How to create a safe virtual school environment

Jim Zuffoletti, CEO of SafeGuard Cyber, on safeguarding students in the ‘new normal’

In the blink of an eye, COVID-19 changed everything for educators – and it promises to affect schools again in the fall. Schools have scrambled to make new virtual classrooms, which come with digital risks. Here’s how to prepare your virtual classroom for the future.

The security implications are serious and far-reaching, but only the beginning of administrators’ challenges. If a school implements a collaboration platform like Microsoft Teams, Slack, or Google Hangouts, it’s responsible for what goes on within it. Schools now face two types of risks: internal and external. Internally, schools must prevent cyberbullying over chat channels, keep up with regulatory compliance, and practice responsible information governance. Externally, schools must continue to combat the threat of bad-actors attacking their networks – ransomware accounts for 80% of malware attacks on educational institutions.

Conduct, compliance and creating safe classrooms

When you digitise an entire school campus, you get the good with the bad, including gossip and harassment. Moreover, if a school procures a digital channel, it’s imperative that administrators ensure it’s a safe space for students. Schools need to be able to catch everything from racist hate speech, harassment, to basic bullying. This becomes incredibly challenging given the sheer volume and velocity of communication in a digital space.

Take the example of a private K-12 school with approximately 1,200 students. In the first 10 days of using Microsoft Teams, students and staff generated more than 124,000 chat messages. We identified 1,989 instances of inappropriate conduct in multiple languages – including 180 mentions of violent activity and 74 references to drug use. Obviously, it’s impossible for any school to effectively sift through more than 10,000 messages per day, so schools must harness the power of machine learning to enforce their policies and flag violations. And it’s not just about student conduct; Prince William County Schools, in Virginia, recently faced scrutiny for their superintendent’s conduct and conversations with students on Twitter, and part of the investigation calls for sifting through over 10,000 private messages, at a cost of nearly US$9,000.

The digital revolution presents schools with three additional problems: visibility, compliance and record keeping. How do schools monitor and identify bad behaviour in channels they can’t see? Additionally, teachers aren’t cybersecurity professionals – we’ve caught them accidentally sharing students’ data in ways that violate PII and FERPA regulations. Of course, it’s a lot to ask teachers to become cybersecurity experts, but keeping my child’s personal information secure isn’t a lot to ask for. Last: how do schools ensure that records are being kept compliantly long-term? Many school systems are required to keep a permanent student behaviour record. Administrators should ensure digital records are organised, secure and easily searchable in the event that records are needed for conflict mediation.

External threats

Even before COVID, schools were ideal targets for cyber criminals: they’re soft targets, very reliant on technology, and hold a lot of sensitive information. This should be alarming. Harmless actions like sharing links or files in an official collaboration channel can open the door for outside-in traffic. The same school system cited above saw seven indications of malware in attachments or links in the first 10 days.

What’s more concerning is that education is the only sector where malware is distributed more via websites than email, meaning ransomware is being spread through personal email accounts, and students accessing malicious sites. Schools can no longer afford to only protect what’s within their networks – these new threat vectors require a new approach to managing digital risk, by extending visibility and empowering immediate defensive action.

Schools are responsible for the technology they employ. During COVID-19 closures, school systems did what they’ve always done and pivoted quickly while prioritising student success. Schools are maintaining and building communities with things like virtual trivia nights or opening Zoom classrooms a few minutes early so students can chat with their friends. Unfortunately, without proper digital risk protection, schools will continue to be plagued by preventable, internal issues while bad actors continue to eat up valuable time and resources with cyber threats.

You might also like: Cybersecurity for educational institutions – it’s always exam time


Leave a Reply

Free live webinar & QA

Blended learning – Did we forget about the students?

Free Education Webinar with Class

Wednesday, June 15, 11AM London BST

Join our expert panel as we look at what blended learning means in 2022 and how universities can meet the needs of ever more diverse student expectations.