Warrior Run School District Manages Student Cyber Safety in G Suite for Education

ManagedMethods helps Warrior Run School District Monitor G Suite for inappropriate language, cyberbullying, self-harm signals, and other student safety concerns

Warrior Run School District Google G Suite Cyber Safety

Warrior Run School District is located in Turbotville, Pennsylvania. The district has an enrollment of about 1,500 students and 180 faculty and staff, and they’ve recently moved to complete 1:1 for all K-12 grades.

Greg Alico, Technology Coordinator, a tech specialist, and three building technology aides manage all things related to technology and system administration in the district. Most of the technology used in the district is cloud-based, including G Suite for Education. Cost, plus user needs for easy 24/7 access to the district’s systems, prompted the move to the cloud.

Warrior Run School District uses a multi-layered cybersecurity and safety technology stack, including Securly for student safety and device management, and ClassLink for password security.

“ManagedMethods’ layout and ease of use is exceptional. I didn’t need extensive training because the interface is so easy to navigate and user friendly. Most importantly, I’m now able to be proactive in identifying student behavior issues and alerting the proper school resources when necessary.”
— Greg Alico, Technology Coordinator

Alico and his team works to manage the significant growth in the number of apps that are available to schools. If a teacher wants a new app, they must first complete an application created in Google Forms. A review committee then meets to evaluate the app on a variety of parameters. If the app passes the evaluation based on FERPA, COPPA, and other criteria, Alico determines the best way to provide the app to users.

The Challenge

Alico was concerned about monitoring student behavior in G Suite. Google Admin Console gives him access to some data, but it isn’t user-friendly. Nor is it typically presented in a way that makes the data usable. Admin Console also doesn’t provide information or notifications on student behavior issues happening within G Suite Apps. As a result, he spent many frustrating hours trying to find and compile the information he needed when a student incident occurred.

“I would hear from a principal that a student had a discipline problem and, during the investigation, they’d discover that the student was abusing G Suite. The principal wondered why I wasn’t catching those things,” Alico recalls. “I didn’t like the fact that I couldn’t stay ahead of a situation like that. I felt I should be going to them to let them know about a problem before there’s a significant issue.”

He knew that there were students using Google in inappropriate ways, but he didn’t have a way to know about it. For example, there were no alerts for students using Google Docs as chat rooms using inappropriate language and sharing explicit images. He could run an investigation manually in Admin Console, but it wouldn’t catch everything and was time-consuming. Further, when his investigation did pick something up, it was difficult to identify additional facts such as the source of the text, who created the document, who it was shared with, and who contributed to it over the document’s history.

The Solution

Luckily, Alico didn’t get internal resistance to looking for a more comprehensive method for monitoring G Suite. It was obvious that there was a problem and that the district needed something new to address it. Like most public school districts, the main issue was cost. Alico’s budget stays flat and he must make decisions about whether a new application will be worth the expense. He was looking for a solution that he could afford over the long-term, not just for the year.

Early in his search, Alico scheduled a demo with ManagedMethods. He was impressed with the built-in reporting, along with the custom reports that he can automate to send periodically. He also liked that he didn’t need to make any changes in his existing systems or OU setup.

“ManagedMethods’ layout and ease of use is exceptional,” explains Alico. “I didn’t need extensive training because the interface is so easy to navigate and user friendly. Most importantly, I’m now able to be proactive in identifying student behavior issues and alerting the proper school resources when necessary.”

Alico evaluated ManagedMethods’ cyber safety monitoring capabilities along with other popular solutions available on the market. He found several benefits to ManagedMethods that made it stand out among his other options. The highly customizable and automated reporting that ManagedMethods provides was a big win for him.

The level of visibility and detail that ManagedMethods provides also stood out. ManagedMethods doesn’t just send email alerts. It provides additional information such as context, who created the document, who it was shared with, and who contributed to it over the document’s history. The email alert will also link directly to the document, email, or chat that violated the policy for further investigation.

There was some concern among students over the possibility of increased monitoring. Alico handled that issue with an explanation when students signed the district’s Acceptable Use Policy (AUP) that covers the rights, responsibilities, privileges, and penalties associated with using the school’s computers.

“Every year, when the students sign the AUP, I tell them that schools are public entities that are responsible for monitoring computer usage to identify instances of abuse. And, if certain activities are discovered, the school is mandated by law to address them,” Alico explains.

When it comes to data privacy concerns, ManagedMethods provides additional advantages over similar products on the market. The platform does not collect or store any district information, it’s simply finding and reporting on information within the school district’s G Suite domain. ManagedMethods employees also do not monitor or access student or district information, unless it’s in the context of a tracked support ticket.

“If you don’t have ManagedMethods, you’re missing a big portion of the things that are happening in your district’s G Suite for Education environment. It doesn’t matter where I am, I can access ManagedMethods quickly and easily. I can make a decision about whether I need to address an issue immediately, or whether it can wait until a more convenient time. I don’t know of any other company doing what ManagedMethods can do.”
— Greg Alico, Technology Coordinator

The Results

After using ManagedMethods, Alico is happy with his choice. “It was what we were looking for. Some products are slow in adapting to the changing world. I was hoping that over time ManagedMethods would move forward and evolve, which is what I’m seeing,” says Alico.

The fact that ManagedMethods is always looking to improve the product, developing new features without additional charges, and providing training on how to use new features are positive factors for Alico and his team.

Alico started using ManagedMethods with the provided out-of-the-box policies, but they’ve added many custom policies in the last year. These include policies that manage issues such as sharing PII on email. Now, he gets alerts and can educate the person as to why they need to stop. The instances of that happening have effectively stopped altogether.

“ManagedMethods is like the missing part of Google that I need. It’s surprising that the information is there for Google, but I’d never show anyone the Google reports because they wouldn’t understand. ManagedMethods reports help me to explain problems to the non-tech folks I work with.”

He is also now able to identify students using Google Docs as chat rooms, as well as other G Suite behavior, that he couldn’t before. Alico can investigate the reports he receives very quickly, and decide if an alert is something that he needs to do something about. ManagedMethods also helps him identify instances where alerts indicate potential self-harm signals, which he can share with proper student resources quickly.

“If you don’t have ManagedMethods, you’re missing a big portion of the things that are happening in your district’s G Suite for Education environment,” says Alico. “It doesn’t matter where I am. I can access ManagedMethods quickly and easily. I can make a decision about whether I need to address an issue immediately, or whether it can wait until a more convenient time. I don’t know of any other company doing what ManagedMethods can do. It’s well worth the cost.”

K12 Cybersecurity & Safety Demo

Google Classroom Safety: The Next Administrative Nightmare?

The lack of comprehensive admin controls in Google Classroom worries district IT teams and administrators

Google Classroom is a lifesaver for many districts this year. With the COVID-19 pandemic still raging on, many districts are doing remote or hybrid learning, and they’re using Google Classroom to continue educating their students. Google built Classroom with students and teachers in mind, but it lacks many of the administrative tools and controls that IT admins are used to having for other G Suite apps. As a result, there are growing concerns about Google Classroom safety for students.

Google Classroom safety concerns range from data privacy to student behavior. There were already many reports about students using shared Google Docs as chat rooms to share explicit images, bully each other, and engage in inappropriate behavior before the majority of learning went online. With the increased use of Google Classroom, and the G Suite apps that integrate with it, problems like this are expected to increase.

On the other hand, the student data privacy issues that Google’s terms of service and practices bring up caused the New Mexico Attorney General to decide to file a lawsuit against Google. The suit alleges that Google has engaged in deceptive practices in violation of COPPA and the New Mexico Unfair Practices Act.

Districts expect a significant increase in the number of teachers and students using Google Classroom in the coming weeks and months. The increased usage is bringing G Suite for Education security and Google Classroom safety to the top of everyone’s mind.

Is Google Classroom Safe?

Like most other school-sanctioned cloud applications your students use, you can manage many Google Classroom safety concerns using the Admin Console. However, student behavior problems such as sharing explicit photos, using inappropriate language, and bullying still take place. It’s a problem because the Google Classroom monitoring capabilities aren’t up to par with other G Suite apps. It’s largely the teachers’ burden to manually find and stop such behavior in Classroom.

Many districts have responded to this limitation by locking down the students’ ability to create their own Classrooms and post announcements or comments in Classroom. If your district wants to take this approach, you can prevent students from accessing these features by making adjustments in your domain’s Google Classroom security settings.

But some schools and teachers would prefer to allow students to do these things to help promote collaborative learning. And foster at least some semblance of community that they used to enjoy in physical classrooms. It would be nice if the Classroom product team would provide a better level of visibility and control over the app. Or, at the very least, develop the APIs that will allow Google’s third-party partners to build better Google Classroom admin capabilities.

Another element of Google Classroom safety is that of access. Of course, you will want to restrict who can access your schools’ Classrooms. Access from some outside domains may be warranted for different grade levels, classes, and/or special education needs. You’ll want to restrict outside domain access to your domain’s Classrooms, and then set up an approved list of domains that will be granted access. This access configuration is fairly straightforward to set up in the Admin Console.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

How Well does Google Classroom Protect Student Data Privacy?

The New Mexico lawsuit highlights some important concerns about student data privacy in Google Classroom. Parents and privacy advocates are concerned about the collection and use of information about a child’s location, where they engage, and where they browse while online. They’re concerned about Google using this private data for their own commercial purposes, and about third parties gaining access to the data.

This particular issue will continue to play out—likely for many years. Today, the G Suite for Education Agreement describes Google Classroom safety, security, and privacy terms.

For the record, the Common Sense Privacy Program gives Google Classroom privacy an 88%, which is a passing grade. Their review of Google Classroom describes why the app received that grade and how it scored in various categories, including data collection, data sharing, data security, and more.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

Who Can Monitor Google Classroom Safety & Student Behavior?

Right now, it’s up to the teachers and support staff to monitor student safety and behavior manually in Google Classroom. Admins can control domain and Organizational Unit access to Classrooms, but they don’t have helpful controls over safety and behavior.

For example, admins don’t have visibility over students’ comments in Classrooms. While they can monitor and control other G Suite apps like Gmail, Docs, and Google Chat and create automated policies based on text or image content, that capability isn’t currently available in Google Classroom.

The Google Classroom safety and student behavior issue has yet to play out in a significant way in our new hybrid learning world. I’m betting that this will evolve much like this spring’s transition to Google Meet and Zoom did. There will be incidents of bad behavior that push the Classroom product team to develop better monitoring and control capabilities at an administrative level.

Safety is just one of the Google Classroom security issues that district IT teams are grappling with right now. There have been some great new updates to Google Classroom from a learning management standpoint, making it a more fantastic tool for teachers and students.

Unfortunately, IT admins and help desk support teams will likely face a lot of Google Classroom admin pain before the product team gets around to beefing up administrative controls and third party API capabilities.

