layers of security — from traditional on-premises technology such as network firewalls to cloud-based software that includes web content filtering and data loss prevention.
More recently, when the coronavirus pandemic forced ECCS to move classes online, Information Systems Administrator Craig Larsen added new security tools to better secure a suddenly remote workforce. That includes remote patch management software and cloud-based, next-generation endpoint security software to better protect employees’ notebook computers.
“We never anticipated that every staff member would work from home for extended periods of time, so we needed to shore things up around remote staff and security.”
Craig Larsen, Information Systems Administrator, Eastern Carver County Schools
That proactive, thorough approach to security is not the norm for K–12 schools and districts, which are notoriously easy targets for cyberthieves. But some might argue it should be.
In 2020, the number of attacks soared as hackers attempted to exploit weaknesses from all the new remote users and devices stemming from online learning and remote work. As a result, school districts have suffered from a rise in ransomware infections, successful phishing scams, denial-of-service attacks and “Zoom bombing” incidents in which people disrupt online classes, experts say.
Students’ personally identifiable information is desirable to hackers because it offers fresh, uncompromised data that’s ripe for exploitation, Lea says.
Larsen and his IT team continually fine-tune their security controls to prevent data breaches and improve student safety.
The number of reported cybersecurity incidents targeting K–12 school districts during the first two to three months of the 2020 fall semester
Source: K–12 Cybersecurity Resource Center, “The State of K–12 Cybersecurity: 2019 Year in Review,” February 2020
Investing in Proactive Security
Larsen credits a voter-approved school technology and security levy with generating the funds necessary for ECCS to launch a one-to-one initiative with Chromebooks and to implement a comprehensive security strategy.
Every year for the past four years, the district has hired a third-party security firm to conduct annual independent security audits, including penetration tests, to find vulnerabilities. When flaws are discovered, IT staffers quickly implement new security measures and tools to resolve them.
Network security is a focal point. The district has implemented industry best practices such as deploying next-generation firewalls, segmenting the network into different virtual LANs and demilitarized zones to control network access and better protect data. That prevents students or visitors from accessing sensitive data when they bring their own devices and log on to the guest or public Wi-Fi network, Larsen says.
However, in 2019 an annual audit revealed a vulnerability in the district’s network defenses. While previous efforts focused on securing wireless access, users who plugged their computers directly to Ethernet ports on school property provided them with direct access to the full network. “We did not have control of the wired side,” Larsen says.
To remedy that, ECCS turned to CDW to purchase Cisco Identity Services Engine, a policy-based, network access control solution that allows the district to secure wired network access. Now, when users connect to the wired network, Cisco ISE authenticates them and only grants the level of network access they are allowed.
“ISE directs people into buckets, and then you live in that bucket and can’t get out of that bucket,” Larsen explains.
The number of reported cybersecurity incidents targeting K–12 school districts in 2019; districts are on pace to surpass this total in 2020
Source: K–12 Cybersecurity Resource Center, “The State of K–12 Cybersecurity: 2019 Year in Review,” February 2020
With Remote Work, Security Preparation Pays Off
Now, about 2,000 ECCS administrators, teachers and staff equipped with Dell laptops regularly work from home. The previous security efforts meant the district largely had already implemented necessary security controls when the pandemic hit.
“Because we had so much in place, the transition was much simpler for us,” Larsen says. He still found additional ways to bolster the district’s cybersecurity posture by augmenting existing security technology and adding new safeguards. For example, the IT department had previously standardized on Palo Alto Networks’ GlobalProtect VPN software, which allows employees to connect to the school network through a secure, encrypted connection.
“Schools are extremely soft targets with many avenues of attack. You have to take these kinds of measures and have the right tools in place to stay on top of security.”
The district also previously deployed Cisco’s Duo multifactor authentication tool, which strengthens security by texting employees a one-time code on their smartphones and requiring them to verify their identity a second time. When the pandemic forced employees to telecommute, Larsen increased the number of VPN and multifactor authentication licenses from 50 to 500 to support the influx of users needing remote access.
“Although we have many things in cloud storage, we still have a lot of local storage in our environment,” he says. “Our users need access to file systems, whether they are shared drives or user folders.”
