Old Operating Systems and Devices Can’t Install Necessary Updates
The vulnerability in legacy devices and operating systems is that they can’t update appropriately. They reach a point where they don’t have the computing power to run and install new updates. This means known weaknesses in the systems can’t be patched, leaving the doors open to cyberthreat actors.
When new OSs are released, some users push back against updating because they fear it will wipe their machine. It’s important to remember, and to remind staff, that these OS updates are released for security reasons. A smooth transition across the entire organization can help keep the network safe.
Additionally, with rapidly advancing technology, end users’ refusal to use new releases means their systems won’t be able to run programs when they are updated and become incompatible with the old OS.
Outdated OSs and devices — laptops, servers and even printers — can also be a huge drain on the IT department’s time. Legacy technology requires a lot more maintenance, and IT admins must work harder to keep these systems alive. If a district is holding on to an old server, for example, because it runs one program that no longer serves a purpose, it may not be worth keeping. Schools should do audits regularly to see if programs are still being used; these audits can help to improve the district’s security.
In addition, committing to annual evaluations of various ed tech tools can help districts make informed decisions about whether legacy software programs are worth renewing. Older online programs may also need to be evaluated for security concerns, especially if they were created to be compatible with old OSs. IT teams should determine whether older software is still supported by the original manufacturers. If not, users could find themselves with no way to update or troubleshoot when problems occur.
Give K–12 IT Admins Visibility into Vulnerabilities
Annual audits can help districts determine what tech they need to keep, and what they can let go. A solution’s usefulness should be weighed against its cost. Often, with legacy technology, it’s more beneficial to find updated programs and devices. This not only ensures staff members are working with the latest tech, but also keeps the school safe. Regular usage reports and progress monitoring can help districts make the difficult decision of whether an online business or instructional tool is still serving a purpose. By strategically abandoning old programs, districts can find cost savings.
Districts should also maintain a data privacy agreement that software companies are willing to honor annually. These data privacy agreements should protect the personally identifiable information for all the users of the software, with the companies agreeing not to sell or distribute that data during or after the contract period.
On the hardware side, device refresh cycles prevent technology from becoming too outdated. Proactive IT teams can turn to partners to assist with maintaining the cyberhygiene of student and staff devices. CDW provides solutions for mobile device collection, wiping hard drive data and updating systems during the crucial summer months when IT teams are preparing for the new school year.
Audits and refreshes also allow the IT department to see what’s happening under their own roof. Corporate organizations frequently have strict software adoption policies, where nothing is assumed to be safe and every new technology or program must be approved on multiple levels. In K–12 institutions, it can be much more difficult for IT admins to keep track of who is using what, which is why audits and refreshes are helpful.
Districts concerned about their cybersecurity posture, and those looking for an easier path to cybersecurity insurance, should work with a third party on a risk assessment and penetration testing. Pen tests can help schools identify vulnerabilities in their system, whether it’s a user who refuses to upgrade to Windows 11 or a 10-year-old laptop that can’t handle another update. These vulnerabilities do not simply go away or become less of a problem over time. Instead, they compound growing cybersafety issues that school districts must give attention to before it is too late.
This article is part of the “ConnectIT: Bridging the Gap Between Education and Technology” series. Please join the discussion on Twitter by using the #ConnectIT hashtag.