November 30, 2020 By Sue Poremba 3 min read

This is the first piece in a series about education security challenges in 2020-2021.

Education has been an underrated and understated hotbed for cybersecurity threats. School officials and security teams are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants and contractors, but also their health and financial data. These issues have always been security threats. But, the pandemic has shifted the emphasis on data security in schools.

Security threats to schools now include protecting school networks from malware. And, these attacks become more relevant as students and faculty connect from home. Hijacked video services and bring-your-own-device type issues are also possible as devices are transferred between home and the classroom for hybrid learning. 

“Unless students, teachers and administrators are IT experts, it’s not out of the realm of possibility that they have had malware introduced to their device,” Doug Levin, head of EdTech Strategies and former director of the State Educational Technology Directors Association, told eSchool News. “If you got your router from Best Buy or the cable company, you might not have changed the settings on it. Bad guys know that, and they look for devices they can compromise.”

Data Security in Schools in a Chaotic Time

Academia across all levels has embraced digital transformation for this school year. Even the youngest children are using connected devices. While students may seem like they were born with gadgets in their hands, this may be the first time many of them are using a computer for something other than gaming. Unfortunately, the one lesson they aren’t being taught is how their behavior impacts cybersecurity and can hurt data security in schools. And, they may not be given basic awareness lessons about data security in schools because teachers may also be unaware of the basic problems and how to prevent them. 

Types of Security Risks That Threaten School Computers

School leaders and IT departments are tasked with ensuring faculty and students have access to the data they need to learn while adding solutions to make sure that access is siloed for specific users. They also need to be on top of data security in schools and attacks that threaten school computers.

Ransomware

Ransomware has been an issue for many schools that have instituted a work-from-home or hybrid model, taking down school networks for hours or days. This style of attack isn’t new; more than 500 schools have been targeted by ransomware — and that was before schools moved to remote learning in the pandemic.

The best option for protecting yourself from a ransomware attack is to put together a plan that includes easily accessed backup data stored in an outside location, like the cloud or an external hard drive.

Internet Connection Problems

A lot of students struggle with basic connection issues. Even college students have struggled with login issues and lockouts due to forgotten passwords. When students can’t log into their virtual classroom or to dashboards that organize coursework, they fall behind. Encourage older students to use password management systems. Meanwhile, younger children can have clear written instructions on how to access their classroom on their own. Leaders should make sure IT support exists for students (and teachers) so they can easily and quickly engage with data security in schools.

Zoom Bombing

Perhaps the threat that looms the largest for remote learning is the so-called “Zoom bombing,” when an uninvited visitor hijacks a video conference. Waiting room options will keep intruders out, but teachers may not use the option because it takes a lot of time to approve hundreds of students in a large lecture class, handle students entering after class starts or letting them in again when an overwhelmed network drops off. Intruders in these calls have access to intellectual property and more. For threat actors, it is an inviting way to break in and breach data security in schools.

Teachers should use unique IDs for each classroom meeting whenever possible, rather than using their personal ID. Teachers should also be the first one in the meeting, so turn off the feature that allows guests to enter before the host. This will prevent unwanted actors from entering the virtual classroom. Once everyone is in class, teachers should then lock the virtual door.

In addition, any time a teacher is using the shared screen option, they should close browser tabs and programs to limit what attendees can see on the screen. Never share students’ personal data.

The Future of Data Security in Schools

These new threats to cybersecurity in schools are here to stay. Maybe one day remote learning will end. For now, since schools have a taste of digital transformation, expect to see it stay, too. Across the country, school boards are working through remote learning to avoid weather cancellations and COVID-19 outbreaks. Meanwhile, digital books and learning tools are less expensive and more current than paper textbooks. Leadership will need to find ongoing solutions to cybersecurity problems.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today