Nov 20 2020

How to Make the Most of Chromebook Security Features

The computers, which are popular with K–12 schools, include a number of built-in security options that must be activated to make a difference.

Among the reasons many K–12 schools have made Chromebooks their tech of choice for remote and hybrid learning is the protection they provide against cyberattacks. Because most of their operations are based in the cloud and are easily controlled by system administrators, the devices are widely seen as highly secure.

Still, K–12 IT professionals say, the standard security perks that come with most Chromebooks aren’t enough on their own to prevent bad actors from accessing private data — or to keep students from visiting dangerous websites.

“To really lock down any device, you have to look at your management practices,” says Keith Bockwoldt, CIO at Hinsdale Township High School District 86 in Hinsdale, Ill.

Chromebooks include some security tools that only work if they’ve been manually activated, he explains. “Zoombombing,” for example, can be a threat no matter what devices students use.

Here’s a closer look at the key security features that set Chromebooks apart from many of their peers, and some additional insight from Bockwoldt about how to make them work.


Get to Know Your OS

Security on a Chromebook begins with the operating system — Google’s web-based Chrome OS. With Chrome, virus protection is built in, and all updates are managed automatically to ensure the device is running the latest version of the OS. Similarly, Chrome uses sandboxing to prevent any infections from spreading between open tabs or applications. It relies on data encryption to protect user downloads and other files.

Other security features standard with every Chromebook include a verified boot function at system startup that checks for any problems and automatically conducts repairs. There is also a tool called Powerwash that, if all else fails, can reset the device to factory settings.

Make Chrome Safer With This Tool

The heart of the Chrome OS is the Chrome browser, which Google says was designed “to be secure by default.” Chrome policies, Bockwoldt notes, can be remotely set and managed through the Google Admin console. The browser includes a tool called SafeSearch that can prevent explicit content from showing up in search results.

“We make sure that’s turned on for the kids so they’re not running into things they shouldn’t see,” Bockwoldt says.

His team also disables the browser’s built-in password manager so users can’t save the passwords to the websites they visit. “It’s just not safe to have that information sitting on your computer,” he explains. “If you left your device on a desk, anyone could come in behind you and they’d have access to everything with your credentials.”

MORE FROM EDTECH: Learn why a zero-trust approach is a must-have for K–12 schools.

Better Control Starts from the Top

Another key to Chromebook security is the power administrators have to control the applications users can download. At Hinsdale, Bockwoldt says, they only permit apps that have gone through the district’s vetting process. If someone wants to use an app that has not been approved, he says, “they can submit a request to the technology department and we’ll review it.”

That policy applies to instructors too, he says. “The main thing is to make sure the app is going to work properly and that it doesn’t have any data privacy issues.”

Hinsdale’s teachers also play a major part in the district’s approach to Chromebook security, Bockwoldt notes. Through a suite of tools from GoGuardian, for example, they can manage the devices when they’re used in the classroom, monitor the sites that students are visiting and get automated alerts when they search for questionable content. “If a kid is looking up guns or seems interested in violence, that might lead to a conversation,” he says.

Finally, Bockwoldt says, Hinsdale’s strategy around Chromebook security depends, in part, on the district’s students. The district runs a technology support internship program where participants are taught, among other things, how their Chromebooks work. They learn basic troubleshooting techniques, he explains, but most important, “they develop a sense of responsibility, and sometimes they’ll tell us when there are things we may have missed.”

For example, Bockwoldt says, students occasionally find ways around district filters. “When that happens, it spreads like wildfire, and we might not know about it until it’s too late.”

Hinsdale’s tech interns act as backstops in such situations — another line of defense against possible disaster. “They’ll reach out and give us a heads-up, and it gives us something else to go ahead and lock down.”

blackCAT/ Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT