Cyber Security 

Dedham Public Schools’ Cyber Security Summary

Professional development

Dedham Public Schools understands that staff professional development is critical to improve data and cyber security. Over the past three years security training has focused on phishing awareness through testing and training and secure logins including multi-factor authentication and passphrase/password complexity.

Protocols around installs

Software Installation is restricted to system administrators only. Administrative credentials are required for installation and removal of software.  Staff members can install software that does not modify core system files. Installation is monitored by our endpoint protection software and system logs. The endpoint protection software will stop any inappropriate installation of software.

Updating hardware, firmware, software

Hardware and software is updated on a regular basis to protect technology infrastructure from system vulnerabilities. Consistent updates and replacements through regular planning reduce chances of exploits and maximize productivity.

Unified Threat Management

Network traffic is monitored and protected by next-generation unified threat management devices and an endpoint protection software which combine to provide comprehensive protection dealing with network traffic in and out of our system.  

Monitoring and auditing

Network traffic and access are monitored and logged for assessment purposes. When an incident has occured, network logs are used to investigate the cause and used to prevent future occurrence. Network and systems penetration testing (pen tests) are also performed to gauge how secure technology systems are against intrusion. These tests help to identify potential gaps in security and close these. 

Backups

Servers hosting applications and files are backuped regularly to ensure critical data is safe; these are automated and checked regularly. Data is copied, transported, and stored at appropriate offsite secure storage locations. Generations of backuped data to ensure proper and sufficient restore points. Data encryption is applied to the backup files to prevent hijacking of the data. Restoration processes are checked regularly to ensure recovery will work if needed.