The COVID-19 pandemic has transformed the educational landscape. Classes, assignments and discussions are no longer taking place in-person; they are taking place via Microsoft Teams or Slack. Cloud channels such as these come with unique security demands, and place new pressures on cybersecurity in schools.
The 2020 Data Breach Investigations Report from Verizon painted a concerning picture for the education sector. According to the report, the sector receives “a failing grade in phishing reporting practices . . . Only 24% of organizations had any phishing reporting at all.” Furthermore, the report revealed, ransomware is “really taking hold of education vertical incidents, and has been responsible for 80% of malware-related incidents, up from 48% last year.”
Statistics like these presented a challenge to cybersecurity teams attempting to secure digital technology in schools before the COVID-19 crisis. Now, in the wake of the crisis, those stats are more worrying than ever. Suddenly, despite the challenges described by the Verizon report, schools have been forced to adopt online education tools virtually overnight.
In cybersecurity, rapidly introducing new digital technologies without the adequate protections in place is a dangerous move. Baked-in vulnerabilities are all but guaranteed. Optimizing cybersecurity in schools requires safeguarding systems and networks from threats that were growing in severity even before the COVID-19 crisis – but are now more acute than ever.
The present cybersecurity challenges of digital technology in K12 education has two key components:
- The volume and velocity of digital communications. There is a massive amount of communications data being generated every day. Even a modest-sized school can generate hundreds of thousands of messages per week on its Microsoft Teams instance.
- A lack of visibility. Students and teachers alike are messaging one another on channels like Slack, Microsoft Teams, and Twitter. But schools have no view into the content of those messages, and so they have no way to catch issues and threats. This can be a real issue. Currently, a Virginia school division’s superintendent is facing allegations that he sent inappropriate DMs to students via his Twitter account.
Combined, these two factors leave schools vulnerable to various threats:
- Bad actors can compromise or hijack the accounts of students and teachers to infiltrate collaboration platforms and jeopardize cybersecurity in schools.
- Malicious links, potentially infected with malware, can spread into a network via students’ or teachers’ home networks. This threat is multi-channel; as the Verizon report revealed, education is “the only industry where malware distribution to victims was more common via websites than email.”
- Cyberbullying can take place without school security teams being able to spot it.
- The careful records needed for compliance and audit are impossible to generate.
Typically, schools don’t operate with large information security budgets or teams. For this reason, they tend to de-prioritize threat intelligence in favor of Endpoint Protection Platforms (EPP) and Digital Risk Protection (DRP). These tools allow security teams to take action, rather than simply detect risks. Fortunately, this recent trend is a positive one. To ensure the security of digital technology in K12 education, institutions need to continue to move in this direction. They need to secure both the devices and the applications that live on those devices.
A Success Story: A Private K12 School with 1,200 students
To safely use third-party cloud channels, schools need secure, cloud-level defenses. Machine learning allows organizations to scan for Indicators of Compromise (IoC) and Indicators of Attack (IoA), around the clock. Crucially, they need the power to not only detect threats, but to neutralize them.
A proactive stance for cybersecurity in schools can produce powerful results. A private K12 school with 1,200 students became a SafeGuard Cyber user. They had recently moved over to Microsoft Teams to enable online learning. In ten days, students generated nearly 125,000 chat messages. The SafeGuard platform scanned all of these messages, and caught nearly 2,000 instances of inappropriate conduct, including 180 mentions of violent activity and 74 references to drug use. Seven instances of malware lurking in shared files were also intercepted.
This is what a comprehensive digital risk protection platform can achieve. While an endpoint solution intercepts malware at the device level, a DRP tool can intercept and quarantine problematic messages within the apps that live on those devices. Together, the platforms can provide teams with comprehensive information on the actors involved, malware family, indicator IDs, and so on.
Blessed with this new visibility, schools can also detect inappropriate conduct, such as obscene language or violent speech. A DRP platform can catch any signs of digital harassment or cyberbullying, as well as potential violations of FERPA, PII, or other regulatory frameworks.
Securing the Future of Digital Education
The pressures of the COVID-19 crisis will eventually abate. But the millions of schools that underwent a hurried and wholesale digital transformation won’t be unwinding from this new normal. The third-party cloud channels are here to stay, and digital technology in schools will only become more central to how educational institutions operate.
Infosec staff at educational institutions are understandably in a bit of a headspin about their new cybersecurity situation. However, with the right technologies, the virtual campus can be comprehensively protected. When endpoint protection is combined with a powerful digital risk protection platform, the threat level is dramatically reduced, and cybersecurity in schools becomes stronger than ever.