Google Chat security & safety monitoring is critical for in-person, remote, and hybrid learning environments
The COVID-19 pandemic forced an overnight change in the education process. One day, students were learning in shared classrooms and the next day districts had to close the schools. School districts across the U.S. rose to the challenge and did an outstanding job in continuing to educate the nation’s schoolchildren.
Technology is a key component of remote learning, so the use of online apps such as G Suite for Education skyrocketed. Among the many great Google apps available in G Suite, Google Classroom, Chat, and Meet are popular with teachers and students for collaboration and communication. However, many district IT and safety teams quickly began to experience Google Chat safety & security compliance concerns.
The challenge for district IT teams during this time (as ever) is protecting their systems and their students’ safety. Monitoring for both cyber safety and security in K-12 remote learning and working is difficult and school districts need to focus on it.
K-12 district administrations often miss the difference between cyber safety vs. cybersecurity. Some districts believe that they’ve addressed both issues with tools such as Gaggle or Bark. But, if you’re using G Suite for Education, content filtering tools don’t work for data loss prevention, phishing and malware protection, and other cybersecurity risks.
The difference between Google Chat security & safety risks is very real. Cyber safety protects people, while cybersecurity protects systems and data. Even before the transition to remote learning, students and faculty were heavy technology users, and that usage has increased significantly. Risks to students, systems, and sensitive data are increasing right along with increased use.
Google Chat & Student Safety
Whether district administrators know it or not, there are even more safety risks and CIPA compliance issues happening in their G Suite apps. For example, early on in the shift to remote learning, a friend of mine received an email from his son’s school district. Students were sharing lewd images with each other on the school’s Google Chat.
The biggest problem? The teacher or district admins didn’t discover the issue. One of the student’s parents happened to see it on his daughter’s Chromebook. Needless to say, the parent was livid. While Google Chat CIPA compliance may not be your district’s greatest immediate concern, no one wants to deal with the fall-out of having to work with angry parents due to school technology use. This is just one reason why many school districts are looking for better Google Chat monitoring solutions.
While the sharing of inappropriate and/or explicit images and videos is disturbing in itself, it’s unfortunately not the worst thing that district IT and safety administrators often come across.
Student safety signals that often show up in Google Chat include:
Before Google Chat, students were able to ignore their bullies during class under their teachers’ watchful eyes, and/or at least partially escape it at home.
Now, they’re in constant contact with their bullies. Cyberbullying is not new to remote learning, but technologies such as social media and chat apps have made it an even bigger issue. Google Chat is no exception, and districts need to protect the health and safety of their students by figuring out how they can monitor student behavior on school-provided chat apps.
2. Self-Harm and Thoughts of Suicide
Some students struggle with self-harm behaviors and/or thoughts of suicide. For these students, remote learning and physical distancing may be making matters worse. For some, self-harm may have to do with being stuck at home with an abusive relative. It can also often overlap with issues of cyberbullying, discriminatory harassment, and other student safety concerns.
Our current situation makes self-harm detection even more important.
Often, a student struggling with self-harming thoughts or behaviors will talk about it with friends. They may even share pictures with their friends, or just upload them to Drive or paste them into Docs as a cry for help. The ability to quickly identify these types of signals taking place in your district’s Google Chat, Gmail, Drive, and other student-facing apps is critical to getting that student the help they need.
Several federal and state laws prohibit discrimination based on race, religion, color, national origin, sex, disability, and age in public and private schools. Conversations happening in Google Chat that might signal discriminatory behavior can include LGBTQ+ harassment, sexual harassment, racism, and more.
Discrimination and cyberbullying often overlap, but not always. Detecting discriminatory behavior in Google apps often takes a bit more subtlety than detecting cyberbullying. But monitoring for and detecting it is not only a safety and compliance necessity, it’s also an important part of educating students to be better citizens.
Google Chat Data Security
With more faculty and staff potentially using Google Chat (as well as Gmail and Google Drive) to communicate and collaborate, there is an increased risk of data leaks. While Google cloud security incidents may be either malicious or unintentional, they’re still damaging to both victims and districts.
When certain types of files are improperly stored and/or shared, it not only creates state and federal data security compliance issues, it can also harm the personal wellbeing and financial future of the person whose information is exposed.
Social security numbers, email and home addresses, and taxpayer information are highly profitable for criminals when they can get their hands on them. At the same time, hackers are increasingly viewing school districts as easy targets for gaining access to this type of information and more.
According to a new report published by The K-12 Cybersecurity Resource Center, cybersecurity incidents in 2019 took a big jump over 2018. The report cites 348 data security incidents, and those are just the ones that were publically reported. The 2019 figure is three times larger than in 2018. The increase is probably due to:
- The increase in the use of technology in schools
- Cybercriminals targeting school districts due to the large amount of valuable data stored there, and the high potential for success
- Multiple schools districts attacked due to a vendor incident
- More reporting about cybersecurity incidents
Looking at the type of data that school districts maintain, you can easily see why schools are such an attractive target. This is why Google Apps security is so important for K-12 districts.
Student, Faculty & Staff Data Privacy & Security
Personally Identifiable Information (PII) is the lifeblood of many cybercriminals. School districts store PII for students (and to a lesser extent, their parents), faculty, and staff. Your entire community is at risk from cyberattacks.
There’s no confusion about why student data privacy is important. It has to do with both regulatory compliance and student health and wellbeing.
School districts must comply with state and federal regulations concerning student data privacy. On the federal level, compliance is required for FERPA, PPRA, and COPPA. On the state level, between 2013 and 2016, 49 states introduced approximately 400 bills related to student data privacy laws. School districts must address Google Chat security & safety if they are to have any hope of remaining in compliance.
The second student issue illustrates why student data privacy is important beyond compliance. Cybercriminals can shatter your students’ health and wellbeing. Once a hacker has PII about a student, they can do things like ruin their credit, steal their identities, and threaten them with embarrassing disclosures or physical harm. Protecting your students against these situations is just as important—if not more so—as compliance.
It’s also true that cybercriminals aren’t fussy about who they attack. With access to faculty and staff PII, hackers would be delighted to steal identities and threaten the adults as well as the children.
District Financial Data Security
Cybercriminals also make good use of access to district financial data. Horror stories abound.
- Distribution of a district’s W-2 tax forms for all employees
- Payment of $10,000 to regain control of systems after a ransomware attack
- Redirection of a $2 million contractor payment to a hacker’s account
In 2019, the types of attacks included data breaches, ransomware and phishing attacks, and denial of service attacks. Districts need to make data loss prevention a priority. IT teams need to plan for preventing attacks, not just reducing the risks of attacks. It’s no longer a matter of if. It’s a matter of when issue.
There’s no doubt that Google Chat security & safety is a growing problem for K-12 school districts. And, it’s not a simple problem to solve. But there are solutions. The remote learning and working environment caused by the coronavirus started overnight. Unfortunately, it won’t be gone overnight. Increasing your district’s safety and security monitoring across all Google apps, as well as other district EdTech apps, will help you protect your community, regardless of how the learning environment changes.