Light Dark
November 30, 2020 By Sue Poremba 3 min read
Data Protection
Security Services

This is the first piece in a series about education security challenges in 2020-2021.

Education has been an underrated and understated hotbed for cybersecurity threats. School officials and security teams are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants and contractors, but also their health and financial data. These issues have always been security threats. But, the pandemic has shifted the emphasis on data security in schools.

Security threats to schools now include protecting school networks from malware. And, these attacks become more relevant as students and faculty connect from home. Hijacked video services and bring-your-own-device type issues are also possible as devices are transferred between home and the classroom for hybrid learning. 

“Unless students, teachers and administrators are IT experts, it’s not out of the realm of possibility that they have had malware introduced to their device,” Doug Levin, head of EdTech Strategies and former director of the State Educational Technology Directors Association, told eSchool News. “If you got your router from Best Buy or the cable company, you might not have changed the settings on it. Bad guys know that, and they look for devices they can compromise.”

Data Security in Schools in a Chaotic Time

Academia across all levels has embraced digital transformation for this school year. Even the youngest children are using connected devices. While students may seem like they were born with gadgets in their hands, this may be the first time many of them are using a computer for something other than gaming. Unfortunately, the one lesson they aren’t being taught is how their behavior impacts cybersecurity and can hurt data security in schools. And, they may not be given basic awareness lessons about data security in schools because teachers may also be unaware of the basic problems and how to prevent them. 

Types of Security Risks That Threaten School Computers

School leaders and IT departments are tasked with ensuring faculty and students have access to the data they need to learn while adding solutions to make sure that access is siloed for specific users. They also need to be on top of data security in schools and attacks that threaten school computers.

Ransomware

Ransomware has been an issue for many schools that have instituted a work-from-home or hybrid model, taking down school networks for hours or days. This style of attack isn’t new; more than 500 schools have been targeted by ransomware — and that was before schools moved to remote learning in the pandemic.

The best option for protecting yourself from a ransomware attack is to put together a plan that includes easily accessed backup data stored in an outside location, like the cloud or an external hard drive.

Internet Connection Problems

A lot of students struggle with basic connection issues. Even college students have struggled with login issues and lockouts due to forgotten passwords. When students can’t log into their virtual classroom or to dashboards that organize coursework, they fall behind. Encourage older students to use password management systems. Meanwhile, younger children can have clear written instructions on how to access their classroom on their own. Leaders should make sure IT support exists for students (and teachers) so they can easily and quickly engage with data security in schools.

Zoom Bombing

Perhaps the threat that looms the largest for remote learning is the so-called “Zoom bombing,” when an uninvited visitor hijacks a video conference. Waiting room options will keep intruders out, but teachers may not use the option because it takes a lot of time to approve hundreds of students in a large lecture class, handle students entering after class starts or letting them in again when an overwhelmed network drops off. Intruders in these calls have access to intellectual property and more. For threat actors, it is an inviting way to break in and breach data security in schools.

Teachers should use unique IDs for each classroom meeting whenever possible, rather than using their personal ID. Teachers should also be the first one in the meeting, so turn off the feature that allows guests to enter before the host. This will prevent unwanted actors from entering the virtual classroom. Once everyone is in class, teachers should then lock the virtual door.

In addition, any time a teacher is using the shared screen option, they should close browser tabs and programs to limit what attendees can see on the screen. Never share students’ personal data.

The Future of Data Security in Schools

These new threats to cybersecurity in schools are here to stay. Maybe one day remote learning will end. For now, since schools have a taste of digital transformation, expect to see it stay, too. Across the country, school boards are working through remote learning to avoid weather cancellations and COVID-19 outbreaks. Meanwhile, digital books and learning tools are less expensive and more current than paper textbooks. Leadership will need to find ongoing solutions to cybersecurity problems.

 |  | 
Sue Poremba

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature