We conducted a basic cyber hygiene audit of the school’s network and the devices on it. Somethings can’t be disclosed for security purposes. Because if the methods get out its will be easier for threat actors to exploit the system.
Device and Network Security
-
Update Operating System & Software all devices connected to the school’s network are all automatically updated and up to date
-
Use of strong passwords is implemented and MFA
-
Firewall and Antivirus is installed and up to date
-
Encryption in transit but not at rest
-
Can’t disclose how it’s done encryption and security patches
User Access Control
-
Least privilege principle implemented and secure remote access for certain employees and students
Email and Phishing Defense
-
Email Filtering using spam and phishing filters to block suspicious emails
-
DMARC is enabled to prevent email spoofing can’t disclose
Physical Security
-
Secure access to devices (locked doors, restricted access to important rooms such as IDF rooms)
-
Rented Laptops cannot be modified without administrative privileges
(Recently becoming more inflexible as lab employees aren’t allowed to help students download programs of their choice onto rented laptops)
Security Awareness and training
-
There is regular training for work-study and employees
-
Can’t disclose how
Data management and backup
can’t be disclosed
Incident response plan
(Posters put out to inform everyone)
Third party risk management
can’t disclose
Monitor and audit
can’t disclose
Compliance and documentation is implemented
we spoke to the following people during the cyber hygiene audit:
-
Maggie Hemme – Works in the IT Department front desk Bldg ASC, Rm A259
-
Lois Dominguez – Lab Assistant AST bldg.
-
Desiree - Student union bldg. Work Study
-
Jesse Ramirez - bldg. B