Districts using G Suite and/or Office 365 need to understand how K-12 content filtering and cloud security work together
The goal of K-12 content filtering is to prevent students from viewing inappropriate content. The goal of K-12 cloud security is to prevent cybercriminals from gaining access to school information, such as students’ social security numbers, staff W2s, and intercepting vendor payments for their own financial gain. When you use both of these protection systems correctly, they combine to provide the level of protection the government, you, your students and their parents expect.
The Government Legislates to Protect Our Children
The federal government has taken several actions over the years to protect children from those who would do them harm on the internet.
Family Educational Rights and Privacy Act (FERPA)
President Ford signed FERPA into law in 1974. The Act protects the privacy of students and their parents when it comes to providing access to a student’s school records. In school districts that use Google G Suite or Microsoft Office 365, all those records are accessible in the cloud.
Children’s Online Privacy Protection Act (COPPA)
In 1998, the Federal Trade Commission passed COPPA to define requirements that websites and online services must meet if they provide services to children under the age of 13. Any company that makes an app, website, or online tool for kids under 13 must follow the COPPA rules for collecting and storing information from kids in this age group.
Children’s Internet Protection Act (CIPA)
Congress passed CIPA in 2000 to restrict children’s access to inappropriate content. CIPA requires schools to use K-12 content filtering programs that block content or images that are obscene, contain child pornography, or are hurtful to minors.
Even with all the attention on protecting schools and their students, school districts are still falling victim to phishing, ransomware, account takeovers, and other types of cybersecurity incidents. If you have any doubt about that, visit the map from the K-12 Cybersecurity Resource Center. Since January 2016, the Center has tracked 729 incidents. For more information, review the Center’s K-12 cybersecurity year in review report for 2018.
Examples from the Center include the phishing attack on the Atlanta Public Schools in 2017. Cybercriminals redirected over $56,000 in direct deposit payroll monies. In October 2019, the San Bernardino School System lost access to its computer systems due to a ransomware attack. The result of cyberattacks can range from inconvenience to monetary loss, to the potential for identity theft, loss of class time, and more.
Content filtering and using K-12 cloud security solutions are two approaches that work together to provide the protection you want and the compliance you must have.
What is Content Filtering?
Content filtering is something every school system must perform. The hardware or software works through a child’s browser to look for specific words or content that matches the definition of undesirable content. The content filter will block this type of content immediately before it is displayed on the browser.
Content filters offer different types of features. Filters often send content through web proxies, gateways, or browser extensions to allow for screening and filtering. Some content filtering solutions can scan images, but many rely on filtering based on text. Some filters offer machine learning or artificial intelligence to “learn” from its work, and reduce the instances of false positives or negatives.
What are the Pros?
- It complies with CIPA and COPPA
- Students are prevented from viewing explicit content on purpose or by accident
- Students can’t waste time surfing the internet when they should be doing classwork
- Some solutions work off school property, for example limiting access on a student’s home computer or on their school-issued laptop
- Some solutions can integrate with a school’s Active Directory system, allowing administrators to set limits based on user groups
- Some solutions can inspect encrypted traffic using SSL connections
What are the Cons?
- It doesn’t comply with FERPA
- It is typically limited to filtering during browser sessions
- It is typically not able to scan a school’s shared drive or email environments for harmful and inappropriate content
- It doesn’t protect users from malware, phishing, ransomware and a host of other cyberattacks
- It doesn’t protect sensitive student, parent/guardian, and staff data from accidental exposure or loss
- It is often device-specific; for example, they only work on school-issued devices
What is Cloud Security?
Cloud security uses APIs to analyze and control what is happening in cloud applications like Google’s G Suite, Google Drive, Office 365 Mail, OneDrive, and SharePoint. As a result, K-12 IT staff will have the visibility to see what is happening within a cloud application.
You’ll be able to control the activities and behavior of user accounts within these cloud apps, based on the policies you define. The security application can detect, alert, and block activities that violate regulations and the school policies you create. Cloud security will protect you from malware, phishing, account takeovers, data breaches, and other security threats.
Cloud security is different from the native security offered by application vendors, such as Google cloud security. While Google does an excellent job with its offering of G Suite for education security features, those features don’t provide the overall level of protection school districts require and the admin console can make it difficult to find the information system admins need to remediate issues quickly.
What are the Pros?
- It offers compliance with FERPA and COPPA
- It allows you to control suspicious and inappropriate activity inside cloud applications, including G Suite and Office 365
- It lets you detect, alert on, and block activities that violate regulations and policies
- It will protect you against malware, phishing, ransomware, account takeovers, data breaches, and other cyberthreats
- It helps you to limit the dissemination of sensitive data, whether that dissemination is an accident, or done with malicious intent
- It limits the ability of students and staff from purposefully or accidentally sharing or viewing explicit content
- It will alert you if users are saving and sharing explicit content and text
What are the Cons?
- It doesn’t inspect content posted or shared outside of a school’s cloud applications, such as social media, and personal messaging or email apps
- It doesn’t monitor the activity of devices; it focuses on activity in cloud applications
As you can see, K-12 content filtering and cloud security are two different ways of providing protection online. One isn’t better than the other, and one can’t replace the other. The key is to use the right mix of both technologies to do all you can to protect your school district, employees, students, and their parents/guardians.