Securing digital school environments

Jim Zuffoletti, CEO of SafeGuard Cyber, talks cybersecurity in this new age of education

Educational institutions have been facing digital transformation pressures for a number of years. However, the COVID-19 crisis has rapidly accelerated digital transformation timelines. Suddenly, schools were forced to adopt online education tools faster and with more urgency than ever before. In the space of a few weeks, millions of schools have gone digital, some for the first time, and most without adequate preparation. 

Class instruction, assignments and conversation are now taking place on Zoom, Microsoft Teams or Slack. Meanwhile, social media has become even more critical to maintaining communication with students and communities.

Bringing on new technologies works best when it’s carried out patiently and carefully. Ideally, technological groundwork is laid, a transition period is agreed upon, and experts oversee an onboarding process aligned with existing security protocols. With the COVID-19 crisis, most schools weren’t allowed these luxuries.

Cybersecurity is a complex business at the best of times, but rapidly introducing new digital technologies is a recipe for trouble. It’s a surefire way to create blind spots and vulnerabilities. For most educational institutions, the big worry is security, both for network systems and for students. 

In these already febrile times, administrators must confront new and unfamiliar security issues. Externally, they face the risk of bad actors compromising or hijacking the accounts of students and teachers. They face the risk of malicious links, possibly infected with malware (including ransomware) spreading like wildfire into a network via students’ or teachers’ home networks. Internally, they face the challenge of monitoring digital communications for cyberbullying, and maintaining the meticulous records required for legal recourse and conflict mediation.

How can schools effectively react to this new digital risk landscape?

Schools don’t have enormous information security budgets or teams. Educational investment in threat intelligence solutions has been diminishing for a number of years. Instead, budgets have been going toward Endpoint Protection Platforms (EPP) and Digital Risk Protection (DRP). In short, schools have been investing in technology that lets them take action, rather than technology that merely detects threats. 

This is the right approach, and in the current moment, schools need to double down on securing both endpoint devices and digital communication platforms. In other words: schools need to secure both devices and the applications being used to facilitate communications between teachers and students. 

At the most basic level, the security challenge is twofold: 

  1. The velocity and volume of digital communications – even small schools using a platform like Slack can generate hundreds of thousands of messages in just a couple of weeks.
  2. The lack of visibility – students and teachers are messaging and sharing links on Microsoft Teams, Slack, Facebook and Twitter. Schools can’t see what’s going on in there, and they can’t detect or act on potential issues. Ransomware is a particular concern for municipalities, and persistent malware is a worry for university systems with research worth stealing.

As a real-world illustration of the risks, one of our customers – a private K-12 school with 1,200 students – shifted Microsoft Teams to enable online learning. In the first 10 days, we scanned nearly 125,000 chat messages, and caught nearly 2,000 instances of inappropriate conduct, including 180 mentions of violent activity and 74 references to drug use. That’s to say nothing of intercepting seven instances of malware contained in shared files.

For the adoption of cloud-based software, schools need cloud-level defenses, with machine learning-powered ability to scan for Indicators of Compromise (IoC) and Indicators of Attack (IoA), round the clock. A proper digital risk protection platform should confer the power to remediate threats, not just detect them. 

With enhanced visibility, schools are empowered to detect malicious files in both direct messages and group messages. While an effective endpoint solution intercepts malware at the device level, a DRP tool can intercept and quarantine problematic messages inside apps. Together, the platforms can provide teams with comprehensive information on the actors involved, malware family, indicator IDs, and other important data.

With this technology, schools can also immediately detect inappropriate conduct, such as obscene language or violent speech. An effective platform can flag all signs of digital harassment or cyberbullying, as well as potential violations of FERPA, PII and other regulatory frameworks. Risk analytics should be language-agnostic given that many  schools have diverse student communities who speak, and now chat, in multiple languages.

The COVID-19 crisis has thrown many schools into uncharted territory. Infosec staff at educational institutions are scrambling to adjust to their new circumstances. The cybersecurity dangers of this sudden new paradigm shouldn’t be underestimated. However, with the right technologies, the virtual campus can be comprehensively protected. When endpoint protection is combined with powerful digital risk protection, the threat level is drastically reduced.  

Instituting these frameworks won’t confer only short-term benefits. Yes, the COVID-19 crisis will eventually pass, but the threat vectors schools are facing in this newfound digital environment are with us in normal times as well. Set up the right security structures now, and you’ll be better off after the crisis as well.

You might also like: Why higher ed institutions should go all-in on the cloud


Leave a Reply