Understanding Student Self-Harm and Suicide for K-12 IT Admins

IT admins can provide an early warning system for student self-harm and suicide prevention

In today’s digital learning environment, K-12 IT admins are finding themselves in some unfamiliar territory. As learning becomes increasingly digital—which was happening well before COVID-19 remote learning arrived—IT admins are finding themselves in the position of becoming ad hoc digital “hall monitors”.

Before students started to use school apps more frequently, spotting signals pointing to self-harm or suicide was the responsibility of teachers and administrators. Now that students spend more and more time online, they’ve started using online apps as a platform for exploring and expressing their feelings.

Cyber safety in schools is an increasingly important issue. School districts of every size are grappling with the best way to detect student safety signals in digital spaces. Often, it’s putting IT admins on the front line for spotting signals of students in crisis.

Here are four things that K-12 IT admins need to understand about self-harm monitoring and suicide prevention in digital channels.

1. Self-Harm and Suicide are Two Different Things

Self-harm and suicide often get lumped together when people think and talk about student safety issues. However, experts agree that the difference lies in intent.

Self-harm has a very specific definition. It doesn’t refer to things like tattooing or piercing, substance abuse, or eating disorders. It does refer to students who hurt themselves without consciously planning suicide, though some experts and research suggest that students may use self-harm to avoid their suicidal urges. The intent of self-harm is to feel alive, rather than to end life. Self-harm often results in damage to their bodies as in the case of cutting, burning, or hitting themselves.

On the other hand, when a student attempts suicide, their intent is to end their life. Suicide attempts happen less frequently but are lethal when the student succeeds. While they aren’t the same thing, there is a relationship between self-harm and suicide because in many cases, self-harm behavior can lead to suicide.

2. Self-Harm Behavior is an Indicator of Broader Issues/h3>

Students may turn to self-harm behaviors to try to deal with problems such as depression, anxiety, eating disorders, low self-esteem, or abuse. Sometimes students known as overachievers will turn to self-harm to deal with the stress of trying to be perfect in everything they do.

It’s important to get professional help for students who self-harm as quickly as possible. It will take time to address the underlying issues, and the longer the student practices self-harm, the more difficult it becomes to get them to break that habit.

Students can become addicted to self-harm because it provides a release to let their negative emotions escape. They feel relief and sometimes even experience a release of endorphins after a session of self-harm. Unfortunately, those feelings don’t last long and are often followed by feelings of shame or guilt that leads the student to want to punish themselves. Their punishment is usually more self-harm, and a vicious cycle plays out over and over again.

3. Student Self-Harm Monitoring Must Cover Both Images and Text/h3>

In many cases, students are using school apps to write things down. This could be in the form of a personal journal in Google Docs or communications with friends in Docs, Gmail, and Chat. Students find many reasons to lie to their parents, but seem to trust online communication because they feel more comfortable discussing sensitive topics when they aren’t face-to-face with others.

Every day, students are also uploading and sharing images using school apps. They may share sensitive images intentionally or by accident. In either case, schools also need to know when images depicting potential self-harm behavior are being stored and/or shared in their domain. This isn’t just a compliance issue—it’s a student safety issue.

4. IT Needs to Partner with School Resources to Prevent Student Self-Harm and Suicide/h3>

There are two things we know for sure as IT admins. First, we’re not trained psychologists and aren’t the best people to rely on for taking action to prevent student self-harm and suicide. Second, we’re already doing the work of three or more people, and taking action to prevent student self-harm and suicide is too important to add to IT’s ever-growing list of responsibilities.

But, you also need to recognize that you are in the unique position of being able to help your district in preventing student self-harm and suicides. Your knowledge of technology allows you to manage systems that spot potential problems and give your school counselors and resources a critical advantage in their prevention efforts.

IT and student resources personnel need to be able to work together to take advantage of self-harm detection and student suicide prevention technology. IT should be able to easily, if not automatically, send potential indicators to the right district resources without spending a lot of effort trying to decide whether the indicator spotted a legitimate issue. Student resource personnel need to review those indicators to identify incidents that need follow-up and to decide how they will conduct that follow-up.

As an IT admin, you may never have thought of yourself as playing a role in K-12 cyber safety needs such as preventing self-harm and suicide among your student population. But, today’s technology makes you central to your district’s cyber safety and security. You have a unique role to fill in providing an early warning system for the mental health professionals in your district who can address these issues.

Warrior Run School District Cyber Safety

3 Ways School IT Can Get Involved in Student Suicide Prevention

IT teams can make a difference in student suicide prevention using their unique insights and expertise

If you’re on a school district IT team, no one expects you to be a trained psychologist, and you can’t be expected to be on the front lines of student suicide prevention. But, now that so much of school interactions are happening online, you are in a unique position to be able to shine a light into an area of student communications and behavior that is difficult for others to see. Your role in cyber safety in schools can make a big difference to a student in crisis.

The Unique Role of IT in Cyber Safety

There are three areas of K-12 cyber safety where today’s district IT teams bring unique expertise and visibility.

1. Overall Understanding of Technology, Implementation, and Integration

Cyber safety technologies have come a long way in a very short amount of time. Several software offerings are available to school districts to assist in these areas. Among some of the most popular are Gaggle, GoGuardian, and Securly.

In a typical school district, few people outside of IT understand how these technologies work and how to integrate them into a district’s system. Any investment in student safety technology needs the unique expertise of the IT team to ensure implementation is successful.

Different vendors provide different levels of behavior monitoring, control, and data privacy. And different vendors often put a different amount of emphasis on each of those three areas. In most cases, the IT team will be best equipped to understand the data privacy and security implications of different options and can provide recommendations from that perspective.

2. Visibility into Students’ Online Communications and Behavior

When a student decides to take their own life, that decision doesn’t happen in a vacuum. In most cases, student communications and behavior can signal that they, or someone they know, is in crisis before it’s too late.

Now that students are spending so much time online, both during school and on their own time, their communications and behavior are less visible to the adults in their lives. A district’s IT team is in a unique position to open up visibility into the students’ online world with monitoring technology that can detect troublesome signals.

One example of where IT teams often show leadership in detecting these types of behaviors to, hopefully, limit future tragedy is cyberbullying. Statistics show that students who are being bullied are at a higher risk of attempting suicide. And, in today’s online environment, a large amount of bullying is cyberbullying. Here are some important stats provided by the Megan Meier Foundation:

  • Approximately 34% of students report they have experienced cyberbullying
  • Students who have experienced cyberbullying are at greater risk of self-harm and suicidal actions
  • Approximately 6% of students have anonymously posted online sharing harmful thoughts or feeling about themselves
  • Students who experience cyberbullying are almost two times more likely to try to kill themselves
  • About 1 in 20 students experience suicide each year

Self-harming is another student behavior that may signal future suicidal tendencies. While self-harm and suicide are very different actions, research indicates that self-harm behavior leads to suicidal tendencies at a greater rate than those who do not self-harm.

Students are using school technology to write about and/or share images of this kind of behavior. In many cases, it’s a cry for help that IT teams can help school counselors hear using self-harm monitoring technology. Monitoring for self-harming signals in district technology might include scanning for keyword strings in contextual information, detecting possible injurious behavior in images, and more. Most of today’s student self-harm detection will use a combination of keyword and regex scanning, image scanning, and artificial intelligence. Some vendors also provide teams who will investigate what the technology triggers before sending the alerts to school resources.

3. Fast and Objective Response

Your IT team should have little direct contact with students when you identify behavior that may indicate suicidal thoughts or behavior. Your role in student suicide prevention is to provide objective information based on the data the technology finds. And, you need to be able to pass that information on to those who are trained to respond quickly.

The goal for IT admins is to be as fast and objective as possible. You shouldn’t try to make a judgment call on what the technology finds. Quickly passing that information along to the right contacts in your district can, and has, meant the difference between life and death. Some student safety vendors also provide incident review by trained employees as an additional service.

K-12 IT teams are often the unsung heroes of our education system. Since most teams are deeply understaffed and underfunded, it can seem like involving them in student suicide prevention is unnecessary or over burdensome.

But, districts would be remiss in discounting the unique capabilities and expertise the IT team can provide. Many of the professionals in district IT departments that we work with never thought about how beneficial their involvement could be until they experienced it firsthand. Now, they see it as one of the most important and impactful parts of their job.

Warrior Run School District Cyber Safety

Self-Harm Monitoring: Why IT is the Newest Ally in Student Suicide Prevention

Online self-harm monitoring can be an early warning system to help prevent student suicide

According to the latest numbers released by the CDC, suicide is the second leading cause of death for school-age children, right behind unintentional injuries. September is National Suicide Prevention Awareness Month, so we wanted to take this month to look at how district IT teams are becoming more involved in student safety monitoring and suicide prevention.

No technology will ever take the place of human intervention and care in treating students contemplating suicide. However, today’s technology can help detect the warning signs children send out that hide in the digital world. IT teams can give parents, educators, mental health professionals, and students some extra help in spotting problems using student safety monitoring, such as self-harm detection, in school technology used by students.

Self-harm monitoring is even more important now as social distancing and remote learning continues into the fall, and perhaps into the winter months. It is far more difficult to identify a student in crisis across the digital divide than it is when teachers and counselors see students in person every day.

Why Self-Harm Monitoring in School Technology is Critical

Students were already deeply entrenched in school technology before COVID-19 moved much of today’s classroom learning online. We know that there are a large number of instances where students are using school apps to communicate with each other, share pictures and videos, write down their feelings, and more.

Given this trend, IT teams have become important allies in suicide prevention in many districts. Some don’t like the idea of students employing school apps for personal use. It’s understandable that this practice makes many administrators uncomfortable.

On the other hand, many teams recognize that it’s better for students to use school technology as an outlet rather than seeking out alternatives where their behavior can’t be monitored. In many cases, this has meant the difference between students getting the help they need and harmful outcomes. Administrators shouldn’t view self-harm monitoring in school technology as a punishment. They should consider it an important tool in a district’s cyber safety toolbox to help keep their students safe and healthy.

Self-Harm Monitoring and Student Data Privacy

There are completely warranted concerns around monitoring students while maintaining their privacy. For example, many students and parents aren’t comfortable with monitoring for self-harm along with other behaviors in students’ social media accounts and online searches.

District IT teams can help students and parents understand that when the students are using school-issued devices or technology, the teams are under an obligation to monitor for all types of harmful behavior. Districts are responsible for students’ physical safety within school buildings and they’re also responsible for students’ cyber safety online when using school-issued devices and software tools.

For example, the Children’s Internet Protection Act (CIPA) requires that schools ensure the safety and security of minors when using electronic communications. That’s just one of the federal and state laws that are in place to protect our students.

There is another perspective. Some think that school monitoring doesn’t go far enough. In districts where Bring Your Own Device (BYOD) is in place, IT and/or safety teams typically can’t monitor for behavior in the same way they can where school-issued devices are used.

Your district will need to find the right balance of monitoring and student data privacy to protect your students’ safety while meeting the needs of your community. You’ll need to vet any technology vendors to make sure they are FERPA and COPPA compliant.

For example, you’ll need to ensure that your vendors aren’t sharing student information with third parties. You’ll also need to evaluate how the vendor collects and stores student data as one of your primary concerns for protecting student data privacy. This relates to the vendor’s architecture security, which is critical to ensuring that your students’ information won’t be exposed by a data breach on the vendor’s systems.

Ultimately, I think everyone can agree that the most important goal is to get students in crisis the support and resources they need as quickly as possible. It’s true that IT teams in school districts are stretched thin already. Monitoring behavior may feel to those teams like just one more thing to add to their list of things to do. At the end of the day, there is absolutely nothing more important than protecting students.

The work of counseling and suicide prevention should always be in the hands of trained professionals in the schools. But in today’s tech-enabled classroom, IT is the newest ally in everyone’s efforts to help prevent student suicide by using self-harm monitoring and other student safety signals to spot trouble in online apps and chats.

Bremerton School District Cyber Safety

Warrior Run School District Manages Student Cyber Safety in G Suite for Education

ManagedMethods helps Warrior Run School District Monitor G Suite for inappropriate language, cyberbullying, self-harm signals, and other student safety concerns

Warrior Run School District Google G Suite Cyber Safety

Warrior Run School District is located in Turbotville, Pennsylvania. The district has an enrollment of about 1,500 students and 180 faculty and staff, and they’ve recently moved to complete 1:1 for all K-12 grades.

Greg Alico, Technology Coordinator, a tech specialist, and three building technology aides manage all things related to technology and system administration in the district. Most of the technology used in the district is cloud-based, including G Suite for Education. Cost, plus user needs for easy 24/7 access to the district’s systems, prompted the move to the cloud.

Warrior Run School District uses a multi-layered cybersecurity and safety technology stack, including Securly for student safety and device management, and ClassLink for password security.

“ManagedMethods’ layout and ease of use is exceptional. I didn’t need extensive training because the interface is so easy to navigate and user friendly. Most importantly, I’m now able to be proactive in identifying student behavior issues and alerting the proper school resources when necessary.”
— Greg Alico, Technology Coordinator

Alico and his team works to manage the significant growth in the number of apps that are available to schools. If a teacher wants a new app, they must first complete an application created in Google Forms. A review committee then meets to evaluate the app on a variety of parameters. If the app passes the evaluation based on FERPA, COPPA, and other criteria, Alico determines the best way to provide the app to users.

The Challenge

Alico was concerned about monitoring student behavior in G Suite. Google Admin Console gives him access to some data, but it isn’t user-friendly. Nor is it typically presented in a way that makes the data usable. Admin Console also doesn’t provide information or notifications on student behavior issues happening within G Suite Apps. As a result, he spent many frustrating hours trying to find and compile the information he needed when a student incident occurred.

“I would hear from a principal that a student had a discipline problem and, during the investigation, they’d discover that the student was abusing G Suite. The principal wondered why I wasn’t catching those things,” Alico recalls. “I didn’t like the fact that I couldn’t stay ahead of a situation like that. I felt I should be going to them to let them know about a problem before there’s a significant issue.”

He knew that there were students using Google in inappropriate ways, but he didn’t have a way to know about it. For example, there were no alerts for students using Google Docs as chat rooms using inappropriate language and sharing explicit images. He could run an investigation manually in Admin Console, but it wouldn’t catch everything and was time-consuming. Further, when his investigation did pick something up, it was difficult to identify additional facts such as the source of the text, who created the document, who it was shared with, and who contributed to it over the document’s history.

The Solution

Luckily, Alico didn’t get internal resistance to looking for a more comprehensive method for monitoring G Suite. It was obvious that there was a problem and that the district needed something new to address it. Like most public school districts, the main issue was cost. Alico’s budget stays flat and he must make decisions about whether a new application will be worth the expense. He was looking for a solution that he could afford over the long-term, not just for the year.

Early in his search, Alico scheduled a demo with ManagedMethods. He was impressed with the built-in reporting, along with the custom reports that he can automate to send periodically. He also liked that he didn’t need to make any changes in his existing systems or OU setup.

“ManagedMethods’ layout and ease of use is exceptional,” explains Alico. “I didn’t need extensive training because the interface is so easy to navigate and user friendly. Most importantly, I’m now able to be proactive in identifying student behavior issues and alerting the proper school resources when necessary.”

Alico evaluated ManagedMethods’ cyber safety monitoring capabilities along with other popular solutions available on the market. He found several benefits to ManagedMethods that made it stand out among his other options. The highly customizable and automated reporting that ManagedMethods provides was a big win for him.

The level of visibility and detail that ManagedMethods provides also stood out. ManagedMethods doesn’t just send email alerts. It provides additional information such as context, who created the document, who it was shared with, and who contributed to it over the document’s history. The email alert will also link directly to the document, email, or chat that violated the policy for further investigation.

There was some concern among students over the possibility of increased monitoring. Alico handled that issue with an explanation when students signed the district’s Acceptable Use Policy (AUP) that covers the rights, responsibilities, privileges, and penalties associated with using the school’s computers.

“Every year, when the students sign the AUP, I tell them that schools are public entities that are responsible for monitoring computer usage to identify instances of abuse. And, if certain activities are discovered, the school is mandated by law to address them,” Alico explains.

When it comes to data privacy concerns, ManagedMethods provides additional advantages over similar products on the market. The platform does not collect or store any district information, it’s simply finding and reporting on information within the school district’s G Suite domain. ManagedMethods employees also do not monitor or access student or district information, unless it’s in the context of a tracked support ticket.

“If you don’t have ManagedMethods, you’re missing a big portion of the things that are happening in your district’s G Suite for Education environment. It doesn’t matter where I am, I can access ManagedMethods quickly and easily. I can make a decision about whether I need to address an issue immediately, or whether it can wait until a more convenient time. I don’t know of any other company doing what ManagedMethods can do.”
— Greg Alico, Technology Coordinator

The Results

After using ManagedMethods, Alico is happy with his choice. “It was what we were looking for. Some products are slow in adapting to the changing world. I was hoping that over time ManagedMethods would move forward and evolve, which is what I’m seeing,” says Alico.

The fact that ManagedMethods is always looking to improve the product, developing new features without additional charges, and providing training on how to use new features are positive factors for Alico and his team.

Alico started using ManagedMethods with the provided out-of-the-box policies, but they’ve added many custom policies in the last year. These include policies that manage issues such as sharing PII on email. Now, he gets alerts and can educate the person as to why they need to stop. The instances of that happening have effectively stopped altogether.

“ManagedMethods is like the missing part of Google that I need. It’s surprising that the information is there for Google, but I’d never show anyone the Google reports because they wouldn’t understand. ManagedMethods reports help me to explain problems to the non-tech folks I work with.”

He is also now able to identify students using Google Docs as chat rooms, as well as other G Suite behavior, that he couldn’t before. Alico can investigate the reports he receives very quickly, and decide if an alert is something that he needs to do something about. ManagedMethods also helps him identify instances where alerts indicate potential self-harm signals, which he can share with proper student resources quickly.

“If you don’t have ManagedMethods, you’re missing a big portion of the things that are happening in your district’s G Suite for Education environment,” says Alico. “It doesn’t matter where I am. I can access ManagedMethods quickly and easily. I can make a decision about whether I need to address an issue immediately, or whether it can wait until a more convenient time. I don’t know of any other company doing what ManagedMethods can do. It’s well worth the cost.”

K12 Cybersecurity & Safety Demo

Google Classroom Safety: The Next Administrative Nightmare?

The lack of comprehensive admin controls in Google Classroom worries district IT teams and administrators

Google Classroom is a lifesaver for many districts this year. With the COVID-19 pandemic still raging on, many districts are doing remote or hybrid learning, and they’re using Google Classroom to continue educating their students. Google built Classroom with students and teachers in mind, but it lacks many of the administrative tools and controls that IT admins are used to having for other G Suite apps. As a result, there are growing concerns about Google Classroom safety for students.

Google Classroom safety concerns range from data privacy to student behavior. There were already many reports about students using shared Google Docs as chat rooms to share explicit images, bully each other, and engage in inappropriate behavior before the majority of learning went online. With the increased use of Google Classroom, and the G Suite apps that integrate with it, problems like this are expected to increase.

On the other hand, the student data privacy issues that Google’s terms of service and practices bring up caused the New Mexico Attorney General to decide to file a lawsuit against Google. The suit alleges that Google has engaged in deceptive practices in violation of COPPA and the New Mexico Unfair Practices Act.

Districts expect a significant increase in the number of teachers and students using Google Classroom in the coming weeks and months. The increased usage is bringing G Suite for Education security and Google Classroom safety to the top of everyone’s mind.

Is Google Classroom Safe?

Like most other school-sanctioned cloud applications your students use, you can manage many Google Classroom safety concerns using the Admin Console. However, student behavior problems such as sharing explicit photos, using inappropriate language, and bullying still take place. It’s a problem because the Google Classroom monitoring capabilities aren’t up to par with other G Suite apps. It’s largely the teachers’ burden to manually find and stop such behavior in Classroom.

Many districts have responded to this limitation by locking down the students’ ability to create their own Classrooms and post announcements or comments in Classroom. If your district wants to take this approach, you can prevent students from accessing these features by making adjustments in your domain’s Google Classroom security settings.

But some schools and teachers would prefer to allow students to do these things to help promote collaborative learning. And foster at least some semblance of community that they used to enjoy in physical classrooms. It would be nice if the Classroom product team would provide a better level of visibility and control over the app. Or, at the very least, develop the APIs that will allow Google’s third-party partners to build better Google Classroom admin capabilities.

Another element of Google Classroom safety is that of access. Of course, you will want to restrict who can access your schools’ Classrooms. Access from some outside domains may be warranted for different grade levels, classes, and/or special education needs. You’ll want to restrict outside domain access to your domain’s Classrooms, and then set up an approved list of domains that will be granted access. This access configuration is fairly straightforward to set up in the Admin Console.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

How Well does Google Classroom Protect Student Data Privacy?

The New Mexico lawsuit highlights some important concerns about student data privacy in Google Classroom. Parents and privacy advocates are concerned about the collection and use of information about a child’s location, where they engage, and where they browse while online. They’re concerned about Google using this private data for their own commercial purposes, and about third parties gaining access to the data.

This particular issue will continue to play out—likely for many years. Today, the G Suite for Education Agreement describes Google Classroom safety, security, and privacy terms.

For the record, the Common Sense Privacy Program gives Google Classroom privacy an 88%, which is a passing grade. Their review of Google Classroom describes why the app received that grade and how it scored in various categories, including data collection, data sharing, data security, and more.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

Who Can Monitor Google Classroom Safety & Student Behavior?

Right now, it’s up to the teachers and support staff to monitor student safety and behavior manually in Google Classroom. Admins can control domain and Organizational Unit access to Classrooms, but they don’t have helpful controls over safety and behavior.

For example, admins don’t have visibility over students’ comments in Classrooms. While they can monitor and control other G Suite apps like Gmail, Docs, and Google Chat and create automated policies based on text or image content, that capability isn’t currently available in Google Classroom.

The Google Classroom safety and student behavior issue has yet to play out in a significant way in our new hybrid learning world. I’m betting that this will evolve much like this spring’s transition to Google Meet and Zoom did. There will be incidents of bad behavior that push the Classroom product team to develop better monitoring and control capabilities at an administrative level.

Safety is just one of the Google Classroom security issues that district IT teams are grappling with right now. There have been some great new updates to Google Classroom from a learning management standpoint, making it a more fantastic tool for teachers and students.

Unfortunately, IT admins and help desk support teams will likely face a lot of Google Classroom admin pain before the product team gets around to beefing up administrative controls and third party API capabilities.

New call-to-action

6 Google Classroom Admin Tips for K-12 IT Teams

Make the most of these Google Classroom admin features

Due to the COVID-19 pandemic, a large number of school districts are using Google Classroom this year to support remote learning. When Google created Classroom, they didn’t anticipate that districts would use it to replace classroom education. They thought teachers and students would use it as a learning management system. As a result, Google Classroom admin functions are limited, which causes challenges for district IT staff charged with managing the software.

G Suite for Education security is an important function for all districts that use G Suite apps, even before the pandemic moved a greater majority of learning and school business operations online. Google’s Admin Console provides a variety of powerful tools to monitor and control many of its most popular apps. For example, IT teams have a great deal of control over Google Drive security and data loss prevention. Google Classroom monitoring of this kind, on the other hand, is largely impossible for school Google admins.

Tools to manage available Google Classroom security settings and audit Google Classroom data are found in different places in the Admin Console. Configuring and managing class settings is pretty straightforward in the G Suite section under the Apps tab. And, you can find the tools to audit Google Classroom use and other audit logs in the Reports section of the Admin Console.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

6 Google Classroom Admin Tips

Google Classroom admins have a number of issues to address. These six tips will help you meet the admin challenges posed by the increased use of Google Classrooms in its current format.

1. View Classroom Usage Reports

As the admin, you’ll need to be able to monitor classrooms to see usage trends and monitor Classroom activity. To access usage reports, go to the Reports tab in the Admin Console, then under App Reports, click Classroom. With the Classroom usage reports, you’ll be able to:

  • Sort the date-specific statistics by teachers or students
  • Download reports
  • Review a user’s Classroom usage
  • Review active Classroom users

Learn more about Google Classroom usage reports here >>

2. Connect Classroom to your SIS

Before you can connect Classroom to your Student Information System (SIS), you must integrate your SIS with Classroom using the One Roster API. Once that is completed, teachers can link classes to the SIS to export grades. You will need to make sure that you have set permissions properly in the School Data Sync option to allow for linking and exporting. The default is to allow teachers to perform those tasks.

Learn more about connecting Google Classroom to your SIS here >>

3. Allow Classroom Email Notifications for Teachers and Students

Even if your district doesn’t have student emails activated, you can still give permission for emails that contain Classroom notifications such as classwork notes, comments on posts, and class invitations.

To allow these notifications, make sure that teachers and students can email each other, even if they’re in separate domains. You’ll also need to add to the list of allowed domains in your Admin Console.

Learn more about allowing Google Classroom email notifications here >>

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

4. Activate and Configure Google Meet for Classroom Integration

If your district uses Google Classroom, teachers can also use Google Meet for online class sessions. Google recently made this easier with a Classroom and Meet integration, moving Google Meet access into the Classroom interface.

Your district will have access to Google Meet’s premium video conferencing features until September 30, 2020. After that date, you’ll need to purchase G Suite Enterprise for Education. Those features include live stream, recordings, and up to 250-person meetings.

You can access the Google Meet settings in the Admin console by going to Apps, then G Suite, and you’ll see the Google Meet link. You can review the Meet features available to a user, but you can only change Meet settings based on an Organizational Unit or Group. You’ll need to turn on Meet for teachers, who can then create unique Meets for each class.

Learn more about the Google Classroom and Meet integration here >>

5. Manage Guardians in Your Domain

A student’s guardian can receive email summaries concerning that student’s work and progress in a class. As the Google Classroom admin, you can allow guardian emails and give teachers the ability to add or remove guardians.

The default for K-12 schools is to have guardian access turned on. From Admin Console, you can give teachers the ability to invite and remove guardians, or you can restrict that capability to domain administrators.

Learn more about managing guardian notifications here >>

6. Troubleshoot Domain Errors in Classroom

Domain errors can occur when users are attempting to access and/or share resources in different domains. If you encounter domain errors, you can go to Classroom help to determine how to correct those errors based on the specific error message you receive.

Some examples of common domain errors that you’re likely to hear from teachers and/or students in the coming weeks include:

  • 1 user was not invited. You cannot invite students outside your domain to classes
  • Oops! That code is for a class outside your domain. Please make sure you entered the correct code
  • This file (These files) cannot be shared with the class due to a problem with your domain settings. Please contact your domain admin
  • This file (These files) cannot be turned in due to a problem with your domain settings. Please contact your domain admin

All of these errors have to do with your domain whitelisting policies. In many cases, they may be completely legitimate (in other words, you’ve purposefully restricted access to your domain from outside domains). In some cases, it may have to do with a student or teacher attempting to access their Classroom materials using a personal account without realizing it. But in other cases, you may have intended to allow the access and need to troubleshoot your domain whitelisting setup.

Learn more about troubleshooting Google Classroom domain errors here >>

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

The Anywhere School: New Admin Features from Google

Google launched The Anywhere School on August 11, 2020. It included an online event to explore the future of education, which is now available on-demand. In addition, Google is providing free training for professional development through The Anywhere School. There is education for teachers and parents to help them use the tools available from Google for remote learning.

In their effort to keep improving Google Classroom to help everyone using it tackle remote learning, Google announced many new features for all types of users. Those announcements include a number of new features for IT admins that, according to Google, are coming soon. Most notably, the new admin features include:

  • The ability to download Google Classroom audit logs, including BigQuery analysis for Enterprise customers
  • Access to Google Meet audit logs in the Admin Console, and the ability to assign access to the Meet Quality Tool to other people in your organization
  • Improvements to the Google Groups experience

Before COVID-19, experts hailed Google Classroom as a simple “LMS Lite” for teachers and students. And, even better, the price was desirable since it was free. Now, schools are planning to rely on Classroom to enable learning for millions of students, and Google is working hard to take Classroom beyond its “Lite” reputation.

However, Google Classroom admin tools are still lacking because understandably, the main focus of product development continues to be on features for teachers and students. Thankfully, Google seems to be acutely aware of the need for upgrades.

District admins still need to be aware of Google Classroom security issues. You must make sure you are using Google Meet best practices, monitoring Google Meet, and generally making sure that you’re protecting both students and data, particularly during this increase in online learning.

New call-to-action

Product Update: How To Audit Google Meet “Bombing” and Other Improper Access or Behavior

ManagedMethods helps K-12 IT admins audit and investigate Google Meet access

Google Meet bombing analyzerAs we get into the swing of things in the new school year, districts are continuing to work through a variety of challenges that COVID-19 has created. Along with the continuing issues of student access, attendance, and engagement, districts are again dealing with “Zoom-bombing” incidents. That is, when Zoom is actually up and running

Many districts are turning to G Suite for Education to enable remote learning. While Zoom is getting most of the heat for disruptive attacks, Google Meet is by no means immune to “bombing”.

