Sensitive data, sensible protections
Chuck Kistler, Senior Network Engineer at Carroll County Public Schools, notes that when it comes to student data, they have a lot of it: “Anything that’s considered private information, we’ll collect and store,” he says. Credentials, logins, web traffic, app use, time on device, any personal information that forms part of a student’s identity relative to other students in the county―all of that data spills in from the wide array of student activities across the district, multiplied by approximately 26,000 students the district serves.
As their IT needs grew and their capacities to meet those needs matured, they implemented several of Microsoft’s security features. Chuck described their process and scope of coverage:
“We've implemented Office 365 anti-phishing with certain users in the organization just because they’ve been hit by other bad actors out in the wild who’ve made random junk email accounts and named it someone that they know about here that is in a high position and can make decisions,” Kistler explains. “So, we scan attachments that come through now, we’ll do safe links. We’ve made rules for incoming email from external domains. We’ve given employees the ability to send secure email by placing a little tag in the email subject line that will send the emails encrypted and, in some cases, auto-send it as encrypted based on an outgoing email address or based on the content.”
According to Steve Bowser, Lead Network Engineer at Carroll County, they’ve added more precautions at the user level.
“Our client systems now all use Window Defender,” he says, “and we’ve integrated Azure Advanced Threat Protection to collect data from machines to look for lateral movement and any other kind of spyware and malware.”
According to Kistler, “We’ve already found a few things. It has found leaked credentials, it’s found bits of malware here and there, bizarre websites or applications that the end user is using, and we can block or enable those from that point forward. We have Azure Information Protection established so we can send that data up to Azure for evaluation. We have all our tenants protected and a bunch of rules to evaluate things that come in, like risky IP and now, if people out in the wild are coming in risky, we can shut them down.“
Security, of course, is never absolute. There are always new attacks, new vulnerabilities, but Kistler and his team are already seeing demonstrable return on the new technologies they’ve implemented. “In the last months I’ve seen more than a few attempts from China,” he adds. “I’ve already seen the numbers go down, and I believe it’s going to go down further.”