5 reasons why schools should add texting to safety plans

Today’s college officials face challenges that that previous generations of education professionals never had to deal with, starting with the Internet.

Though advances in digital technology have generally been a good thing as far as program delivery and creating more interactive multimedia classroom experiences, they have also created more potential for harm, or at least new distractions for instructors and students.

At the same time, interest in school security has also risen, partly due to increases in violence at secondary schools and colleges. Though shootings get headlines and cause high levels of fear, other crimes can take place too, including assaults with other weapons.

Because of a push to keep students safer, educators and security staff continue to search for new methods to alert students during a crisis – it doesn’t have to be violence, but any occasion when information needs to be delivered in a hurry. Perhaps it could be a natural disaster or even a serious traffic accident or weather situation that could impact traffic in and out of campus.

One solution that has gained popularity is texting, when school officials can send instructions to students and faculty in the event of a safety situation.

Here’s why it should be added to a college’s security plan.

  • Students are more likely to see a text first.

Emergency warnings in the past have included mass emails or automated phone calls. But these may not be able to be seen as quickly as a text – sometimes emails or voice messages aren’t checked for hours or days while a text can be seen in minutes. Since more students are using mobile devices, especially for texting, it’s likely that they will hear and see an immediate message, or at least someone near them will.

  • It’s a faster delivery method.

Depending on your particular texting service, thousands of one-to-many texts can be sent a matter of minutes. In comparison, thousands of mass emails must be sent in small bursts over hours to avoid spam detectors. Texts are also universal – the same message can be seen on everyone’s phone.

  • Brief is better.

In emergency situations, school officials may just send out short details and quick instructions, with the expectation that more info will be shared later. “Active shooter on campus, seek shelter.” “Tornado coming, stay indoors, will text all-clear later.”

  • No reply needed.

Sending one-to-one texts can create opportunities for a conversation, but one-to-many texts aren’t intended for interaction, only instructions. Officials sending texts may not have time or interest to answer the same question multiple times, so it’s easier just to send an identical message out to everyone.

  • Different databases can be managed easily.

A college may have multiple ‘text’ lists, such as students on different campuses, or even local media. Plus it may have an ‘everyone’ list.  Most texting programs make it easy to specify which database when creating a message. This can make sure the correct students and staff receive the message.

Secondary schools like middle schools and elementary schools will likely require different texting policies than colleges. Younger students may not even own mobile phones, or if they do have them, they may not be permitted in the classroom.

In this case, school alerts should be sent to faculty/staff and perhaps a separate database for parents. These also can give quick, direct information with the promise of more details to come. “School in lockdown. Keep students calm and in classrooms.” “Fire in gym, please evacuate to field.”

Leaders also should keep in mind that every school’s texting plan should be customized based on local resources and the local community.

Overall, it’s critical that a school gets the word out as much as possible prior to launching a texting service to make sure many as many people sign up. Schools also should consider sending out several types of warnings, not just texts, in case a student may not have their phone on or even with them on any given day.

 

Joe Butler writes about personal finances and the modern retail experience. He loves the idea of mobile coupons, since he frequently forgets the paper ones at home.
Google Plus profile

5 Security Experts on Why IT Leaders Need to Start Automating

Automation has been cited as the next big thing for IT leaders looking to secure their communications in all types of cloud environments—but leadership knows the challenges they face in doing so.

Answering to a Network World survey, 47% of respondents claim that it is difficult to monitor network behavior from end-to-end, and 41% say these security operations have difficulties that arise from cloud computing.

The main problem with not automating security operations is scalability and the difficulty in setting up these systems. But it’s necessary—it’s impossible to keep up with the increasing pace, limited cybersecurity, and network operations personnel, all while managing network security operations on a box-by-box, or CLI-by-CLI basis.

But don’t take our word for it. These five security experts have driven deep into the world of network security, and have their own reasons for passing along advice to IT leaders to start automating security processes today.

Security Experts and their Reasons for Encouraging IT Leaders to Automate

According to the Enterprise Security Group (ESG) 63% of networking and cybersecurity professionals working at enterprise organizations (more than 1,000 employees) believe network security operations is more difficult today than it was two years ago.

The bottom line – the main roadblock standing in the way of IT leaders and automated security process is difficulty. Here’s why you should take the plunge despite the challenges.

Jon Oltsik, ESG Senior Principal Analyst and Founder of the Firm’s Cybersecurity Service

Oltsik knows the scalability problems that security leadership faces, even though leadership knows the risk they’re taking without it. He cites a survey of 150 IT professionals, where 31% of respondents say automation is “critical” to address future IT initiatives, while 58% claim it is “very important” to address future IT initiatives.

Because of the recognition of its importance, the technology industry is listening – Companies like Cisco, Fortinet, Check Point, and more have all introduced solutions that will assist security network operations teams in automation and visibility of their networks. His advice to leadership is to adopt these technologies:

“Since relying on people and manual processes can’t scale or keep organizations secure, CISOs and network operations managers should assess where they are in the network security operations automation transition as soon as possible, making sure to look into their people, processes and technologies.

Once shortcomings and bottlenecks are discovered, large organizations should develop a plan to address these areas and institute network security operations automation projects, phasing in capabilities over the next few years.” Jon Oltsik

Stephanie Tayengco, SVP of Operations, Logicworks

Tayengco is a proponent for automation, but automation the right way in the face of risk. Her bottom line—you need to get rid of as much manual work as possible to stay secure.