New call-to-action

6 Google Classroom Admin Tips for K-12 IT Teams

Make the most of these Google Classroom admin features

Due to the COVID-19 pandemic, a large number of school districts are using Google Classroom this year to support remote learning. When Google created Classroom, they didn’t anticipate that districts would use it to replace classroom education. They thought teachers and students would use it as a learning management system. As a result, Google Classroom admin functions are limited, which causes challenges for district IT staff charged with managing the software.

G Suite for Education security is an important function for all districts that use G Suite apps, even before the pandemic moved a greater majority of learning and school business operations online. Google’s Admin Console provides a variety of powerful tools to monitor and control many of its most popular apps. For example, IT teams have a great deal of control over Google Drive security and data loss prevention. Google Classroom monitoring of this kind, on the other hand, is largely impossible for school Google admins.

Tools to manage available Google Classroom security settings and audit Google Classroom data are found in different places in the Admin Console. Configuring and managing class settings is pretty straightforward in the G Suite section under the Apps tab. And, you can find the tools to audit Google Classroom use and other audit logs in the Reports section of the Admin Console.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

6 Google Classroom Admin Tips

Google Classroom admins have a number of issues to address. These six tips will help you meet the admin challenges posed by the increased use of Google Classrooms in its current format.

1. View Classroom Usage Reports

As the admin, you’ll need to be able to monitor classrooms to see usage trends and monitor Classroom activity. To access usage reports, go to the Reports tab in the Admin Console, then under App Reports, click Classroom. With the Classroom usage reports, you’ll be able to:

  • Sort the date-specific statistics by teachers or students
  • Download reports
  • Review a user’s Classroom usage
  • Review active Classroom users

Learn more about Google Classroom usage reports here >>

2. Connect Classroom to your SIS

Before you can connect Classroom to your Student Information System (SIS), you must integrate your SIS with Classroom using the One Roster API. Once that is completed, teachers can link classes to the SIS to export grades. You will need to make sure that you have set permissions properly in the School Data Sync option to allow for linking and exporting. The default is to allow teachers to perform those tasks.

Learn more about connecting Google Classroom to your SIS here >>

3. Allow Classroom Email Notifications for Teachers and Students

Even if your district doesn’t have student emails activated, you can still give permission for emails that contain Classroom notifications such as classwork notes, comments on posts, and class invitations.

To allow these notifications, make sure that teachers and students can email each other, even if they’re in separate domains. You’ll also need to add to the list of allowed domains in your Admin Console.

Learn more about allowing Google Classroom email notifications here >>

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

4. Activate and Configure Google Meet for Classroom Integration

If your district uses Google Classroom, teachers can also use Google Meet for online class sessions. Google recently made this easier with a Classroom and Meet integration, moving Google Meet access into the Classroom interface.

Your district will have access to Google Meet’s premium video conferencing features until September 30, 2020. After that date, you’ll need to purchase G Suite Enterprise for Education. Those features include live stream, recordings, and up to 250-person meetings.

You can access the Google Meet settings in the Admin console by going to Apps, then G Suite, and you’ll see the Google Meet link. You can review the Meet features available to a user, but you can only change Meet settings based on an Organizational Unit or Group. You’ll need to turn on Meet for teachers, who can then create unique Meets for each class.

Learn more about the Google Classroom and Meet integration here >>

5. Manage Guardians in Your Domain

A student’s guardian can receive email summaries concerning that student’s work and progress in a class. As the Google Classroom admin, you can allow guardian emails and give teachers the ability to add or remove guardians.

The default for K-12 schools is to have guardian access turned on. From Admin Console, you can give teachers the ability to invite and remove guardians, or you can restrict that capability to domain administrators.

Learn more about managing guardian notifications here >>

6. Troubleshoot Domain Errors in Classroom

Domain errors can occur when users are attempting to access and/or share resources in different domains. If you encounter domain errors, you can go to Classroom help to determine how to correct those errors based on the specific error message you receive.

Some examples of common domain errors that you’re likely to hear from teachers and/or students in the coming weeks include:

  • 1 user was not invited. You cannot invite students outside your domain to classes
  • Oops! That code is for a class outside your domain. Please make sure you entered the correct code
  • This file (These files) cannot be shared with the class due to a problem with your domain settings. Please contact your domain admin
  • This file (These files) cannot be turned in due to a problem with your domain settings. Please contact your domain admin

All of these errors have to do with your domain whitelisting policies. In many cases, they may be completely legitimate (in other words, you’ve purposefully restricted access to your domain from outside domains). In some cases, it may have to do with a student or teacher attempting to access their Classroom materials using a personal account without realizing it. But in other cases, you may have intended to allow the access and need to troubleshoot your domain whitelisting setup.

Learn more about troubleshooting Google Classroom domain errors here >>

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

The Anywhere School: New Admin Features from Google

Google launched The Anywhere School on August 11, 2020. It included an online event to explore the future of education, which is now available on-demand. In addition, Google is providing free training for professional development through The Anywhere School. There is education for teachers and parents to help them use the tools available from Google for remote learning.

In their effort to keep improving Google Classroom to help everyone using it tackle remote learning, Google announced many new features for all types of users. Those announcements include a number of new features for IT admins that, according to Google, are coming soon. Most notably, the new admin features include:

  • The ability to download Google Classroom audit logs, including BigQuery analysis for Enterprise customers
  • Access to Google Meet audit logs in the Admin Console, and the ability to assign access to the Meet Quality Tool to other people in your organization
  • Improvements to the Google Groups experience

Before COVID-19, experts hailed Google Classroom as a simple “LMS Lite” for teachers and students. And, even better, the price was desirable since it was free. Now, schools are planning to rely on Classroom to enable learning for millions of students, and Google is working hard to take Classroom beyond its “Lite” reputation.