Google responded to Google Meet “bombing” incidents by rolling out an update that does not allow anonymous users to join a Meet organized by anyone with a G Suite for Education or G Suite Enterprise for Education license. This protection is now turned on by default and reportedly rolled out to all education domains in late July.

However, we’re now hearing about a small number of Google Meet “bombing” from our customers, as well as our own team members who have school-aged children. So, we wanted to highlight how ManagedMethods’ new Google Meet Analyzer can help IT admins audit their districts’ Google Meet behavior.

Auditing Google Meet “Bombing” & Other Behavior

Using our Google Meet Analyzer, IT admins can quickly and easily see Meet participants and organizers by individual user and organizational unit (OU). You can see Meets that included a screen share, and ones in which external domains accessed the Meet.

Admins can further drill down to see which IP and email address a Meet participant logged in from. This information helps determine if the behavior was likely caused by a student misbehaving or an unauthorized user that somehow gained access to an internal user account. This information helps your teachers and/or administrative staff determine if corrective actions need to be taken with the student.

It can also help you determine if there is a problem with unauthorized account access, which would require investigation into account takeover and data security actions. In this case, ManagedMethods provides easy tools to investigate and take remedial action on the account for cybersecurity purposes.

New call-to-action

4 Google Classroom Security Issues

District IT teams need to be aware of potential Google Classroom security issues as we enter into the new school year

Google was already the main player in K-12 school districts. Now, the pandemic has many districts planning for continued remote learning or hybrid learning as classes are starting. As a result, Google Classroom use has more than doubled compared to a year ago. With all this additional activity and content creation, IT teams need to be aware of the top Google Classroom security issues.

Google Classroom is a great tool for teachers and students who need something to bridge the learning gap in our new, physically isolated world. It’s lightweight, easy to use, and comes at a great price (free!) But the increased use of this tool means that district IT teams need to understand Google Classroom monitoring capabilities and limitations—and know how they affect the rest of their G Suite for Education security configurations.

Google shared responsibility model 400

Source: Google Cloud

Is Google Classroom Secure?

Like all G Suite for Education apps, Google built Classroom on one of the world’s most secure cloud architecture infrastructures. It’s unlikely that an attack directly on Google’s Cloud Infrastructure itself is going to be successful, or that your district’s data will be exposed from such an attack.

However, just like any SaaS platform, Google operates using a shared responsibility model. This means that the person on your district’s IT team in charge of Google administration needs to configure security settings in your specific domain properly, and monitor G Suite apps and accounts for potential misuse, breaches, and other security issues. The best thing you can do right now is check and configure your Google Classroom security settings before school starts to mitigate some of these issues before they arise.

4 Top Google Classroom Security Issues

Google Classroom security issues are typically the result of security misconfigurations, weak passwords, and human error. For example, if a user creates a weak password for their Google account login, it exposes that account—and all the apps and data it has access to—to potential security issues. It’s a bigger problem for accounts that have high levels of data access because hackers put a premium on attacking those accounts.

The four Google Classroom security issues discussed below are the most critical issues for your IT team to be aware of and address as best you can (particularly given the frustrating lack of Google Classroom admin controls).

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

1. Phishing and Malware

Phishing and ransomware attacks are a huge issue for school districts today. IT teams struggle with large and very inexperienced user environments. Often paired with a woefully underfunded cybersecurity program, school districts are uniquely vulnerable and hackers are taking notice.

For example, looking at the 2019 K-12 cybersecurity year in review, several of the top incidents were a result of phishing attacks. In Texas, a phishing email resulted in all of a district’s W-2 tax forms being distributed. In California, a student gained access to his school’s grading system using a phishing email. In another California phishing incident, the personal information on over 500,000 people in the district was stolen.

There was also one ransomware attack in the top 10 incidents, and it cost a school district in Massachusetts $10,000. As you’re likely aware, these are just a few examples of the wave of phishing and malware attacks school districts are experiencing.

How do phishing and malware relate to Google Classroom security issues? To be sure, there are no reported incidents of a phishing attack taking place directly in Google Classroom. Email is still by far the #1 threat vector. That being said, there are a couple of ways that this year’s increased Google Classroom activity can increase your risk. First, there is a good chance that there will be a lot more use of Gmail as a result of students using Google Classroom. Simply increasing the sheer number of emails being received and opened increases your district’s risk.

There is also the question of how hackers might use access to Google Classroom if they’re able to successfully take over an account. Again, there are no known reported incidents of this happening, but rest assured if there is a benefit to doing this they will take it. With so many students, staff, and teachers using Google Classroom this year, why wouldn’t a hacker attempt to share malware in Google Classroom? There is really no way for security teams to detect such an attack, so if someone can gain access to an account and start sending links through Classrooms they’re associated with, as well as Gmail, it could be a lucrative new vector.

2. Account Takeovers

Account takeovers are one of the most damaging of the Google cloud security issues. Once a hacker has control of an account in your system, they can do untold damage. In another example from Texas, a hacker gained access to a business system and stole $2 million that was supposed to be used to pay the district’s construction vendor.

Once an internal account has been compromised, the hacker is able to act as though they’re an internal, trusted user. They can send emails, upload and share files, engage in Chats, host and participate in Meets, and post to any Google Classrooms based on that user account’s access permissions.

It’s important to make sure your G Suite application settings are configured correctly. This gives you a starting point for protecting your accounts. Unfortunately, it’s difficult to spot Google account takeovers, and native Google security tools do little to help. This is because, once the account has been compromised, it looks like a regular login from a recognized user. In today’s environment, you need to have the right type of cloud application security in place to monitor for anomalous behavior and automatically lock down the account.

3. Data Loss

Human error plays a big role in school districts suffering a data breach, and accidents are the cause of most data loss. All it takes is for a staff member to set the sharing setting on a document to “visible to the public.” It could happen that someone with malicious intent will find that document, and it’s just not a good idea to have sensitive information accessible by anyone.

