Light Dark
November 30, 2020 By Sue Poremba 3 min read
Data Protection
Security Services

This is the first piece in a series about education security challenges in 2020-2021.

Education has been an underrated and understated hotbed for cybersecurity threats. School officials and security teams are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants and contractors, but also their health and financial data. These issues have always been security threats. But, the pandemic has shifted the emphasis on data security in schools.

Security threats to schools now include protecting school networks from malware. And, these attacks become more relevant as students and faculty connect from home. Hijacked video services and bring-your-own-device type issues are also possible as devices are transferred between home and the classroom for hybrid learning. 

“Unless students, teachers and administrators are IT experts, it’s not out of the realm of possibility that they have had malware introduced to their device,” Doug Levin, head of EdTech Strategies and former director of the State Educational Technology Directors Association, told eSchool News. “If you got your router from Best Buy or the cable company, you might not have changed the settings on it. Bad guys know that, and they look for devices they can compromise.”

Data Security in Schools in a Chaotic Time

Academia across all levels has embraced digital transformation for this school year. Even the youngest children are using connected devices. While students may seem like they were born with gadgets in their hands, this may be the first time many of them are using a computer for something other than gaming. Unfortunately, the one lesson they aren’t being taught is how their behavior impacts cybersecurity and can hurt data security in schools. And, they may not be given basic awareness lessons about data security in schools because teachers may also be unaware of the basic problems and how to prevent them. 

Types of Security Risks That Threaten School Computers

School leaders and IT departments are tasked with ensuring faculty and students have access to the data they need to learn while adding solutions to make sure that access is siloed for specific users. They also need to be on top of data security in schools and attacks that threaten school computers.

Ransomware

Ransomware has been an issue for many schools that have instituted a work-from-home or hybrid model, taking down school networks for hours or days. This style of attack isn’t new; more than 500 schools have been targeted by ransomware — and that was before schools moved to remote learning in the pandemic.

The best option for protecting yourself from a ransomware attack is to put together a plan that includes easily accessed backup data stored in an outside location, like the cloud or an external hard drive.

Internet Connection Problems

A lot of students struggle with basic connection issues. Even college students have struggled with login issues and lockouts due to forgotten passwords. When students can’t log into their virtual classroom or to dashboards that organize coursework, they fall behind. Encourage older students to use password management systems. Meanwhile, younger children can have clear written instructions on how to access their classroom on their own. Leaders should make sure IT support exists for students (and teachers) so they can easily and quickly engage with data security in schools.

Zoom Bombing

Perhaps the threat that looms the largest for remote learning is the so-called “Zoom bombing,” when an uninvited visitor hijacks a video conference. Waiting room options will keep intruders out, but teachers may not use the option because it takes a lot of time to approve hundreds of students in a large lecture class, handle students entering after class starts or letting them in again when an overwhelmed network drops off. Intruders in these calls have access to intellectual property and more. For threat actors, it is an inviting way to break in and breach data security in schools.

Teachers should use unique IDs for each classroom meeting whenever possible, rather than using their personal ID. Teachers should also be the first one in the meeting, so turn off the feature that allows guests to enter before the host. This will prevent unwanted actors from entering the virtual classroom. Once everyone is in class, teachers should then lock the virtual door.

In addition, any time a teacher is using the shared screen option, they should close browser tabs and programs to limit what attendees can see on the screen. Never share students’ personal data.

The Future of Data Security in Schools

These new threats to cybersecurity in schools are here to stay. Maybe one day remote learning will end. For now, since schools have a taste of digital transformation, expect to see it stay, too. Across the country, school boards are working through remote learning to avoid weather cancellations and COVID-19 outbreaks. Meanwhile, digital books and learning tools are less expensive and more current than paper textbooks. Leadership will need to find ongoing solutions to cybersecurity problems.

 |  | 
Sue Poremba

More from Data Protection
December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

December 3, 2024

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature