The internet has woven its way into our lives as adults, but today’s children are digital natives – they were born into a hyper-connected world. Schools must provide connected environments to prepare children for the digital workplace. The latest technology allows for new teaching methods and innovative platforms like digital whiteboards and personalised learning apps on tablets. While individual school policies vary, many students also bring personal devices to school and may use them during learning breaks. The expectation is that wifi is everywhere and almost universally accessible.

When schools first started exploring the internet, there may have been a room or two on campus filled with computers to use during allocated timeslots. Now, wireless internet and portable devices have shaped the way school environments interact with the internet. Students cannot expect to be tethered to wires to access learning opportunities, and so wifi is often the best solution. Teachers are also growing a reliance on wifi as smart teaching devices in the classroom open up new pathways for content delivery.

With the expansion of wifi in schools comes the concurrent expansion of cyber security threats. School databases are tempting targets for would-be hackers. Significant amounts of personal data are stored on school servers and must be protected from breaches. Schools are also not immune from attacks from within. Students will always try to push boundaries and online environments are no exception.

This article will explore why schools should pay particular attention to the security and capability of their wifi networks, and how they can ensure they stay functional and safe for all users.

School WiFi isn’t just for students

Schools are where young people spend the majority of their time. When the world around them is connected online, there is an expectation that their classrooms will be also. Students need wifi to access streaming, apps and to upload and undertake assessments and exams. Teachers require it for planning, assessment and content delivery. Administrators need it to maintain communication with parents, website maintenance, record keeping, manage security and uphold regulatory compliance. Three very large populations all need wifi for different reasons.

In addition, staff may need to access digital school resources while away for conferences, training or other off-site school activities. Providing secure remote networks on school devices can help provide an additional layer of protection when used off-site. Like personal and business devices, opportunistic attacks over unsecured connections are a real risk. For teachers, secure remote networks can protect against breaches in locations such as at conference centres, local education centres like museums and other places where digital augmentation to lessons can occur.

Finally, as physical security and on-campus safety becomes of even greater concern to staff and students alike, surveillance systems can also be often found in schools, and these systems also need wifi to stay connected and record vision from multiple locations in the school grounds.

Cyber security must be a priority

Security must be a priority when providing school wifi. School and university networks are vulnerable to ransomware attack, as two recent cases in Poland show. Private school records (including very sensitive information like names, birthdates, custody requirements, grades and health information) are a valuable target. Additionally, plenty of time and emotional labour goes into school work and final grades can be life-changing. Depending on the age level and time of year, there can a great deal of pressure put on administrators and students if work is lost, ransomed, altered or deleted. If destructive attacks are carried out, there can be serious implication for final year students and their ability to secure places at university.

If your school wifi is breached, it’s essential that custodians know what to do. Besides securing the network, there are reporting obligations under the GDPR that are really important to be aware of. Schools are required to maintain strict security regarding the large amounts of sensitive data that they hold. Accurate reporting and notification procedures must be in place to adequately manage the fallout from a legal point of view.

Reviewing school wifi security

Unsurprisingly, challenges arise quickly when it comes to providing reliable and secure wifi on such a large scale. The provision of services needs to be specific and there are many security and logistics procedures that can be implemented to create a secure and functioning environment for all users.

Threats come from different vectors. Professional hackers can target weak setups as a source of data. It may be malicious if previous students want to cause destruction and distress to students and staff. It may also come from inside the network as current students push the boundaries of network security and seek to establish their own computing skills (sometimes coupled with age-old peer pressure and common boundary-challenging student behaviour). IT staff should be aware that guides are available online for students that provide suggestions, starting points and explicit instructions on how to exploit a school network. Never underestimate the determination of a student with an idea. Sometimes, removing the target from sight can be enough to mitigate most opportunistic breach attempts.

Students, teachers and in some cases administrators should all operate on separate networks. This action alone limits access and restricts breaches to one network at a time. The next step is to hide the SSIDs of the administrative networks. There’s no reason to broadcast the names of the networks, as it gives hackers a starting place to work from. Instead, remove them from lists of available networks and give teachers and administrators the exact names so they can be searched for specifically.

Security monitoring can be provided in two modes – passive and active. Passive security relies on logging every behaviour conducted over the network and checking over it periodically for unexpected or inappropriate activity. Active systems block access to inappropriate websites, flagged threats, and alert IT support staff to activity as it occurs. Administrators may need to consult with an external IT support team to determine which method of protection is appropriate for the school’s budget and needs.