When it comes to Google Classroom security issues, the most likely improper data handling scenario will be accidental. With so many students and teachers using Google Classroom—and many not being particularly tech-savvy—there is a good chance that personal information that should not be shared can be accidentally shared in a Classroom and/or saved in a class folder on Google Drive.

Since Google Classroom does not have the same level of data loss prevention monitoring and controls that other Google apps do, these types of incidents can be difficult to detect. However, having a solid data loss prevention policy in place and properly configuring the settings in Admin Console should have you covered. This is because, though the files are shared in Classroom they’re still stored in Drive.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

4. Student Safety and Communications Misuse

Not all Google Classroom security issues are related to cybersecurity. Protecting students and complying with regulations is another important concern.

For example, districts are struggling with how to track hybrid learning attendance and student engagement. Taking attendance is easy when students are physically present in the classroom. Remote learning poses an entirely new problem for districts that have to report on attendance for funding and other compliance purposes.

Districts are also grappling with the challenge of how much access they should allow students in a way that will balance collaboration with cyber safety. For example, the problem of students using Google Docs, Slides, and other apps as chat rooms was already an issue—one that is expected to get worse. Students are using these unofficial “chat rooms” to share explicit content and bully each other. If districts can’t track and control this type of behavior, they could find themselves dealing with problematic hybrid learning CIPA compliance questions.

Since the use of Google Classroom is increasing, and students are continuing to be isolated from one another as the COVID-19 pandemic drags on, you can expect these types of issues to grow more prevalent this school year.

G Suite for Education provides excellent tools for districts that are taking on the heroic task of continuing to educate and nurture students through the COVID-19 pandemic. Managing Google Classroom security issues is yet another thing that IT teams will most likely need to figure out on the fly.

webinar on-demand google classroom monitoring

Google Classroom Monitoring for District IT Admins

Google Classroom monitoring capabilities and limitations for districts working to enable hybrid learning models this school year

According to our recent live poll of K-12 IT leaders, over 60% of school districts are planning on some form of hybrid learning to start off this school year. Many also seem to be planning on using Google Classroom to help enable hybrid or remote learning, based on reports that Google Classroom user numbers have doubled since the beginning of March. This means that it’s likely you’re going to need some form of Google Classroom monitoring and reporting going into the new school year.

With more users, it’s critical to monitor Google Classroom for a number of reasons. You’ll need to monitor student behavior and safety, data loss prevention, and cybersecurity issues to comply with FERPA and CIPA in hybrid learning.

Google Classroom Monitoring—More Than Just Assignments and Grades

Teachers and students use Google Classroom to handle assignments and grades. But, as your district’s G Suite administrator, there are a few things that you may want to keep in mind if your district is planning on using Classroom in the coming school year.

Many schools are weighing options for how much access they want to grant students using Google Classroom this year. They could give students access to allow them to create their own Classrooms and/or post and comment in Classroom threads. That type of communication will help remote learners feel at least some sense of normalcy.

However, there are risks to allowing that type of student access. There have been incidents in the past of students using Google Classroom as another way to post inappropriate language, images, or bully others.

Google Classroom monitoring will be critical to stopping these types of problems if your district opens Classroom to students.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

Monitoring Google Classroom Integrations with Drive and Meet

Google Classroom integrates with other apps in the G Suite for Education ecosystem. IT teams can improve operational efficiencies by being to monitor and control data security and student safety policies across all apps.

With the increase in the use of Google Classroom, teachers and students will create more content and will share it in Google Drive. Make sure you can monitor your district’s Google Drive and Shared Drives for issues like cyberbullying and students using Google Docs as a chat room.

You’ll also need to monitor for data security issues to comply with regulations like FERPA. These kinds of documents are less likely to be shared through an app like Classroom, but people make all kinds of silly mistakes! For example, a teacher could accidentally share out a student roster with personal contact information in their Classroom when they meant to share a document meant for an assignment.

Google Classroom also now integrates with Google Meet, so you’re likely to see a significant increase in the number of Meets being hosted. Google Meet provides a Quality Tool that works well for troubleshooting but doesn’t sufficiently address safety and security issues. Monitoring Google Meet for those types of issues is critical and requires new tools to safeguard your students. For example, identifying meeting participants by Organizational Unit to find meetings that didn’t include a teacher or staff is very helpful for admins.

K-12 IT admins are finding that, with the right G Suite for Education security tools and Google Meet best practices, their teachers, students, parents, and administrators are feeling more comfortable with using Google Meet for remote learning. Recommended best practices include simple steps like properly configuring meeting privileges, recordings, and auditing participant behavior.

Limitations in Google Classroom Monitoring

We started digging into the APIs available for Google Classroom shortly after launching our new Google Meet and Chat monitoring capabilities for schools that had to move to remote learning. Unfortunately, what we found is that Google Classroom lacks the robust admin capabilities that other G Suite apps have.

Google created Classroom with teachers and students in mind. Before COVID-19, that didn’t present a problem. But, now that so many schools are planning on using it in the coming school year, we’re going to be running into a lot of administrative roadblocks.

The control provided by Classroom’s Admin Console is quite limited. Though they recently announced new admin features that will improve some administrative issues, there are still some concerning (and surprising) Google Classroom monitoring limitations.

It isn’t possible to detect inappropriate posts and behavior in Classroom comments

This is frustrating to many districts because they would like to enable student comments and chats in Classroom. It encourages greater communication and collaboration, and it keeps all interactions in one place.

Many teachers disable student comments and chats in their Classrooms because without a central system to monitor and control inappropriate behavior, they have yet another task to add to their already burgeoning “to do” lists. Teachers would be solely responsible for manually monitoring, catching, and deleting inappropriate content.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

There is a disconnect between Classroom and Meet on the backend

The recent update to Google Classroom that integrates Meet for users is an excellent step forward. However, schools are now in a position where they must confirm that students accessing classrooms remotely are actually attending the sessions. An easy way to do that confirmation would be to run an audit of the students’ Google Meet login and logout behavior tracked against the Classrooms they are supposed to attend.

