• Skip to main content

VSTE

Virginia Society for Technology in Education

  • About
    • About VSTE
    • Committees
      • Advocacy
      • Awards
      • Communication
      • Education
      • Elections
      • Equity & Diversity
      • Finance
      • Membership
      • Outreach
    • Get Involved
    • Leadership
    • Partners
  • Events
    • Annual Conference
    • Annual Conference Archives
    • Power of Coaching Conference
    • Live Events
    • Online Events
    • Corporate and Conference Sponsorship Opportunities
  • Blog
  • Subscribe/Join
  • Contact
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Search

vendor

Mitigate Risks With This Cloud Application Security Checklist

March 8, 2021

Using Google G Suite and Microsoft Office 365 provides school districts with many benefits. From improving productivity and collaboration to outsourcing infrastructure security, schools and districts of sizes are making the move to the cloud.

But there are security issues in cloud computing. The NIST Cybersecurity Framework recommends that you run a risk assessment and cloud security audit regularly. This cloud application security checklist is designed to help you run such an audit for your district’s G Suite and Office 365 to mitigate security issues.

10 Step Cloud Application Security Audit Checklist

What is cloud application security? It is a series of defined policies, processes, controls, and technology governing all information exchanges that happen in collaborative cloud Software as a Service (SaaS) applications like Microsoft Office 365 and Google G Suite.

As your school district moves more information and activity to the cloud, your perimeter security safeguards become less effective. More IT and security professionals are opting to secure cloud storage by deploying a zero trust security model. This checklist also helps you lay the groundwork for deploying zero trust security for your district’s cloud applications.

1. Set password policies

Passwords are the foundation of any good security plan. Educate both students and staff on what factors make passwords strong or weak, and why password strength is so important.

As a system admin, you can set policies and standards for your district’s cloud app passwords. At a minimum, you should enable your system’s “require a strong password” feature. You can also set minimum and maximum password lengths, password expiration, and more.

If you’re setting the standards for the first time, be sure to run a check of current passwords to see whose passwords are out of compliance with the new standards. You can then force a password change through your admin console.

2. Make multi-factor authentication mandatory

Multi-factor authentication requires users to take a second step, after entering the correct password, to prove they have authorized access. This typically includes entering a code that is sent to their phone via SMS. It can also include phone calls, answering security questions, mobile app prompts, and more.

3. Manage SaaS access and permissions

Open Authorization (OAuth) makes app use convenient for end-users, but it can be a little bit of a nightmare for those in charge of IT security. The proliferation of SaaS use in classrooms and throughout school districts makes it difficult to stay on top of what apps have access to your cloud environment, what permissions are granted to them, and how secure the app is itself.

District system admins have the ability to control what apps are allowed permissions to the company’s Google or Microsoft cloud accounts. This can be as simple as restricting access to risky apps, or as customized and detailed as creating sanctioned and unsanctioned apps lists.

4. Enable anti-phishing protections

Email phishing is still the most common external threat vector. And there is a myriad of tools on the market aimed at removing phishing emails from inboxes. Unfortunately, none of them work with 100% accuracy.

The best option is to start with configuring your native cloud email provider’s anti-phishing capabilities and then layer additional safeguards and monitors on top of it. Educating the rest of your district about common phishing attacks, new ones as they arise, and how to spot them is also extremely important.

5. Turn on unintended external reply warning

One of the ways you can ensure that sensitive, internal information isn’t improperly shared outside of the school district is to enable an external reply warning. This feature also protects your district against forged emails from malicious hackers trying to gain access to internal files and information.

When the external reply warning is enabled, users receive a pop-up notification asking if they’re sure they want to send it to an external domain. It’s important to reinforce to your colleagues why they need to pay attention to this pop-up and think twice before dismissing it.

6. Set external sharing standards

Beyond sending emails, you should configure data loss prevention external sharing standards for shared calendars, drives, folders, and files. The best approach is to start with the most strict standards possible, and then open up as needed.

Files and folders containing the most sensitive information such as student, parent/guardian, and staff personally identifiable and financial information, should rarely (if ever) be configured to allow external sharing and access.

7. Set up message encryption

Encryption prevents anyone other than the intended audience from viewing a message. Microsoft and Google provide native encryption options. In Google’s case, they provide “Confidential Mode”, which works a little differently. There are also a variety of third party encryption tools available.

Sending sensitive or confidential information via email should always have encryption and confidential protections enabled. It forces the recipient to authenticate that they are the intended audience and protects the information from being forwarded to others. The sender can also set up an expiration date to ensure the information isn’t lingering in someone’s inbox into eternity.

8. Set up data loss prevention policies

Fundamentally, data loss prevention is a strategy to ensure that your district’s sensitive and protected information does not inadvertently leave the network—whether it’s accidental or malicious.

System admins have the ability to set up data loss prevention policies in most popular and “enterprise-level” cloud applications. These policies help admins maintain and automate rules around how information can be accessed and shared. Most policies create alerts and actions that the system can take if a data loss prevention policy is broken. For example, if an employee account is trying to share a spreadsheet containing social security numbers with an outside domain, the policy can be set up to automatically warn the user and/or quarantine the file.

9. Enable mobile management

Everyone in your school district likely uses mobile devices to access school cloud accounts—mainly email, files, and drives. These mobile devices represent more endpoints that need to be secured by IT. But, endpoint security isn’t enough in cloud computing security. You will also need to configure mobile device policies in your cloud applications.

10. Run a security health/score audit

Once you’ve completed this checklist, it’s a good idea to run a cloud security audit of your environment. An audit will re-check for any configuration errors, sharing risks, files containing sensitive information, and more.

