At New Madinah College, we take cyber security very seriously, especially considering the digital learning environment we offer to our students. In line with best practices, led by the IT Manager, we have and will continue to implement a comprehensive cyber security strategy that aligns with the Australian Signals Directorate (ASD) recommendations. These strategies aim to protect the college’s infrastructure, staff, and students from a range of cyber threats, including targeted cyber intrusions, ransomware, and insider threats.
Prioritising Cyber Security Mitigation Strategies
The first step in our approach is a thorough identification of our assets and a detailed risk assessment. We’ve classified the level of protection required to mitigate various threats and have involved the school’s leadership and board to ensure we have the support, financial resources, and skilled personnel needed to succeed.
Our strategy focuses on protecting sensitive data, particularly those accessed by our staff and systems most exposed to the internet. The mitigation plan includes protections against advanced persistent threats, ransomware, and insider risks by following ASD’s ‘Essential Eight’ framework.
Mitigation Strategies for Different Cyber Threats
- Targeted Cyber Intrusions: These include advanced persistent threats where external adversaries attempt to steal sensitive data. To counter this:
- We’ve implemented application control to prevent unapproved programs from executing.
- Systems are patched regularly to ensure vulnerabilities are addressed within ASD’s recommended 48-hour window.
- Multi-factor authentication has been rolled out across critical systems to reduce unauthorized access risks.
- For web and email security, we filter content and attachments and restrict access to websites that do not meet reputation standards.
- Ransomware and Data Destruction: To prevent ransomware attacks and data loss:
- Regular backups are taken, stored securely offline, and tested frequently to ensure recoverability.
- The same essential malware prevention strategies are applied, ensuring that ransomware cannot gain access to our network or critical data.
- Network segmentation is implemented to limit the movement of malware between systems.
- Insider Threats: Malicious insiders pose a serious risk to the college’s data security. To mitigate these risks:
- Personnel management processes have been enhanced to include ongoing vetting for high-risk users, especially those with administrative privileges.
- Outbound data monitoring ensures that sensitive information isn’t leaked through email or web traffic.
- All system access and activity logs are monitored continuously, enabling prompt response to any suspicious behaviour.
The Essential Eight: Cyber Security Baseline
New Madinah College is committed to implementing the ASD’s Essential Eight mitigation strategies as a baseline for cyber security. These include:
- Application Control: Restricting the execution of malicious or unapproved programs.
- Patching Applications: Ensuring all applications are up to date to avoid vulnerabilities.
- Configuring Macro Settings: Blocking macros from untrusted sources in Microsoft Office documents.
- User Application Hardening: Disabling unnecessary features and blocking risky content.
- Restricting Administrative Privileges: Limiting the use of high-level accounts to reduce the impact of any potential breach.
- Patching Operating Systems: Keeping all systems up to date with the latest security updates.
- Multi-factor Authentication: Enhancing the security of all sensitive systems and accounts.
- Daily Backups: Ensuring data can be recovered in the event of a ransomware attack or other incident.
Ongoing Security and Response Measures
In addition to the Essential Eight, New Madinah College employs further mitigation strategies to ensure that threats are detected and responded to quickly:
- Incident Detection: Continuous monitoring of system logs and network traffic helps detect potential breaches early.
- Business Continuity: In the event of a major cyber incident, our disaster recovery plans ensure that critical systems are quickly restored, minimising downtime for our students and staff.
Protecting the Future of New Madinah College
The cyber threat landscape is constantly evolving, and so must our security practices. Our IT Manager is not only focusing on technology but also on education, ensuring that our staff and students understand their role in maintaining cyber security. Training sessions are regularly held to raise awareness of phishing attacks, password best practices, and safe internet usage.
By adhering to ASD’s prioritised mitigation strategies, New Madinah College is ensuring the safety of its digital environment. The implementation of these strategies will be continually tested and improved upon to maintain a robust security posture, safeguarding the education of our students.
New Madinah College’s commitment to cybersecurity ensures that we remain resilient against the ever-growing and changing threats in today’s digital landscape. Through careful planning, strategic investment, and continuous improvement, we strive to provide a secure learning environment for all our students and staff.