Cybersecurity Awareness Month is an excellent time for a cloud content security audit
CoSN’s annual survey, Edtech Leadership Survey Report 2021, reports that K-12 IT leaders in the U.S. rank cybersecurity as their number one priority. But it also found that cybersecurity risks continue to be underestimated by district leaders.
One area that I know is being underestimated and overlooked is your cloud environment. And a cloud content security audit is a great way to shine a light on the risks lurking in your cloud applications.
What does that mean? Google Workspace, Microsoft 365, Zoom, Box, Dropbox, Canvas, and a dizzying array of other applications that your students, teachers, and staff are using are all based in the cloud. The data created, accessed, and shared in cloud applications like these are all hosted off-site, not on your local servers. There are many benefits to this model, which is why nearly all schools, government organizations, and companies of all sizes have moved to cloud computing.
But there are some cybersecurity considerations that you need to consider. Most technology teams we talk with didn’t know about the security risks in their Google and Microsoft apps. It’s something that continues to fall into the “you don’t know what you don’t know” category, which is unfortunate when you consider that very nearly 100% of school districts use one or both of them.
Why is K-12 cloud security such a big issue in schools?
- Leadership in many districts don’t understand the critical nature of securing cloud content and don’t prioritize it in their budgets. As a result, IT leaders end up without the resources to fight the cybersecurity battle and win.
- Schools have a culture of sharing knowledge and providing easy access to it. However, that type of access is causing more data breaches, phishing incidents, and ransomware attacks.
- The security challenges in schools are unique. Cybercriminals know that schools don’t have the budget to protect themselves, and they’re a treasure trove of valuable data, so they actively pursue districts as an easy and profitable target.
A cloud application security checklist is an excellent first step. This one will help you make sure you’re correctly configuring the settings already available to you through your Google and/or Microsoft admin centers.
A cloud content security audit is an excellent next step. It will help you identify risks in your cloud content and take action to revoke inappropriate sharing, remove risky 3rd party apps, and more. Further, running a cloud security audit can help you communicate absolute security and compliance risks to help evaluate budget priorities, develop a security-minded culture, and address the unique security challenges your district is facing.
What is a Cloud Content Security Audit?
Let’s start by defining what we mean by cloud application security. It’s described as a set of policies, processes, controls, and technology that direct the information exchanges taking place in your cloud applications, such as Microsoft 365 and Google Workspace.
The problem is how district leaders interpret that definition. Many think that their firewall is going to protect them. Many we talk with also believe that the security of their cloud applications is enough to protect them. The belief that protecting the data in your cloud is the responsibility of the application providers is another persistent cybersecurity myth that makes schools vulnerable.
What to Look For In a Cloud Content Security Audit
If your audit doesn’t reveal any of the following types of things, you have nothing to worry about, but the odds of that happening are very low. On the other hand, if you find something on the following list, you know you need to upgrade your cloud content security.
1. Improper sharing of Personally Identifiable Information (PII): A wide variety of PII likely exists in your cloud apps. There’s nothing inherently wrong with that. However, when it’s improperly stored and/or shared, problems with security, data privacy, and regulatory compliance come up. PII includes (but is not limited to):
- Social Security Numbers
- Name, Address, Phone Numbers, Email Addresses, etc.
- Individualized Education Plans (IEPs)
- Health Information
2. Improper Sharing of Payment Information: This can lead to the redirection of vendor payments to cybercriminals, for example.
3. Malware and phishing content in your emails, shared drives, files, and attachments: Look for malicious software (malware) embedded in your files and malicious links in phishing emails or other documents.
4. Inappropriate content: Look at both student and staff files to identify sexually explicit content or any content that would present human resources or CIPA compliance issue.
5. Student safety signals: Protecting the safety and wellbeing of students is a paramount concern. Students often leave indications in school cloud apps, including email, documents, and chat apps, that will help your response team help students in crisis. Cyber safety signals that can be detected might include:
- Domestic abuse
- Substance abuse
Why Should You Do An Audit (And Why Now?)
The real question is, “Why not now?” The timing is perfect. Think about the fact that right now, school is more or less humming along (I mean, as well as it’s going to, right?) It’s an excellent time to do an audit while life is relatively mellow. And, the sooner you know what’s happening in your cloud, the sooner you’ll have the protection you need.
What you don’t know can hurt you, your students, teachers, staff, and parents when it comes to cybersecurity.
Based on our experience working with thousands of schools, we know that it’s very likely that your Google and Microsoft cloud applications contain problem content.
It’s content that can leave your students vulnerable to cyber stalkers, your school vulnerable to monetary loss, and your parents threatened with harm against their children. It’s content that can leave suffering students with no one to help them or that can take cyberbullying to the point of school violence.
Finally, it’s Cybersecurity Awareness Month! So, what better time is it to run a free audit to find out what you don’t know — that you don’t know?
That is why we’re offering a cloud content and behavior security audit free for K-12 school districts. It’s fast and easy to set up, and you won’t regret it.
“ManagedMethods is like having an additional employee on my team. It’s constantly monitoring and doing tasks that we don’t have time to sit there and do all day. It replaces those labor hours and then alerts us when there’s something we need to take a closer look at. I like that I don’t have to work in it every day, and it doesn’t take up a lot of my time. It does a lot of the work for me, and it just lets me know when it needs me.”
— David Termunde, CTO, Arbor Park School District 145