EdTech security risks create ransomware, account takeover, and data security risks for school districts
New EdTech supports innovation in teaching and enriches learning. However, that same technology can leave you vulnerable to cyberattacks. It poses risks to student privacy and safety, and increases the risks you must face in terms of data breaches and ransomware attacks. Fortunately, there are steps you can take to manage EdTech security risks.
Investment in the EdTech sector is growing rapidly. As a result, the number of EdTech SaaS applications that are available to teachers, students, and staff is also growing. Most EdTech applications in use today represent shadow EdTech. Shadow EdTech refers to applications that users are connecting to district Google and/or Microsoft environments through OAuth that you don’t vet or manage from the IT department. Many times you may not even know someone is using them. These applications contribute to the complexity of your district’s IT use and make securing district information systems even more challenging.
Schools Are Targeted by Cybercriminals
Local governments are the most targeted organizations for cybercrime. Education ranks in second place. In July and August 2019, schools reported 160 security problems. That number is higher than the number of all incidents schools reported in 2018.
Years ago, you managed your operating systems, several apps, and a few hundred devices. Now, you’re in a world where your systems include many versions of operating systems, hundreds of apps, and possibly thousands of devices.
Is Reducing Complexity the Answer?
You know that school budgets are restricting your ability to grow your IT department. You certainly don’t have the staff to assign to halting the use of shadow EdTech, and you may not even want to. Therefore, it isn’t possible to put in an immediate fix by reducing the complexity of your environment. You must manage the EdTech security risks that the complexity creates.
How Cyberattacks Have Affected School Districts
Cyberattacks have affected school districts in a variety of ways. Reports show that from January through September 2018, over 500 schools experienced ransomware attacks. Schools in Connecticut were the hardest hit. The state of Louisiana took a unique approach when cybercriminals attacked their schools.
The governor of Louisiana, John Bel Edwards, declared a state of emergency after attacks on three school districts shortly before the new school year started. This approach had the advantage of activating several state and private incident response teams. Those teams helped the school districts recover from the attacks before the districts had to cancel any school days.
It’s difficult to obtain accurate information on the impact of cyberattacks because many school districts don’t report them publicly. Regardless of the numbers you choose to believe, there is a sharp increase in the number of ransomware attacks in 2019.
The problem is so pervasive that the FBI issued a public service announcement encouraging all School District IT teams to raise their awareness of cyber threats. The FBI is especially concerned because schools regularly collect confidential data including personally identifiable, biometric, behavioral, classroom, disciplinary, and medical information. In the wrong hands, this type of data can be devastating to the affected individuals.
Problems Caused by Risky EdTech
Every industry must protect against cloud security risks, and education is no different. Cybercriminals can gain access to your systems in a number of ways. Phishing is a popular tactic. The hackers send emails with infected attachments, and when an unsuspecting user opens the attachment, the infection spreads and allows the hackers access.
When school users login to EdTech apps using their school credentials, they’re creating a potential vulnerability in your systems through a number of OAuth risks. Users love OAuth because they can use one login to access a number of systems. Let’s say a teacher uses their school Google account credentials to login to a classroom management app that uses the OAuth platform. That connection, if not properly secured and maintained, can provide hackers with an access point into your schools’ systems.
Besides ransomware shutting entire districts down, there are other problems caused by EdTech security risks. These issues include:
- Account Takeovers: Hackers can takeover accounts of teachers and students. The hackers may be able to make purchases using a credit card. They can use their account access to send phishing emails to other contacts and gain access to more accounts and information. Or, they may be able to take over a Facebook profile and send bullying messages to other students based on their personal information. They could also take over an email account for an administrator and wreak all kinds of havoc.
- Data Loss: Hackers can destroy school records once they have access. They’ve also been known to redirect contractor payments to dummy accounts that the hackers control, and use employee information to steal tax returns. On a personal level, students, staff, and parents can face identity theft, a problem that can take years to resolve.
- Classroom and Learning Disruption: Whether students are unable to access online lessons, or teachers are unable to prepare and present online lessons, the disruption to the classroom and learning opportunities is a significant problem. Flagstaff school district recently had to cancel school due to a ransomware attack that impacted building security, phones, and other systems.
Managing Your District’s EdTech Security Risks
A survey by the Consortium for School Networking (CoSN) found that system admins rank cybersecurity as both their number one priority and their top challenge. Finding ways to manage EdTech security risks must be a top priority in cybersecurity strategies across the education sector. Here are four steps you can take to address that priority.
1. 24/7 Monitoring
Monitor permission settings and potentially malicious apps that represent OAuth risks. Monitor the activity on your systems to identify abnormal behavior that could result from an account takeover. This activity could be unusual login locations and lateral phishing emails that could indicate an account takeover.
2. Schedule Automatic Action
Identify the EdTech and SaaS applications that are connected to your district G Suite or Office365 systems. Then, automatically classify their risk potential. Once identified, you can take action automatically or manually to sanction, prohibit, remove, or notify the offender. In some cases, more than one of those actions is appropriate.
If your monitoring uncovers a known malicious app, or you determine an app to be malicious, define a procedure for checking with the user. Find out if the user added the app on purpose, or if it could be a result of an account takeover. In this situation, it’s a good idea to suggest that the user reset their account password.
3. Update Your Cloud Safety Measures
Review your G Suite for Education security features to ensure that you’re using them to the fullest. And, conduct a cloud security audit to identify anything you may be missing.
4. Create an EdTech Policy Manual
It’s critical that everyone in your district understands the importance of protecting the security of your data. They should also be aware of the fact that cybercriminals are targeting K-12 institutions. Make sure the manual defines:
- The EdTech that is approved for use
- The minimum security and privacy requirements for new EdTech
- The process for vetting new EdTech apps
Managing your EdTech security risks is one of the best weapons you have against cybercriminals. If your school district doesn’t have an automated system to identify and manage the EdTech apps that are connected to district G Suite and Office 365 environments, your defense isn’t as strong as it could be. Fortunately, identifying EdTech security risks in your environment doesn’t have to be difficult—or particularly expensive. Take the first step in identifying potential EdTech security risks with a free security risk assessment by ManagedMethods!