In order to provide on-going remote instruction and overcome the “digital divide” of those who have limited broadband at home, many schools around the country are turning their wireless networks toward their parking lots. Similarly, districts have positioned busses throughout the neighborhoods the school serves to act as WiFi hotspots. These are reasonable responses to address community needs in a crisis—but districts should use an abundance of caution to deploy these solutions securely. Exposing your school network to the public is risky. It can increase the chances of a cyber-attack or individuals utilizing your school’s network as a platform to initiate malicious activity. The district needs to ensure proper security protocols are protecting their assets as they work to make remote learning accessible to all students.Isolation from Your Internal Network
Before deploying public wireless internet access for drive-up or “hotspot” access it’s vital to consider the security of your internal network to ensure it is not accessible to the public. Your internal data is sensitive and important, but it’s at risk of hacking. Cyber-attacks can expose the district to data breaches, including ransomware. It’s important to ensure this access point is separated from your internal network or any internal resources. It should be noted that this isn’t the same thing as using a web filter and/or a firewall. Your web filter and/or firewall will filter traffic when it’s already connected to the network.Proper Equipment & Strength
Once you have ensured that this public network is isolated from your internal network, double-check your bandwidth and equipment to ensure it has the signal strength and dependability to host a stable connection. There’s no point in deploying a network with weak strength. You can also increase the efficiency of your network by deploying a web filter to block websites, such as Hulu or Netflix, that require large bandwidth and aren’t likely required for your educational purposes. Set Up a Wireless Network Designated for Public Access
Allowing community members to connect to your organization’s private wireless network is a security risk. Instead, set up a separate public wireless network physically or logically separated from the school’s private network. Other security recommendations include:
- Ensure “drive-up” wireless is filtered to assure CIPA compliance
- Enable WPA/WPA2 encryption for the network for added security
- Do not advertise your school’s private networks publicly for any wireless device to see
- Do not share wireless passwords via social channels or mass public address platforms
- Ensure that encryption has been successfully enabled
Not securing your public wireless network can expose you to a list of security risks, such as:
- Man-in-the Middle attacks/Malicious hotspot
- Snooping and Sniffing
The efforts to ensure our community members and students have safe and ready access to the internet are critical. Take this time to respond, understand, and ensure the rush to deploy is not putting you at risk. Assess your network, secure your resources, and deploy safely.
We are interested in hearing from you. Please take our brief survey to lend your thoughts on your district’s readiness and future needs during this state of emergency. This information will be applied to create future professional development to support your district’s technology planning demands.
Karl Seiler also contributed to this article and is the President of DataServ.
Joe Prchlik is the Director of Operations and Technology at Northern Buckeye Education Council (NBEC). DataServ and NBEC are the founding alliance members of the ShareOhio partnership.