This is the first piece in a series about education security challenges in 2020-2021.
Education has been an underrated and understated hotbed for cybersecurity threats. School officials and security teams are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants and contractors, but also their health and financial data. These issues have always been security threats. But, the pandemic has shifted the emphasis on data security in schools.
Security threats to schools now include protecting school networks from malware. And, these attacks become more relevant as students and faculty connect from home. Hijacked video services and bring-your-own-device type issues are also possible as devices are transferred between home and the classroom for hybrid learning.
“Unless students, teachers and administrators are IT experts, it’s not out of the realm of possibility that they have had malware introduced to their device,” Doug Levin, head of EdTech Strategies and former director of the State Educational Technology Directors Association, told eSchool News. “If you got your router from Best Buy or the cable company, you might not have changed the settings on it. Bad guys know that, and they look for devices they can compromise.”
Data Security in Schools in a Chaotic Time
Academia across all levels has embraced digital transformation for this school year. Even the youngest children are using connected devices. While students may seem like they were born with gadgets in their hands, this may be the first time many of them are using a computer for something other than gaming. Unfortunately, the one lesson they aren’t being taught is how their behavior impacts cybersecurity and can hurt data security in schools. And, they may not be given basic awareness lessons about data security in schools because teachers may also be unaware of the basic problems and how to prevent them.
Types of Security Risks That Threaten School Computers
School leaders and IT departments are tasked with ensuring faculty and students have access to the data they need to learn while adding solutions to make sure that access is siloed for specific users. They also need to be on top of data security in schools and attacks that threaten school computers.
Ransomware
Ransomware has been an issue for many schools that have instituted a work-from-home or hybrid model, taking down school networks for hours or days. This style of attack isn’t new; more than 500 schools have been targeted by ransomware — and that was before schools moved to remote learning in the pandemic.
The best option for protecting yourself from a ransomware attack is to put together a plan that includes easily accessed backup data stored in an outside location, like the cloud or an external hard drive.
Internet Connection Problems
A lot of students struggle with basic connection issues. Even college students have struggled with login issues and lockouts due to forgotten passwords. When students can’t log into their virtual classroom or to dashboards that organize coursework, they fall behind. Encourage older students to use password management systems. Meanwhile, younger children can have clear written instructions on how to access their classroom on their own. Leaders should make sure IT support exists for students (and teachers) so they can easily and quickly engage with data security in schools.
Zoom Bombing
Perhaps the threat that looms the largest for remote learning is the so-called “Zoom bombing,” when an uninvited visitor hijacks a video conference. Waiting room options will keep intruders out, but teachers may not use the option because it takes a lot of time to approve hundreds of students in a large lecture class, handle students entering after class starts or letting them in again when an overwhelmed network drops off. Intruders in these calls have access to intellectual property and more. For threat actors, it is an inviting way to break in and breach data security in schools.
Teachers should use unique IDs for each classroom meeting whenever possible, rather than using their personal ID. Teachers should also be the first one in the meeting, so turn off the feature that allows guests to enter before the host. This will prevent unwanted actors from entering the virtual classroom. Once everyone is in class, teachers should then lock the virtual door.
In addition, any time a teacher is using the shared screen option, they should close browser tabs and programs to limit what attendees can see on the screen. Never share students’ personal data.
The Future of Data Security in Schools
These new threats to cybersecurity in schools are here to stay. Maybe one day remote learning will end. For now, since schools have a taste of digital transformation, expect to see it stay, too. Across the country, school boards are working through remote learning to avoid weather cancellations and COVID-19 outbreaks. Meanwhile, digital books and learning tools are less expensive and more current than paper textbooks. Leadership will need to find ongoing solutions to cybersecurity problems.