Security

Shadow IT: Identifying Bad Actors to Keep Students and Staff Safe Online

With distance and hybrid learning, many schools are falling victim to ransomware attacks. Here are some tips on strengthening remote device management and amplifying cybersecurity to keep students and staff safe.

Surita Bains

Surita Bains is Absolute Software’s director of product management, focusing on education, including K–12 and higher education. She works with customers to understand what problems and challenges they face and helps them find solutions that work in the unique education space. Having worked in the software industry for more than 15 years, she has experience helping a wide variety of industries to adopt, integrate and update technology. Bains has a strong background in program management and received CPA certification in 2013.

Schools have long been a prime target for malicious attackers, and the accelerated shift to distance and hybrid learning environments has exacerbated this problem. With teachers and students across the country connecting remotely outside the perimeter of the school network, IT teams are overstretched, and schools have become more vulnerable than ever. In recent weeks alone, school districts in Maryland, Massachusetts and Nevada have fallen victim to ransomware attacks that have disrupted or completely halted learning, and put students and staff at risk.

Critical Considerations for Remote Device Management

For already-strained school IT teams, distance and hybrid learning environments have compounded ongoing security and technology challenges. Sending devices home, out of sight of IT management, has increased the likelihood of shadow IT, device misuse, and the circumvention of security policies and web filters that traditionally rely on a school network connection. Even before the pandemic, Absolute’s research showed that 41 percent of schools had rogue VPNs or web proxy apps identified in their device fleets, and an average of one hour per day was spent engaging in inappropriate web activity. With websites (not email) as the largest vector for introducing malware to schools, this is an alarming trend.

In the face of continued uncertainty around how long schools may need to operate virtually, there’s a critical need to strengthen remote device management and security in order to keep bad actors away, keep students and staff safe, and keep schools running. Here are some best practices to consider.

Complete visibility is non-negotiable. As obvious as this may sound, the most critical component of a secure distance learning or hybrid learning environment is the ability to see and track every device. But this has proved to be a significant challenge for most schools and districts, which have had to stand up and scale digital learning environments essentially overnight. With the dramatic increase in devices to manage, every device, whether on campus or at home, is a potential entry point into the school network — and therefore, a potential vulnerability. Education IT teams need to remain connected to every device, even when devices are off the school network, to gain a complete understanding of where every device is, who is using it and what they are using it for.
Don’t lose sight of the data. It’s equally critical to see what types of data are being stored and shared on endpoint devices to protect students, teachers and the broader organization from malicious actors. With school-issued devices increasingly being used for entertainment and personal work while at home, things like personally identifiable information, protected health information and personal financial information are more likely to be stored on devices or shared among applications. To understand where an educational institution may be most vulnerable or exposed, it’s essential to know where this type of sensitive data is and whether it is protected.
Leverage both training and technology. Asking teachers, students and parents to be responsible for device hygiene and security — in addition to individual remote teaching and learning responsibilities — is an added challenge, to put it mildly. At the same time, the loss of physical access to devices has significantly complicated or hindered IT’s ability to maintain foundational security practices. Recent data shows the average delay across education organizations for patching Microsoft Windows 10 devices to be more than 180 days — which means potentially hundreds of critical vulnerabilities are being left unaddressed, ready to be exploited by malicious attackers. Advocating for technology investments that can help ensure critical security fixes are deployed and installed in a timely manner, and security controls are up to date and working effectively, is the only sustainable way to ensure remote devices remain protected.

By adopting these best practices, educational IT teams will be better equipped to address security threats that may arise and reduce the risk of operational disruption or data compromise. While economic volatility has created IT budget concerns, it’s crucial that cybersecurity and remote device management remain top of mind for school leadership — whether schools are operating virtually, in person or somewhere in between.

MORE ON EDTECH: The 6 C’s of cybersafety: how to keep students safe online.