However, Google Classroom admin tools are still lacking because understandably, the main focus of product development continues to be on features for teachers and students. Thankfully, Google seems to be acutely aware of the need for upgrades.

District admins still need to be aware of Google Classroom security issues. You must make sure you are using Google Meet best practices, monitoring Google Meet, and generally making sure that you’re protecting both students and data, particularly during this increase in online learning.

New call-to-action

Product Update: How To Audit Google Meet “Bombing” and Other Improper Access or Behavior

ManagedMethods helps K-12 IT admins audit and investigate Google Meet access

Google Meet bombing analyzerAs we get into the swing of things in the new school year, districts are continuing to work through a variety of challenges that COVID-19 has created. Along with the continuing issues of student access, attendance, and engagement, districts are again dealing with “Zoom-bombing” incidents. That is, when Zoom is actually up and running

Many districts are turning to G Suite for Education to enable remote learning. While Zoom is getting most of the heat for disruptive attacks, Google Meet is by no means immune to “bombing”.

Google responded to Google Meet “bombing” incidents by rolling out an update that does not allow anonymous users to join a Meet organized by anyone with a G Suite for Education or G Suite Enterprise for Education license. This protection is now turned on by default and reportedly rolled out to all education domains in late July.

However, we’re now hearing about a small number of Google Meet “bombing” from our customers, as well as our own team members who have school-aged children. So, we wanted to highlight how ManagedMethods’ new Google Meet Analyzer can help IT admins audit their districts’ Google Meet behavior.

Auditing Google Meet “Bombing” & Other Behavior

Using our Google Meet Analyzer, IT admins can quickly and easily see Meet participants and organizers by individual user and organizational unit (OU). You can see Meets that included a screen share, and ones in which external domains accessed the Meet.

Admins can further drill down to see which IP and email address a Meet participant logged in from. This information helps determine if the behavior was likely caused by a student misbehaving or an unauthorized user that somehow gained access to an internal user account. This information helps your teachers and/or administrative staff determine if corrective actions need to be taken with the student.

It can also help you determine if there is a problem with unauthorized account access, which would require investigation into account takeover and data security actions. In this case, ManagedMethods provides easy tools to investigate and take remedial action on the account for cybersecurity purposes.

New call-to-action

4 Google Classroom Security Issues

District IT teams need to be aware of potential Google Classroom security issues as we enter into the new school year

Google was already the main player in K-12 school districts. Now, the pandemic has many districts planning for continued remote learning or hybrid learning as classes are starting. As a result, Google Classroom use has more than doubled compared to a year ago. With all this additional activity and content creation, IT teams need to be aware of the top Google Classroom security issues.

Google Classroom is a great tool for teachers and students who need something to bridge the learning gap in our new, physically isolated world. It’s lightweight, easy to use, and comes at a great price (free!) But the increased use of this tool means that district IT teams need to understand Google Classroom monitoring capabilities and limitations—and know how they affect the rest of their G Suite for Education security configurations.

Google shared responsibility model 400

Source: Google Cloud

Is Google Classroom Secure?

Like all G Suite for Education apps, Google built Classroom on one of the world’s most secure cloud architecture infrastructures. It’s unlikely that an attack directly on Google’s Cloud Infrastructure itself is going to be successful, or that your district’s data will be exposed from such an attack.

However, just like any SaaS platform, Google operates using a shared responsibility model. This means that the person on your district’s IT team in charge of Google administration needs to configure security settings in your specific domain properly, and monitor G Suite apps and accounts for potential misuse, breaches, and other security issues. The best thing you can do right now is check and configure your Google Classroom security settings before school starts to mitigate some of these issues before they arise.

4 Top Google Classroom Security Issues

Google Classroom security issues are typically the result of security misconfigurations, weak passwords, and human error. For example, if a user creates a weak password for their Google account login, it exposes that account—and all the apps and data it has access to—to potential security issues. It’s a bigger problem for accounts that have high levels of data access because hackers put a premium on attacking those accounts.

The four Google Classroom security issues discussed below are the most critical issues for your IT team to be aware of and address as best you can (particularly given the frustrating lack of Google Classroom admin controls).

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

1. Phishing and Malware

Phishing and ransomware attacks are a huge issue for school districts today. IT teams struggle with large and very inexperienced user environments. Often paired with a woefully underfunded cybersecurity program, school districts are uniquely vulnerable and hackers are taking notice.

For example, looking at the 2019 K-12 cybersecurity year in review, several of the top incidents were a result of phishing attacks. In Texas, a phishing email resulted in all of a district’s W-2 tax forms being distributed. In California, a student gained access to his school’s grading system using a phishing email. In another California phishing incident, the personal information on over 500,000 people in the district was stolen.

There was also one ransomware attack in the top 10 incidents, and it cost a school district in Massachusetts $10,000. As you’re likely aware, these are just a few examples of the wave of phishing and malware attacks school districts are experiencing.

How do phishing and malware relate to Google Classroom security issues? To be sure, there are no reported incidents of a phishing attack taking place directly in Google Classroom. Email is still by far the #1 threat vector. That being said, there are a couple of ways that this year’s increased Google Classroom activity can increase your risk. First, there is a good chance that there will be a lot more use of Gmail as a result of students using Google Classroom. Simply increasing the sheer number of emails being received and opened increases your district’s risk.

There is also the question of how hackers might use access to Google Classroom if they’re able to successfully take over an account. Again, there are no known reported incidents of this happening, but rest assured if there is a benefit to doing this they will take it. With so many students, staff, and teachers using Google Classroom this year, why wouldn’t a hacker attempt to share malware in Google Classroom? There is really no way for security teams to detect such an attack, so if someone can gain access to an account and start sending links through Classrooms they’re associated with, as well as Gmail, it could be a lucrative new vector.

2. Account Takeovers

Account takeovers are one of the most damaging of the Google cloud security issues. Once a hacker has control of an account in your system, they can do untold damage. In another example from Texas, a hacker gained access to a business system and stole $2 million that was supposed to be used to pay the district’s construction vendor.

Once an internal account has been compromised, the hacker is able to act as though they’re an internal, trusted user. They can send emails, upload and share files, engage in Chats, host and participate in Meets, and post to any Google Classrooms based on that user account’s access permissions.

It’s important to make sure your G Suite application settings are configured correctly. This gives you a starting point for protecting your accounts. Unfortunately, it’s difficult to spot Google account takeovers, and native Google security tools do little to help. This is because, once the account has been compromised, it looks like a regular login from a recognized user. In today’s environment, you need to have the right type of cloud application security in place to monitor for anomalous behavior and automatically lock down the account.

3. Data Loss

Human error plays a big role in school districts suffering a data breach, and accidents are the cause of most data loss. All it takes is for a staff member to set the sharing setting on a document to “visible to the public.” It could happen that someone with malicious intent will find that document, and it’s just not a good idea to have sensitive information accessible by anyone.

When it comes to Google Classroom security issues, the most likely improper data handling scenario will be accidental. With so many students and teachers using Google Classroom—and many not being particularly tech-savvy—there is a good chance that personal information that should not be shared can be accidentally shared in a Classroom and/or saved in a class folder on Google Drive.

Since Google Classroom does not have the same level of data loss prevention monitoring and controls that other Google apps do, these types of incidents can be difficult to detect. However, having a solid data loss prevention policy in place and properly configuring the settings in Admin Console should have you covered. This is because, though the files are shared in Classroom they’re still stored in Drive.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

4. Student Safety and Communications Misuse

Not all Google Classroom security issues are related to cybersecurity. Protecting students and complying with regulations is another important concern.

For example, districts are struggling with how to track hybrid learning attendance and student engagement. Taking attendance is easy when students are physically present in the classroom. Remote learning poses an entirely new problem for districts that have to report on attendance for funding and other compliance purposes.

Districts are also grappling with the challenge of how much access they should allow students in a way that will balance collaboration with cyber safety. For example, the problem of students using Google Docs, Slides, and other apps as chat rooms was already an issue—one that is expected to get worse. Students are using these unofficial “chat rooms” to share explicit content and bully each other. If districts can’t track and control this type of behavior, they could find themselves dealing with problematic hybrid learning CIPA compliance questions.

Since the use of Google Classroom is increasing, and students are continuing to be isolated from one another as the COVID-19 pandemic drags on, you can expect these types of issues to grow more prevalent this school year.

G Suite for Education provides excellent tools for districts that are taking on the heroic task of continuing to educate and nurture students through the COVID-19 pandemic. Managing Google Classroom security issues is yet another thing that IT teams will most likely need to figure out on the fly.

webinar on-demand google classroom monitoring

Google Classroom Monitoring for District IT Admins

Google Classroom monitoring capabilities and limitations for districts working to enable hybrid learning models this school year

According to our recent live poll of K-12 IT leaders, over 60% of school districts are planning on some form of hybrid learning to start off this school year. Many also seem to be planning on using Google Classroom to help enable hybrid or remote learning, based on reports that Google Classroom user numbers have doubled since the beginning of March. This means that it’s likely you’re going to need some form of Google Classroom monitoring and reporting going into the new school year.

With more users, it’s critical to monitor Google Classroom for a number of reasons. You’ll need to monitor student behavior and safety, data loss prevention, and cybersecurity issues to comply with FERPA and CIPA in hybrid learning.

Google Classroom Monitoring—More Than Just Assignments and Grades

Teachers and students use Google Classroom to handle assignments and grades. But, as your district’s G Suite administrator, there are a few things that you may want to keep in mind if your district is planning on using Classroom in the coming school year.

Many schools are weighing options for how much access they want to grant students using Google Classroom this year. They could give students access to allow them to create their own Classrooms and/or post and comment in Classroom threads. That type of communication will help remote learners feel at least some sense of normalcy.

However, there are risks to allowing that type of student access. There have been incidents in the past of students using Google Classroom as another way to post inappropriate language, images, or bully others.

Google Classroom monitoring will be critical to stopping these types of problems if your district opens Classroom to students.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

Monitoring Google Classroom Integrations with Drive and Meet

Google Classroom integrates with other apps in the G Suite for Education ecosystem. IT teams can improve operational efficiencies by being to monitor and control data security and student safety policies across all apps.

With the increase in the use of Google Classroom, teachers and students will create more content and will share it in Google Drive. Make sure you can monitor your district’s Google Drive and Shared Drives for issues like cyberbullying and students using Google Docs as a chat room.

You’ll also need to monitor for data security issues to comply with regulations like FERPA. These kinds of documents are less likely to be shared through an app like Classroom, but people make all kinds of silly mistakes! For example, a teacher could accidentally share out a student roster with personal contact information in their Classroom when they meant to share a document meant for an assignment.

Google Classroom also now integrates with Google Meet, so you’re likely to see a significant increase in the number of Meets being hosted. Google Meet provides a Quality Tool that works well for troubleshooting but doesn’t sufficiently address safety and security issues. Monitoring Google Meet for those types of issues is critical and requires new tools to safeguard your students. For example, identifying meeting participants by Organizational Unit to find meetings that didn’t include a teacher or staff is very helpful for admins.

K-12 IT admins are finding that, with the right G Suite for Education security tools and Google Meet best practices, their teachers, students, parents, and administrators are feeling more comfortable with using Google Meet for remote learning. Recommended best practices include simple steps like properly configuring meeting privileges, recordings, and auditing participant behavior.

Limitations in Google Classroom Monitoring

We started digging into the APIs available for Google Classroom shortly after launching our new Google Meet and Chat monitoring capabilities for schools that had to move to remote learning. Unfortunately, what we found is that Google Classroom lacks the robust admin capabilities that other G Suite apps have.

Google created Classroom with teachers and students in mind. Before COVID-19, that didn’t present a problem. But, now that so many schools are planning on using it in the coming school year, we’re going to be running into a lot of administrative roadblocks.

The control provided by Classroom’s Admin Console is quite limited. Though they recently announced new admin features that will improve some administrative issues, there are still some concerning (and surprising) Google Classroom monitoring limitations.

It isn’t possible to detect inappropriate posts and behavior in Classroom comments

This is frustrating to many districts because they would like to enable student comments and chats in Classroom. It encourages greater communication and collaboration, and it keeps all interactions in one place.

Many teachers disable student comments and chats in their Classrooms because without a central system to monitor and control inappropriate behavior, they have yet another task to add to their already burgeoning “to do” lists. Teachers would be solely responsible for manually monitoring, catching, and deleting inappropriate content.

[WEBINAR ON-DEMAND] Monitoring Google Classroom & Beyond. LEARN & SECURE >>

There is a disconnect between Classroom and Meet on the backend

The recent update to Google Classroom that integrates Meet for users is an excellent step forward. However, schools are now in a position where they must confirm that students accessing classrooms remotely are actually attending the sessions. An easy way to do that confirmation would be to run an audit of the students’ Google Meet login and logout behavior tracked against the Classrooms they are supposed to attend.

The problem is that on the back end, these two apps aren’t connected. Admins can audit Meet participation to determine which Google Classrooms a student should attend, but there isn’t any way to connect that information to the Google Meet login/logout activity.

Hopefully, the Classroom product team will recognize this gap and will update it to make reporting on student attendance and engagement a better and easier experience. And not just for teachers and students, but also for administrators who need this kind of visibility and data now more than ever!

webinar on-demand google classroom monitoring

Google Classroom Security Settings To Check Before School Starts

Use these easy tips to make hybrid learning in Google Classroom more secure

Millions of students will be going back to school in just a few short weeks. Over 60% of school districts are planning for some level of hybrid learning, at least for fall 2020 sessions. A large number of students and teachers will be using Google Classroom as their primary Learning Management System (LMS). Therefore, Google Classroom security is a critical issue.

Since “back to school” has a new meaning this fall, what can you do to help make remote learning secure? Here are five Google Classroom security settings that you should check and configure before students begin logging in.

1. Access to Google Classrooms for Users in Your Domain

Controlling who can access your Google Classrooms is an important first step in securing it. Access management is a fundamental layer of cybersecurity and it’s important for Google Classroom, too. You can turn the app on or off to control access by the different organizational units (OUs) in your district. You’ll have a large number of district users accessing Google Classroom, but you should limit that access to those who need it.

In the Admin Console, you’ll find four access options that control who can join classes in your domain:

  1. Only users in your domain
  2. Users in whitelisted domains
  3. Any G Suite user
  4. Any user

You can also control which classes users in your domain can join. In the Admin Console, there are three options:

  1. Classes in your domain only
  2. Classes in whitelisted domains
  3. Any G Suite class

Google Classroom gives you the tools to control who is assigned to OUs, who can join your classes, and who has access to different classes. Review the Google user access support page for more information.

[FREE WEBINAR] Google Classroom and Beyond: Attendance Reports, Cybersecurity, and Student Safety Monitoring in Hybrid Learning. REGISTER >>

2. Access to Google Classrooms for Users Outside Your Domain

At times, it can be useful for you to allow some of your users to access Google Classes outside your domain. But, you need to tread lightly while controlling this access. Be sure that you only whitelist domains that you know you can trust.

Besides letting some outside users access your classes, you can also use this setting to allow your users to join Classrooms hosted by domains on your whitelist. The control can go both ways.

Two things need to happen to allow this exchange. You will need to configure your Google Drive security settings to allow file sharing between your domain and your whitelisted outside domains. And, the admins of those whitelisted domains will need to whitelist yours.

You can find out more about configuring outside domain access from Google support.

3. Verify Teachers and Set Teacher Permissions

When a user first signs in to Google Classroom, they see a prompt asking them to identify themselves as a teacher or a student. The system automatically adds a user who identifies as a teacher to a Classroom Teachers Group. You can see the opportunity for problems if students have the privileges of a teacher.

Some schools are going to allow some student user groups to create their own Google Classrooms, but most aren’t. As your district’s admin, you’ll need to ensure that your Google Classroom creation access for students is properly configured to your internal policies. You need to monitor the list of teachers to verify that they really are teachers.

