The move to remote learning forced K-12 school districts to act quickly to ensure that learning could continue even beyond the walls of the classroom. And for nearly a year, the education industry has relied on technology to power remote and hybrid learning.
But with that shift has come heightened cybersecurity risks and even more challenges in protecting students, staff, and school data.
Three Cybersecurity Concerns of K-12 Remote Learning
As students, teachers, and staff spend even more time online, often outside of the classroom walls, they are increasingly vulnerable to online security threats—and so is your network. For cybercriminals, this shift has been a prime opportunity to exploit those vulnerabilities, with cyberattacks against K-12 schools surging during the 2020 back-to-school season.
As we work with K-12 schools to address these cybersecurity challenges, we’ve seen a few particular security concerns become even more prevalent during this time of remote and hybrid learning:
- Personal and/or inappropriate use of school-issued devices is a risk to your users and your network. With students, teachers, and staff spending more time at home, those school-issued laptops, iPads, and Chromebooks have taken on double duty. Whether it’s browsing YouTube, reading and downloading attachments from personal email, shopping online, clicking ads, or chatting with friends and family, personal use of school devices subjects your school’s network to all of a student or teacher’s online activity—and the risk that comes with every click.
In some cases, this activity may also include inappropriate searches or content, which are a risk to the end-user as well as to the school network. The lack of supervision, oversight, and visibility into how students and staff are using their devices may result in more risky online behaviors than would occur during in-person teaching and learning.
- Another threat to your user’s security? Cyberbullying and self-harm. This lack of supervision and visibility can also be a risk when it comes to students’ mental and physical safety and wellbeing.
A study performed by L1ght in April 2020 found that following the move to remote learning, there was a 70% increase in hate between kids and teens during online chats. And because teachers and staff have less visibility into student communications and interactions taking place online, incidents of cyberbullying and warning signs of thoughts of self-harm may be going unnoticed.
These student safety concerns are being echoed even at the state level and beyond. Recent legislation such as House Bill 123 in Ohio requires schools to take measures to monitor and provide hotline resources for threats against the students or the school, cyberbullying, and indicators of self-harm or suicidal thoughts.
- Malware can cause widespread data loss and disruption. Malware attacks often target educational institutions and their vast databases of valuable, confidential student and staff data. While there are many types of malware, ransomware is on the rise as one of the most prolific and significant threats. In a ransomware attack, a cybercriminal infiltrates the victim’s network and copies and encrypts their data, holding it until the ransom is paid.
And these criminals have their sights set on the educator sector. As of February 2021, Microsoft was reporting that education was by far the industry most affected by ransomware, with more than 6 million ransomware encounters in just the previous 30 days.
Unfortunately, we’re seeing the real-world damage of this particular cyber threat all too often in the news, with districts across the country suffering breaches and falling victim to ransomware. So, how can your district avoid the same fate?
Reinforce Your Virtual Walls to Protect Your Users and Your Network
When we talk with schools about their cybersecurity programs, we recommend implementing a multi-layered approach to build their defenses. In a multi-layered approach, each component of your cybersecurity plan has a backup to counter any flaws or gaps.
Below are key security layers you need to protect your students, staff, and data.
- Antivirus software (or “AV”). Antivirus software is a go-to tool to prevent, detect, and remove viruses and other forms of malware. But don’t fall for the common misconception—antivirus software alone is not enough to protect your network and user from the rapidly growing and evolving cyber threat landscape. Rather, think of it as the foundation upon which to build your other security layers.
- Firewalls. A firewall monitors incoming and outgoing network traffic based on a set of rules, acting as a barrier between a trusted network and an untrusted network and only allowing into your network traffic that has been defined in the firewall policy. Firewalls are most effective when paired with strong content filtering solutions.
- Web content filtering. Web filtering software protects students and staff from accessing objectionable, inappropriate, or harmful content. Schools often have on-premises web filters in place, but for remote and hybrid learning, cloud-based web filtering can also be implemented across devices.
- Email filtering. Similarly, email filtering tools prevent known threats as well as suspicious messages from landing in your users’ inboxes. These tools can also block specific words, phrases, or senders.
- Self-harm alerts. In addition to blocking inappropriate content, web filtering software can also monitor for signs of cyberbullying, violence, self-harm, and suicide.
- Mobile device management. Even before the pandemic, K-12 schools were grappling with how to manage and secure the scores of mobile devices being used to access the school network and share school information. With a sharp rise in mobile device usage in the age of remote and hybrid learning, mobile device management (MDM) becomes an even more essential security layer, equipping IT leaders with a centralized platform to enable AV and content filtering on mobile devices, set policy controls, push out mobile apps, track and recover lost or stolen equipment, and more.
- Behavioral analytics. These tools monitor all programs on a computer for malicious and suspicious behaviors such as changes to the registry or files being copied and encrypted, which are active signs of malware. Behavioral analytics solutions then block the process(es) and alert your IT administrators to the suspicious behavior, prevent data loss and further damage.
- Backup and disaster recovery. A reliable data backup and disaster recovery solution is the key to getting your school’s operations back up and running after an IT disruption. It can also mitigate the downtime and damage of a ransomware attack by allowing you to restore your data from a backup.
These security layers are critical to your school’s network, user, and data security—no matter where learning is taking place. By building these layers now, you can improve your school’s cyber posture, protect your valuable data, prevent downtime, disruption, and damage from cyberattacks, and more easily adapt your information technology to the changing needs of your district in the future.
Is your network secure against the increased threats from remote learning? Could your security layers stand up to a ransomware attack? Our IT and cybersecurity specialists are here to help you fortify your defenses and protect your users and your network. Contact us to discuss your needs and how your school can take a proactive approach to cybersecurity.