Hills Grammar School and Sekuro forge ongoing cyber security partnership
HIGHLIGHTS
Challenge
- Managing the cyber security footprint of multiple stakeholders, including staff, students, and various endpoint devices, was difficult for a small team whose core focus was needed on infrastructure and development.
- No centralised structure or funding for independent schools to approach cyber security meant the Hills Grammar School ICT team had to make its own decisions with its own resources, without economies of scale.
Solutions
- Sekuro Cyber Resilience Program ensures an ongoing and elevated cyber security posture which includes consistent vulnerability patching and risk mitigation.
Outcomes
- Hills Grammar is considered a leader in cyber security risk mitigation in education, due to its solid data protection policies, firewall implementation, and sophisticated network segregation.
- An ongoing partnership earmarked by continuous improvement of security maturity through education and optimisation by Sekuro.
“The team at Sekuro are so professional and easy to work with. They give me great confidence in their thoroughness and always go above and beyond. I have and will continue to recommend Sekuro to others in my network.”
– Marcus Claxton, ICT Manager at Hills Grammar.
The Story
For hackers, the education sector is typically seen as a soft target, because many schools do not have the resources to secure their systems in the same way as larger corporations or government entities. With some high-profile ransomware attacks at similar schools over the past few years, Marcus Claxton, ICT Manager at Hills Grammar School, was determined to set up his school for success.
Visibility and protection over various networks were another challenge for Hills Grammar School. With each student group and staff members having their own VLAN, plus the prevalence of Bring Your Own Device (BYOD) in the education sector overall in recent years, password education, firewalls, and data protection were all top concerns that required ongoing consultation to manage.
“I was looking for a partnership — that was a key thing,” says Claxton. “I didn’t just want someone selling me products and services. The partnership aspect was very important.”
Acting within the constraints of its budget, and the challenge and opportunity brought by the independence to make all cyber security decisions, Claxton knew an external and consultative approach was his best bet.
Hills Grammar School
Hills Grammar School is an independent school in New South Wales with more than 1,000 students from preschool to Year 12.
As a fully independent and non-sectarian school, Hills Grammar School is left in charge to make decisions about its entire IT system, including cyber security. When he first began at Hills Grammar School four year ago, ICT Manager Marcus Claxton’s first agenda item was to conduct a pen test, kickstarting a broader cyber security optimisation program for the school. He selected Sekuro to do this, beginning a fruitful partnership spanning data protection, vulnerability assessments, and ongoing consultation.
Our Solution for Hills Grammar
When Claxton first engaged Sekuro, an internal/external penetration test and a vulnerability assessment were conducted immediately to interrogate the ICT system. The Sekuro team then undertook a complete cyber optimisation and maturity assessment. It informed Claxton about what his ICT team needed to do over the next 12 months, as well as where they would prioritise their budgets. It made sure any vulnerabilities were patched or mitigated.
Claxton meets with the team at Sekuro once per week and receives timely replies to his email inquiries. The arrangement, which is at once delivered as a partnership and ‘as-a-service,’ is ideal for the needs of Hills Grammar School’s ICT team. Each week brings a different activity and outcome, such as a simulated phishing attack (where Claxton can then present the findings at the School’s Director’s meeting), or establishing multi-factor authentication (MFA) for staff.
Outcomes
In Claxton’s words, he wouldn’t be able to afford (nor does he necessarily have need for) a full-time security engineer within his small team of six.
“To be able to spend less than that salary and get a consultative expert instead is exactly what we need. Having someone always thinking about cyber security and keeping us informed of what’s happening in the industry, and new things to be aware of, is so helpful,” he says.
In addition to the direct benefits aiding Claxton’s ICT team, an important outcome across Hills Grammar School staff was cyber security education through information and knowledge sharing. Sekuro provides Hills Grammar School with an ongoing series of educational newsletters distributed around the school to keep everyone updated on the latest cyber security concerns and developments, and managed to reduce the staff open rates of their phishing simulations by more than 90%.
Hills Grammar School is considered a leader in cyber security risk mitigation in education, due to its solid data protection policies, firewall implementation, and sophisticated network segregation. The ICT team uses the advice and information from Sekuro to present quality information to the School’s Directors and Councils, and Claxton says the team’s profile internally has been substantially raised and newly valued since working with Sekuro.
Sekuro #clientforlife
Sekuro’s Cyber Resilience Program (CRP) acts as an extension of your security team. These services are carried out by skilled and certified security experts.