Staff training is paramount when it coming to securing school wifi networks. As in the business world, secure networks can be breached easily once human error comes into play. While teaching staff often have a full workload, it’s important that they are made aware of simple cyber security protocols that can help prevent them opening the digital gates to hackers. Here are some simple tips that could be included in an email alert or discussed at a staff meeting:

• Never share administrative network names, logins or passwords with students, no matter how trustworthy they seem,
• Log out whenever appropriate,
• Don’t write down SSIDs, passwords or log ins anywhere accessible by staff, students or visitors. If they must be written down, keep the data in different locations (not on a post it note stuck to the terminal!),
• Report any suspicious activity or potential phishing attempt to a designated IT support staff member.

It’s also very important to alert staff to the dangers of phishing emails. Train them to view every email as suspect, especially when coming from unknown or unasked for addresses. Clicking a single link can download malware onto school computers, which can easily create a backdoor for hackers to gain access. Students should also be made aware of this when using personal or school emails while connected to the network. (This advice is pertinent for all internet users on all networks).

For individual student devices, a VPN may offer an additional level of protection, but they would need to be installed on personal devices at their own risk and undertaking. A virtual private network (VPN) creates an encrypted pathway between the device and the wifi network. It prevents data being intercepted while it’s being broadcast on the open wifi network. Some school networks disallow students to use VPNs as they are concerned with they themselves being misused as an avenue of attack, or more likely, a way to bypass the list of blocked websites. For students it may be worthwhile installing and using a VPN on personal devices until the school notifies them otherwise.

The overall capacity of the school wifi network also plays a role in its security capability. Many students attempting to access the system at the same time can provoke network failure, which can create security vulnerabilities. Depending on the levels of connectivity at the school, internet of things connected devices may also draw down connection. Students may be using their own devices to stream content or play games or download pirated material like movies. The network may be poorly designed or under-resourced and not able to handle peak traffic times or varied demands from teaching staff and students. Depending on the budget of the school, the wifi networks could be upgraded to handle higher traffic loads, or policies put in place to dissuade students from using networks for personal objectives.

How school WiFi networks commonly work

Most schools use a version of unencrypted wifi that requires credentials (a password) to login. It’s a single step up from using an unsecured network where any person with a capable device can connect with no verification at all. Most public wifi offered in cafes and shopping centres is unsecured. Cafes that print a password on a receipt or publish it on the wall are examples of unencrypted networks that require credentials. Ultimately, it’s the almost same level of security, which is to say, very low and should be treated with caution. Unencrypted networks transmit all data ‘in the clear’ – that is, anyone with the right technology can intercept the information as it travels between the device and the router. Requiring passwords does offer a level of deterrent against opportunistic attackers, at least. They may try a list of common passwords to see if they can break in but are more likely to make use of an unsecured network in those cases. Hackers that are determined to access your system will happily try other methods.

WPA2 technology can help to make this type of wifi network more secure. As described above, on an unencrypted network, all users can see every other users’ traffic. WPA2 helps to isolate sessions, which means each user’s session is separate and inaccessible to others. It’s still not completely safe but does add an additional barrier to access. Like all good security protocols, technology exists that is cheaply available to help hackers to access these individual sessions. Some of the tech is designed to help assess defensive capability but that means by requirement they can be used to break in, too. It’s better to focus on providing the most secure environment possible, and dedicating time to training staff and students to act securely online.

How to assess the state of your school WiFi network

Seeking out professional advice from a local IT support provider will help to assess the state of your current school wifi set up. The right team will be able to provide advice and onsite support to establish the right level of broadcast availability, cyber security and levels of access for different groups. This can include evaluating your email servers and other communications channels, as well as advising school IT staff on possible staff internet security training and protocols.

The future

Schools will become more and more connected as technology improves. It’s difficult to forecast the needs of future students, and funding is so often a determinant of how well technology is integrated into school environments. It’s best to ensure you’re getting the most from your current wifi set up and can protect it against real external threats. Getting expert advice can help you to provide powerful and secure connections for students and staff and will help prepare you for changes as the online landscape evolves.

About Mustard IT, your secure school wifi partner

Mustard IT provide the design, build, installation and maintenance of secure IT servers and networks, can provide advice and assistance for secure school-based internet provision. Our trusted team are experienced able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.