According her, it’s important to automate infrastructure buildout first, continually check instances across the environment, fully automate deployments, include automated security monitoring in those deployments, and finally, prepare for the future of automation.

“Ninety-five percent of all security incidents involve human error, according to IBM’s 2014 Cyber Security Intelligence Index.

This year alone, enterprises will spend $8 billion on cyber security, but these initiatives are often useless in preventing an engineer from misconfiguring a firewall or forgetting to patch a security vulnerability on a new server. Manual work is risk, and manual security work is a disaster waiting to happen.” – Stephanie Tayengco

Gabby Nizri, CEO, Ayehu

Nizri is worried about the rising number of security breaches. According to the ISACA 2015 Global Cybersecurity Status Report, 781 publicized cyber security breaches resulted in 169 million personal records being exposed.

Well-known companies like BlueCross, Harvard and Target were involved, making it clear that even the most sophisticated and well-funded security departments aren’t safe. Even so, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack. Because of this, Nizri urges you to automate.

“Simply put, IT personnel are no match for such intensive, sustained attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient.

This is why automation is becoming such a powerful and effective component of cyber security incident response. To combat the onslaught of incoming threats, organizations must employ an army of equivalent strength and sophistication.” – Gabby Nizri

Danelle Au, VP of Strategy and Marketing at SafeBreach

Automation isn’t all about just avoiding mistakes. Au cites instances where automation makes an IT department more agile, and improves processes such as application delivery.

For the private cloud environment, applications and desktops are being virtualized at an faster than ever before. According to Au, As the number of virtual machines (VMs) increases, automation and orchestration is no longer a “nice to have.”

“The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment.

To fully realize the promise of private clouds or software defined data centers (as VMware defines it), the traditional IT infrastructure — in particular network security — needs to transform into agile and adaptive end-to-end automated processes.” – Danielle Au

Brian Dye, VP of Intel Security Group

A recent ESG study noted that 46% of organizations said they have a “problematic shortage” of cybersecurity skills—up from 28% just a year ago. That means the development of these skills in IT personnel isn’t improving at a rate needed to keep up with threats.

One-third of those respondents said their biggest gap was with cloud security specialists. According to Dye, this is the reason security automation is important, as well for working with SDN technologies and responding to breaches.

“As organizations explore software defined networking (SDN), they see a need for more automation skills, as security policy must co-exist with the orchestration to fully exploit an SDN environment. These skills become especially important as virtualization expands beyond servers and into networks and storage.” – Brian Dye

Network security automation is important for many reasons – the risks associated with manual processes, adaptation to new technologies, the agility of the cloud, and the race to keep up the skills needed in personnel to use new emerging technologies.

Creating the proper mix of skillsets, automation and processes will provide IT leaders with the security confidence they need moving forward.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

 

meganmorreale-headshot

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com

3 Secret Habits of Really Effective Network Security Programs

Effective network security programs require more than just one layer of protection if one solution fails, you still have others guarding your company and its data from all types of network attacks.

There are best practices that set the highly effective network security programs apart from the rest.

A recent survey conducted by ReRez Research, and commissioned by Infoblox, shows that when IT departments are segmented by security success factors, there are certain best practices that rise to the top.

The study was comprised of 200 large organizations, and shows how certain habits differed between organizations with top-tier network security programs and everyone else.

These alterations in behavior matter, as breaches in security can cost organizations large fees in both recovery and damages.

Analysts estimate the cost of a typical unplanned network outage now tops $740,000. Protecting the network – from problems like breaches, outages and poor performance – is crucial for organizations. – Infoblox 2016 Network Protection Survey

Education is the first place you should start. Your network security awareness program is probably following a one-year plan, which isn’t the best practice. Programs that follow 90-day plans are more effective, and focus on three topics simultaneously throughout those 90 days.

After your awareness program is in place, start thinking about your network security structure in a different way.

Below are the three secrets of the most highly effective network security programs.

1. Make Sure there is Cooperation Between the Network, Security and Application Teams

Siloing the various teams in your department can stifle your security activities, and keep you from reaching your goals. Network operations staff, the security staff and the application teams should all be communicating fluidly, with 100% of top-tier organizations in the survey citing this as a best practice.

High performing organizations are 9x more likely than others to be using integrated visibility tools already, and they’re 4x as likely to be using integrated security tools in conjunction.

Communication becomes paramount when it comes to reporting. One key factor in running a successful network security program is being able to prove that success. The only way to do so is to collect metrics that reflect this success across the organization.

2. Utilize DNS/DHCP Data to it’s Full Potential

This is a slowly growing but serious differentiator between effective and mediocre security departments. According to the survey, close to half of top-tier organizations use DNS/DHCP data to discover other new devices, compared to zero other contenders.

Not only are they tracking and utilizing the data, but they’re 3x as likely to use DNS logs for security purposes.

3. Commit to the Continual Use of Intelligence

The most successful organizations have a mechanism in place that forces them to commit to security intelligence. They’re 6x as likely to have deployed an SIEM, and 4x as likely to invest in machine-readable threat intelligence.

In addition to intelligence commitment, they’re 6x as likely to use automated tools that alert them to new devices appearing on the network.

Keep in mind some of these changes when building your network security program certain best practices could not only set you apart from the rest, but save your organization it’s reputation, and hundreds of thousands in damages.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

 

meganmorreale-headshot

Megan has been writing about enterprise technology, data, infosecurity and environmental technology for several years. Tweet her @MeganRoseM, or check out her blog: www.meganmorreale.com.