You can manage Classroom creation permissions in the Admin Console and you may need to change those permissions periodically. You have three options:

  1. Anyone in this domain (teachers and students)
  2. All pending and verified teachers
  3. Verified teachers only

You may want to start the school year with the “verified teachers only” setting, and then open it up slowly if needed. This will help to avoid Classroom creation chaos in your domain.

However, depending on our district’s rollout process, you may want to use the “all pending and verified teachers” option to make sure teachers have easy access to Classrooms at the start of the school year. With that option, you won’t need to verify every teacher before they can start work. The downside of this approach is that it could create some compliance issues if students identify as teachers without permission.

To avoid that problem, it’s best to establish a policy requiring teachers to log in to their Google Classrooms for the first time during the week or two before school starts. That way, you can get the teachers verified ahead of time, and then keep the system restricted to “verified teachers only” during the initial surge of Classroom use.

Visit Google support to see step-by-step instructions on how to verify teachers and configure permissions in the Admin Console.

[FREE WEBINAR] Google Classroom and Beyond: Attendance Reports, Cybersecurity, and Student Safety Monitoring in Hybrid Learning. REGISTER >>

4. Audit “Orphan” Classrooms and Transfer Ownership

If your district has used Google Classrooms in previous years, you’ll want to make sure you don’t have any “orphaned” Classrooms before school starts. A Classroom becomes an orphan when the teachers who created them aren’t working in your district, or have changed the subjects or grades they will teach in the new school year. You can save the Classrooms by transferring ownership to another teacher. That teacher can decide whether they want to use the existing Classroom or not.

It’s important to note that if a teacher has left your district, you must transfer ownership of their Classrooms before you delete their account. This is critical since a teacher’s Classrooms will automatically be deleted when their account is deleted.

As the admin, you can transfer ownership of a teacher’s Google Classroom to any other teacher in your domain using the Classroom API. Teachers can also transfer their own Classrooms to other teachers. You can share the Google support documentation to help them complete a transfer on their own. And, you can learn more online about transferring Classroom ownership.

5. Activate and Configure Google Meet for Classroom Integration

Many districts don’t enable Google Meet and Chat with Google Classrooms because of the Google Chat security and safety issues. However, Google created an integration between Google Classroom and Meet in the spring of 2020 to help improve hybrid learning experiences for students and teachers.

You can now turn on Google Meet independently of Google Chat, so you may want to turn Meet on for the coming school year. You can learn more online about configuring Google Meet for hybrid learning.

Back to school will be a challenge for parents, students, teachers, and district teams for the fall 2020 sessions. As a Google Admin, many of your challenges will center on properly configuring G Suite for Education security settings to keep your students and data safe online. Hopefully, this Google Classroom security checklist will help make the return to school a bit easier for you.

New call-to-action

Hybrid Learning CIPA Compliance in G Suite and Microsoft 365

Are your G Suite and Microsoft 365 cloud apps CIPA compliant?

You’re familiar with The Children’s Internet Protection Act (CIPA). But, like many IT leaders and managers, you may think of CIPA compliance in terms of blocking content from external sources, meaning other websites. Today, hybrid learning CIPA compliance has an expanded definition.

Now, you need to think about whether internal school cloud technology that includes email, file sharing, and chat apps are CIPA compliant as well.

CIPA Compliance and District Cloud Apps

School districts have been moving to the cloud for nearly a decade. But, the COVID-19 pandemic has motivated districts to go to part remote and part in-classroom teaching models, known as hybrid learning. As a result, the move to the cloud is accelerating as districts prepare for hybrid learning in the coming school year.

If you access E-Rate funding, hybrid learning CIPA compliance requires your district to adopt and implement policies addressing:

  • Minors accessing inappropriate content on the internet
  • Safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications
  • Restricting minors’ access to materials that could be harmful to them

For school districts using cloud apps like those provided by G Suite and Microsoft 365, these requirements absolutely cover communications and access to content on these school-provided applications.

It’s a very real problem. There are many documented cases of students sharing improper content, images, and videos via school Google Drives, and other cloud-based communication platforms. Students also often use Google Docs as “chat rooms” because content filtering doesn’t stop them, and most school districts don’t have the ability to monitor for these unauthorized chat rooms.

[FREE WEBINAR] Google Classroom and Beyond: Attendance, Safety, and Security in Hybrid Learning Environments. REGISTER >>

Historically, putting an internet-filtering appliance on the network has been the answer from a technology standpoint. Today, administrators need to understand how students’ increasing use of school technology affects their CIPA compliance standing.

Students use the internet to access school technology such as G Suite and Microsoft 365, which makes their use of those apps and the content shared within them subject to CIPA requirements. Traditional, network-based web content filters are unable to monitor behavior such as text and image content sharing within cloud applications.

Browser-level tools are available to plug the internet access monitoring gaps in hybrid learning. IT admins can install a filter on individual devices, typically using a Chrome extension. But how effective browser-level tools are depends on if your district has implemented a 1:1 vs. BYOD program—and to what degree your district has a bit of both going on, officially or not. For districts using the BYOD model, admins can’t reasonably install browser-level tools on all of the devices accessing the district’s systems.

2019 cyber safety and security - report infographic

This is no time to let Google chat safety and security or Google chat CIPA compliance slip through the cracks. District IT teams should be prioritizing controlling their own applications for explicit content, cyberbullying, and discrimination monitoring in both text and image content.

