Schools Need To Protect Their EdTech Investments
Back-to-school season is here, and with it comes the overwhelming nature of preparations. Teachers are busy setting up classrooms, creating lesson plans, and getting to know their new students. In the midst of all this, it's easy to forget about something as important as security. But cyberattacks are on the rise, and schools and educational institutions are a major target. Therefore, it's more important than ever for educators to be aware of the risks and take steps to protect their students and themselves.
This article will focus on cloud security for school educators, but the information can be applied to any eLearning environment and platform. We'll discuss the importance of cloud security training, and provide tips for educators on how to protect their students and their data.
Why Cloud Security Training Is Important In Educational Institutions
Big tech organizations have long been trying to capture a new generation of users by targeting educational institutions. Google’s Chromebook laptops are hugely popular for this reason–the simplicity of deploying them in classrooms. Similarly, less than ten years ago, Microsoft launched Microsoft 365 Education for institutions. These developments are beneficial, but putting more cloud-connected devices in the hands of students and teachers comes at a risk. And it is for the following reasons that cloud security training in educational institutions has become a frontline issue:
1. Schools Are Now A Leading Target For Cyberattacks
According to a research study, 80% of schools suffered ransomware attacks in 2022, up from 56% in 2021 [1]. Even more worrying, the sophistication of the attacks was relatively low, according to Chester Wisniewski, a cybersecurity research lead. Most schools fail to meet the elevated level of safeguards that major banks and technologies, having learned from experience, are obligated to implement. Plus, schools are more willing to dole out ransom payments to retrieve their data, a move that eventually backfires.
2. Children Are Involved, And They Are Vulnerable
It’s not just universities and colleges that suffer attacks, K-12 schools are also major victims, with the common modes of attacks besides ransomware being phishing, DDoS attacks, video conferencing disruptions, and so on [2]. The financial costs of these attacks can go from a few thousand dollars up to millions, and learning losses of anything from three days to three weeks on average occur. Even upon resumption of learning, it can take up to nine months for the school system to recover.
Now, imagine the number of students who become victims of these attacks and how they are affected. Minors are among the most vulnerable groups in society and leaving their data without adequate protection should be unacceptable.
3. The Need To Safeguard Academic Research
At higher levels of education, cyberattacks not only cause lesson disruptions but also jeopardize academic research and threaten proprietary knowledge owned by colleges and other institutions. For instance, information about human subjects of research studies, which are ideally kept private and anonymous, could become compromised through an attack, violating the privacy of the research volunteers. Besides its impacts on the lives of the volunteers, it may also affect the college’s chances of attracting funding.
Security Awareness Training For Educators
First, for schools and educational platforms to turn the tide in their favor, they must adopt a more proactive approach to cybersecurity. This will involve collaborating with cloud service providers to ensure that their priorities align. Also, there needs to be a clear understanding of the shared responsibility model, and educators must rise to their role in safeguarding their eLearning environments. Here are some of the areas that deserve attention when developing a security awareness training program for educators:
1. Device Management As A Service
DMaaS implementation helps to safeguard school-owned or student-owned devices and seamlessly enforce security requirements as stated in the BYOD policy. According to the CEO of Radix, Michael Shoham, a provider of device management solutions, "Schools are investing a lot of money in EdTech hardware and software to support their digital transformation initiatives and should protect their investments using centralized remote management tools."
2. Basic Security Measures
Often, a high level of security can be achieved simply by adhering to basic security hygiene. This means using strong passwords to lock accounts, not reusing passwords, multifactor authentication, and so on. These requirements should be enforced, and educators should be trained to imbibe a culture of security awareness.
3. Compliance
Educators must be aware of the various compliance requirements issued by governments and authorized organizations. In the US, the Family Educational Rights and Privacy Act (FERPA) defines rules for protecting the sensitive data of minors [3]. With the influence of the European General Data Protection Regulation (GDPR), governments around the world are tightening their data privacy requirements [4].
4. Access Control
Various kinds of data have differing levels of sensitivity, with students’ data and proprietary knowledge higher up on the list than the others. Schools need to do a better job at implementing strong access control, especially using a zero-trust model. At the most basic level, educators should understand data-sharing principles.
5. Third-Party Risk
Cloud security is an area of technology where third-party risk is particularly exacerbated. A school may do all it takes to secure its systems only for a vendor’s poor defenses to compromise them. Security protocols must also be enforced for all vendors and partners to erase all blind spots.
6. Incident Response
At the end of the day, security breaches are not entirely avoidable. So, while proactively trying to prevent breaches, educators must also be armed with knowledge of what to do if one happens. Protocols for reporting suspicious activities, logging information about breaches, etc., must be set.
Conclusion
As schools get back into academic work fully now and in the coming months, educators must make renewed commitments to safeguarding their students and their eLearning environments by adhering to high cloud security standards.
References:
[1] Schools Are Now the Leading Target for Cyber Gangs as Ransom Payments Encourage Attacks
[2] As Cyberattacks Increase on K-12 Schools, Here Is What’s Being Done