Empowered to Improve Endpoint Security
To further reduce risk, Larsen recently replaced traditional, signature-based, anti-virus software with VMware Carbon Black, a more comprehensive cloud-based endpoint security software, which uses behavioral analytics to spot suspicious activity and block attacks. With Carbon Black, the IT team also gets visibility into Windows-based laptops and alerts of anomalies, such as when an employee opens a website that contains malicious code that tries to modify the computer.
“In the past, if something happened on that remote device, I wouldn’t know about it,” Larsen says. Now, he says, he gets alerts about incidents and can disable devices if needed.
IT staffers also recently installed management software on each laptop, which enables them to remotely update the devices with the latest software patches and security fixes. ECCS IT staff had previously installed software in its data center, but it only pushed software updates to laptops when employees were onsite, connected to the LAN. ECCS’s add-on client software resolves that by allowing for remote patch management.
“When we first went to all distance learning, we did not have access to the devices. Now, we can update and manage them properly,” Larsen says.
Equipped to Provide a Secure Cloud Learning Environment
ECCS used cloud resources before the pandemic, but that usage has since skyrocketed, Larsen says. Employees use Microsoft 365, but for instruction, students and teachers rely on Google tools such as the Classroom learning management system, Meet for videoconferencing and Workspace for productivity. Students and teachers also use Chromebooks, which Larsen and his team can centrally configure using Google’s web-based administrative tool.
In recent years, Larsen has also deployed Securly, a cloud-based web content filter that also uses algorithms to monitor students’ online activity for bullying and other potential indicators of harmful behavior. The district also uses ManagedMethods, a cloud access security broker tool that provides visibility into files and email, offers data loss prevention protection and protects against malware and phishing attempts.
“Before ManagedMethods, we had very limited visibility into files,” Larsen says. With the new tool, his team continually monitors Microsoft 365 and Google apps for data security risks and data loss prevention.
Finding the Right Partner for Tech Solutions
Larsen and his team didn’t have to find cybersecurity solutions alone. They partnered with CDW to shape the ECCS security landscape.
“CDW has been great,” Larsen says. “We work with them on strategy, with their architect teams, and we work on what products best fit our needs.”
Cisco ISE is a good example. ECCS reached out to CDW for advice on wired network security.
“With ISE, they knew what they wanted in theory, but didn’t know how to accomplish it,” CDW Executive Account Manager Oleg Krylov recalls. “Our team, which included a field solution architect, met with them several times, put a plan together and narrowed down licensing options to what was best for the district. Our engineer worked with their IT team to implement the solution.”
CDW also assisted ECCS with its ManagedMethods acquisition.
“In that case, we knew what we wanted to do, but CDW helped us manage the process of acquiring the solution, which included implementation,” Larsen says.
Overall, Larsen says he feels good about his district’s cybersecurity posture. His latest project was to bolster the district’s disaster recovery plans by updating its data backup solution and storing a copy of the district’s data in the public cloud.
Improving security is a never-ending task because cyberthieves are constantly changing their tactics in hopes of taking advantage of security weaknesses, he says. As a result, he’s always striving to make improvements to stay ahead of the threats.
“Schools are extremely soft targets with many avenues of attack,” Larsen says. “You have to take these kinds of measures and have the right tools in place to stay on top of security.”
Photography by Steve Woit
5 Tips to Better Cybersecurity
Eastern Carver County Schools in Minnesota is much more advanced than the typical K–12 district when it comes to cybersecurity. Craig Larsen, the district’s information systems administrator, recommends the following security best practices:
- Hire an independent security firm to conduct security risk assessments. It’s critical to use external resources to verify your security controls and adjust the controls as needed to stay ahead of the changing threat landscape.
- Regularly patch software. Districts need to regularly update their notebook computers with software updates and the latest security patches. Otherwise, they are exposed to vulnerabilities.
- Deploy multifactor authentication. Using a second method to authenticate and verify users — beyond passwords — improves security.
- Implement a cloud access security broker. CASBs allows IT administrators to enforce security policies for cloud applications. Features include data loss prevention, and malware and phishing threat protection.
- Back up data. Create a disaster recovery plan that includes making a backup copy of your data and keeping it offsite to protect it from ransomware and other cyberthreats.
Get customized help with your organization’s cybersecurity needs.