The problem is that on the back end, these two apps aren’t connected. Admins can audit Meet participation to determine which Google Classrooms a student should attend, but there isn’t any way to connect that information to the Google Meet login/logout activity.

Hopefully, the Classroom product team will recognize this gap and will update it to make reporting on student attendance and engagement a better and easier experience. And not just for teachers and students, but also for administrators who need this kind of visibility and data now more than ever!

webinar on-demand google classroom monitoring

Google Classroom Security Settings To Check Before School Starts

Use these easy tips to make hybrid learning in Google Classroom more secure

Millions of students will be going back to school in just a few short weeks. Over 60% of school districts are planning for some level of hybrid learning, at least for fall 2020 sessions. A large number of students and teachers will be using Google Classroom as their primary Learning Management System (LMS). Therefore, Google Classroom security is a critical issue.

Since “back to school” has a new meaning this fall, what can you do to help make remote learning secure? Here are five Google Classroom security settings that you should check and configure before students begin logging in.

1. Access to Google Classrooms for Users in Your Domain

Controlling who can access your Google Classrooms is an important first step in securing it. Access management is a fundamental layer of cybersecurity and it’s important for Google Classroom, too. You can turn the app on or off to control access by the different organizational units (OUs) in your district. You’ll have a large number of district users accessing Google Classroom, but you should limit that access to those who need it.

In the Admin Console, you’ll find four access options that control who can join classes in your domain:

  1. Only users in your domain
  2. Users in whitelisted domains
  3. Any G Suite user
  4. Any user

You can also control which classes users in your domain can join. In the Admin Console, there are three options:

  1. Classes in your domain only
  2. Classes in whitelisted domains
  3. Any G Suite class

Google Classroom gives you the tools to control who is assigned to OUs, who can join your classes, and who has access to different classes. Review the Google user access support page for more information.

[FREE WEBINAR] Google Classroom and Beyond: Attendance Reports, Cybersecurity, and Student Safety Monitoring in Hybrid Learning. REGISTER >>

2. Access to Google Classrooms for Users Outside Your Domain

At times, it can be useful for you to allow some of your users to access Google Classes outside your domain. But, you need to tread lightly while controlling this access. Be sure that you only whitelist domains that you know you can trust.

Besides letting some outside users access your classes, you can also use this setting to allow your users to join Classrooms hosted by domains on your whitelist. The control can go both ways.

Two things need to happen to allow this exchange. You will need to configure your Google Drive security settings to allow file sharing between your domain and your whitelisted outside domains. And, the admins of those whitelisted domains will need to whitelist yours.

You can find out more about configuring outside domain access from Google support.

3. Verify Teachers and Set Teacher Permissions

When a user first signs in to Google Classroom, they see a prompt asking them to identify themselves as a teacher or a student. The system automatically adds a user who identifies as a teacher to a Classroom Teachers Group. You can see the opportunity for problems if students have the privileges of a teacher.

Some schools are going to allow some student user groups to create their own Google Classrooms, but most aren’t. As your district’s admin, you’ll need to ensure that your Google Classroom creation access for students is properly configured to your internal policies. You need to monitor the list of teachers to verify that they really are teachers.

You can manage Classroom creation permissions in the Admin Console and you may need to change those permissions periodically. You have three options:

  1. Anyone in this domain (teachers and students)
  2. All pending and verified teachers
  3. Verified teachers only

You may want to start the school year with the “verified teachers only” setting, and then open it up slowly if needed. This will help to avoid Classroom creation chaos in your domain.

However, depending on our district’s rollout process, you may want to use the “all pending and verified teachers” option to make sure teachers have easy access to Classrooms at the start of the school year. With that option, you won’t need to verify every teacher before they can start work. The downside of this approach is that it could create some compliance issues if students identify as teachers without permission.

To avoid that problem, it’s best to establish a policy requiring teachers to log in to their Google Classrooms for the first time during the week or two before school starts. That way, you can get the teachers verified ahead of time, and then keep the system restricted to “verified teachers only” during the initial surge of Classroom use.

Visit Google support to see step-by-step instructions on how to verify teachers and configure permissions in the Admin Console.

[FREE WEBINAR] Google Classroom and Beyond: Attendance Reports, Cybersecurity, and Student Safety Monitoring in Hybrid Learning. REGISTER >>

4. Audit “Orphan” Classrooms and Transfer Ownership

If your district has used Google Classrooms in previous years, you’ll want to make sure you don’t have any “orphaned” Classrooms before school starts. A Classroom becomes an orphan when the teachers who created them aren’t working in your district, or have changed the subjects or grades they will teach in the new school year. You can save the Classrooms by transferring ownership to another teacher. That teacher can decide whether they want to use the existing Classroom or not.

It’s important to note that if a teacher has left your district, you must transfer ownership of their Classrooms before you delete their account. This is critical since a teacher’s Classrooms will automatically be deleted when their account is deleted.

As the admin, you can transfer ownership of a teacher’s Google Classroom to any other teacher in your domain using the Classroom API. Teachers can also transfer their own Classrooms to other teachers. You can share the Google support documentation to help them complete a transfer on their own. And, you can learn more online about transferring Classroom ownership.

5. Activate and Configure Google Meet for Classroom Integration

Many districts don’t enable Google Meet and Chat with Google Classrooms because of the Google Chat security and safety issues. However, Google created an integration between Google Classroom and Meet in the spring of 2020 to help improve hybrid learning experiences for students and teachers.

You can now turn on Google Meet independently of Google Chat, so you may want to turn Meet on for the coming school year. You can learn more online about configuring Google Meet for hybrid learning.

Back to school will be a challenge for parents, students, teachers, and district teams for the fall 2020 sessions. As a Google Admin, many of your challenges will center on properly configuring G Suite for Education security settings to keep your students and data safe online. Hopefully, this Google Classroom security checklist will help make the return to school a bit easier for you.

New call-to-action