Services Blog- Hummingbird Networks

School Security And Mobile Access: Making Them Work Together

Written by John Ciarlone | Dec 11, 2014 2:00:00 PM

 
Schools are among the biggest beneficiaries of BYOD policies when they implement WiFi systems.  But are you doing everything you can to keep systems secure?

Bring-Your-Own-Device policies are great for schools, because they put modern technology into the hands of staff and students... but without the school having to pay for them.  Smartphones and tablets are becoming so ubiquitous that many districts can assume 3/4 or more of their population has at least one.

Plus, students are increasingly accustomed to using them in their day-to-day lives for research.  This makes it easier to teach good Internet research skills and behaviors, if it's on the devices the students already use.

The issue is one of mobile access security to the school WiFi.  With so many devices accessing your network, how do you keep everyone secure?

Tips For Good School WiFi Security

1 - Consider a Mobile Application Management system

The issue of security, privacy, and student devices is a very sticky one, and it's hard to find a perfect balance that makes everyone happy.   Currently, one of the best options is Mobile Application Management. (MAM) 

Rather than putting restrictions on a device, it puts restrictions on the applications stored in the school's servers that can selectively block access.  This allows you to enforce requirements on BYOD devices being used, without more "peeking" at their contents that's absolutely necessary.  

MAM doesn't have to query anything but basic hardware information, like the serial number or OS version, making it friendly to student privacy.

2 - Ban any jailbroken devices.

In general, BYOD policies should be inclusive for them to accomplish their goals.  However, a hard line in the sand should be drawn on the matter of devices that are "jailbroken" or "rooted" or otherwise hacked to run unapproved firmware/software.

While there are legitimate reasons students (or staff) might want to do this to their devices, they are a security nightmare.  A jailbroken device can never be authenticated, and therefore can never be trusted not to carry viruses or worse.

This is also a great example of how MAM systems can protect your school.

3 - Have a usage policy that must be signed.

BYOD deployments go far more smoothly when there's a clear and simple explanation of exactly what rights users do and do not have, as well as expectations of their behavior.

This should be distributed to anyone using the service and, at the least, students and staff should have to officially sign it to be allowed access.  This also gives the school some measure of legal protection as well, should illegal activities occur via the school network.

4 - Segregate your student and administrative networks.

Any network hardware from recent years can support multiple networks on the same equipment, usually 16 or more.  So don't put everything on a single network!  The network used by students and guests can be kept totally separate from the one for staff, or you could even segregate further based on department or responsibility.  

For added security, hide the SSIDs (network names) for all but the student/guest network.  This makes it extremely difficult for an intruder to get onto any critical systems.  At least, not without human error being involved.  

Speaking of which...

5 - Remind staff of their extra obligations.

Today, the number one cause of data breaches is human error.  For a school BYOD system to work, your teachers/staff need to be actively thinking security.  This includes:

  • No secure student information on private devices, ever.
  • Never storing passwords or server information on devices.
  • Never giving students access to higher-level networks.
  • Immediately reporting any lost or stolen devices.
  • An awareness of basic "social engineering" fraud techniques.

Your staff is one of your first lines of defense in terms of security for your school WiFi.  Be sure they understand that.

BYOD presents a security challenge for schools, but it's not insurmountable.  If you have any other questions, or would like a consultation on your network security needs, just contact Hummingbird Networks!  

Worried about the security of your school WiFi? Read Four Important Tips for Keeping Your School WiFi Secure.