It’s also important to run an audit on a periodic basis. Weekly and/or monthly audits and reports can be automated and provide you with detailed information into the security health of your cloud applications. Microsoft provides Office 365 Secure Score, which is very helpful in providing on-going health checks and recommendations. Particularly as new security features are rolled out and new risks are identified.

If your school district uses SaaS applications such as G Suite and/or Office 365, cloud application security is a critical layer in your cybersecurity infrastructure. Without it, monitoring and controlling behavior happening within applications are impossible. This blind spot creates critical vulnerabilities in your district stakeholders’ sensitive information and financial futures.


Written by Katie Fritchen. This material is provided by VSTE partner Managed Methods. For more information, visit their website.

Share this:

  • Tweet
  • Email

Resources for Teaching African American History

February 5, 2021

Regardless of the makeup of your school community, teaching students about African American History is an incredibly important part of any history or social studies curriculum. EVERFI has a suite of digital resources for students focused on African American History, as well as opportunities for educators to engage with these topics in meaningful ways.laptop showing website with history resourcesWe recommend students start with 306, which takes students through key events and figures chronologically, starting with the Trans-Atlantic Slave Trade and concluding with Mae Jemison.
As a continuation, we recommend 306 - Continuing the Story, which looks closely at events in post-Civil Rights era US.

By completing both resources, students will be able to draw connections from past and present events to recognize and empathize with the ongoing challenges Black people continue to face in the United States.

several computers with history site showing on the screens

To access these digital resources, in addition to lesson plans, worksheets and anti-racism toolkits for educators head to EVERFI’s Black History Month Hub.


Written by Teagan Seeley. Teagan is a Senior Schools Manager with EVERFI, where she works with teachers across Virginia as they implement resources designed to teach students critical life skills. Before joining the EVERFI team she was a first-grade teacher in Baltimore City Public Schools.

If you have questions about registering your students, ideas for implementation, or need troublshooting help, email Teagan at [email protected]

Share this:

  • Tweet
  • Email

Offer From NetRef: You’ve Got Questions and NetRef Has Answers

November 14, 2020

The following information is provided as a service to our membership. It does not constitute an endorsement by VSTE.

NetRef graphic

We understand that these are difficult times for all stakeholders in K-12 education and Virginia Schools Divisions may be experiencing challenges around remote, hybrid or technology use in the classroom.   In our discussions with educators across the country we have heard the following concerns and NetRef can help address all of these:

  • Remote Student Attendance
  • Student Engagement
  • Track Usage of Online Programs
  • Equity

NetRef is a Virginia-based technology company and wants to offer any assistance and help to Virginia School Divisions.  We are offering FREE usage of NetRef beyond the 14 days listed on the flyer for Virginia Divisions.

  • NetRef can be set up either with or without teacher involvement.  We understand that teachers have a lot of their plates right now and don’t want to over burden but provide useful data and also ensure kids are using devices appropriately.
  • With teacher involvement provides all classroom management functionality as well as all data and usage reports for teachers and building and central office admin.
  • Without teacher involvement you would still have usage, attendance and engagement data reports and
  • Set up for either implementation would take about 20 minutes or so.  We provide all services – implementation, SIS integration, technical support and training
  • We can set up very quickly and pull data from your SIS so there is minimal effort on your end.

Short 3 minute video on how NetRef tracks engagement and attendance

14 minute pre-recorded NetRef demo from VSTE Leading Ed Forum

See what educators are saying about how NetRef is helping to keep kids focused and engaged

For more information or to discuss setting up your free trial please contact:

Joe Warden
Education Partnerships Manager
NetRef
Phone: (703) 489-7577
Email:  [email protected]
Web:
net-ref.com

Share this:

  • Tweet
  • Email

Extending Wireless to Your Community

June 23, 2020

Hewlett Packard Enterprise (HPE) Aruba Networks has been helping K12’s in the state of VA during the COVID-19 pandemic. Aruba’s leadership team came up with the idea to offer outdoor wireless solutions to k12’s during this time of transition. We understand that not every child may have the accessibility to internet or broadband at their home for remote learning. We decided to donate outdoor wireless kits to schools so they are able to “drive up” to the school parking lot and connect to free wireless.

Washington Co Public Schools has shared with us how they are currently utilizing their outdoor wireless today.

“When we went to a remote learning situation in March, we quickly realized that there were students who did not have adequate access to the Internet at home.  We installed Aruba 377 outdoor access points in a parking lot at each school.  When school was still in session, we were seeing around 80 clients connected over a 24-hour period.  That has gone down to 20-30 per day now since we have closed out the school year.  We also allow community access through our guest wireless network.” –Washington Co Public Schools

This is just the many ways that Aruba is helping K12’s during this time. We are currently working on a solution to allow connectivity and wireless to project from school buses. More to come!

Some of the schools systems we have been helping in the state of Virginia below:

Isle of Wight County Schools
Franklin Co Public Schools
York Co Public Schools
Montgomery Co Public Schools
Washington Co Public Schools
Newport News Public Schools
Hampton City Public Schools
Lynchburg City Public Schools
Campbell Co Public Schools
Botetourt County Public Schools


Written by Lindsay Scott. Lindsay is the Greater Mid-Atlantic-Southeastern VA Territory Manager for Aruba, a Hewlett Packard Enterprise company. Contact her to learn more about how Aruba can help your school today!

Share this:

  • Tweet
  • Email
  • About
  • Events
  • Blog
  • Subscribe/Join
  • Contact
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Search

Update Member Profile | Support

Copyright © 2023 Virginia Society for Technology in Education · Log in