Hybrid Learning CIPA Compliance and Data Security

District IT teams often overlook data security when evaluating CIPA compliance because student safety issues overshadow it. But, there are more CIPA requirements for schools accessing E-Rate funding to implement policies addressing:

  • Unauthorized access, including hacking, and other unlawful activities by minors online
  • Unauthorized disclosure, use, and dissemination of any minor’s personal information

Web content filters—whether those filters are hosted on-prem, via extension, or in the cloud—just don’t cover these two areas. They merely block students from accessing websites that contain specific types of information. And the K-12 cybersecurity problem is getting worse.

[FREE WEBINAR] Google Classroom and Beyond: Attendance, Safety, and Security in Hybrid Learning Environments. REGISTER >>

Microsoft’s Global Threat Activity Tracker found that the education sector experienced 60% of the 8 million total malware encounters over the last 30 days. Hackers are specifically targeting school districts because they know that districts are even more vulnerable than ever. Why? Schools are easy targets because they still rely on outdated network security protections, including firewalls, at a time when most of their users are off the network and in the cloud.

Hybrid learning models are only going to make this security issue more complicated. In many cases, students and teachers will be leaving and returning to the network over and over again in the coming school year. This means that hybrid learning CIPA compliance requires a zero-trust security posture by district IT teams.

This posture includes the ability to control 3rd party apps, a need that has alarmed many district IT teams in the wake of spring’s remote learning migration.

Hybrid learning security and CIPA compliance require that you protect data when it is stored, accessed, and shared in district cloud applications. How will your district comply?

Most districts will see school back in session in just over a month. Those districts that are using this time to fortify their cloud application security, and cyber safety monitoring policies and tools, will be in the best position to protect students from both cyber safety risks and data security threats.

New call-to-action

Product Update: Hybrid Learning Attendance with Google Meet

ManagedMethods can now help make taking attendance easy for districts using Google Meet

Many district IT leaders we’ve talked with over the past month or so have expressed a specific challenge they’re facing for the coming school year: taking attendance. Over 60% of school districts are planning for some level of hybrid learning in the fall due to the ongoing COVID-19 pandemic. But many will have to report on student attendance for state and local funding and compliance purposes, whether their students are in class or logging in remotely.

We announced the first generation of ManagedMethods’ new Google Meet and Chat monitoring capabilities in May. Since then, we’ve continued to work with a few of our K-12 Google Admin customers to improve these capabilities.

The latest updates include the ability to easily report on student attendance, among other things, for schools using Google Meet to conduct classes remotely.

hybrid learning attendance google meet auditor managedmethodsTaking Attendance with Google Meet Auditor

ManagedMethods has rolled out an updated Google Meet Auditor that allows admins to quickly audit all Google Meets that have taken place within the day, two days, three days, week, month, three months, and six months. They can then filter the report by Organizational Unit (OU) to find all Meets within that time period that have student participants.

ManagedMethods’ Google Meet Auditor shows when each student logged into the Google Meet by date and time. It will also show the duration of time they were logged into the Meet.

Having access to this data is a powerful tool for school districts using Google Meet for education to enable remote and hybrid learning in the coming school year. Using it, administrators can better understand which students are attending classes and which ones are not. Identifying those that are not attending class, they can drill down further to see how long it has been since the student participated in a Meet, as well as their account access and behavior in other G Suite apps such as Chat, Docs, and Gmail.

Analyzing this information can help administrators proactively identify those students who are at risk of falling behind, whether it is due to connectivity problems or other issues.

[FREE WEBINAR] Google Classroom and Beyond: Attendance, Safety, and Security in Hybrid Learning Environments. REGISTER >>

Google Meet Auditor Cyber Safety & Security Capabilities

ManagedMethods’ new Google Meet Auditor tool provides district IT teams with several additional cyber safety and security capabilities beyond taking attendance.

For example, they will be able to identify Google Meets that were organized by students, and see specifically which student was the organizer. They can also find out if screen sharing and/or video were used during the Meet, all other participants in the Meet, and if any participants logged in from outside domains.

ManagedMethods Google Meet Auditor also shows administrators the total number of Meetings, external users that have participated in Meets, video shares, screen shares, and participants joining from outside the U.S. in their domain for the selected time period.

Google Meet reports can be filtered by a specific Meet organizer’s email address, participant’s name, Meetings with at least one participant who is in a specified OU, and by Meetings where all internal domain participants are in the specified OU.

Raw Meet data can also be exported out of ManagedMethods in a .csv format and further analyzed and/or pivoted for a variety of use cases and district needs.

ManagedMethods is committed to making G Suite for Education safety, security, and compliance easy for K-12 IT teams. We work hard to develop capabilities that are relevant and necessary for K-12 IT teams working with limited resources to secure and manage their G Suite for Education environment. ManagedMethods is also an excellent solution for G Suite and Microsoft 365 hybrid environments by creating a single platform from which to manage cyber safety and security monitoring and automation for both cloud environments.

Join us as we unveil our NEW Google Classroom, Meet, and Chat monitoring & reporting features live on Wednesday, August 12. Click the button below to learn more and register today!

New call-to-action

1:1 vs. BYOD in Hybrid Learning Security

Whichever you choose, a zero-trust security model is critical for effective hybrid learning security

The challenges presented by the COVID-19 pandemic just keep on pouring in. Most districts are now concerned about how to provide devices for hybrid learning. According to our recent poll, over 60% of districts are planning for some level of hybrid learning in the coming school year. IT leaders in these districts are facing many issues, and whether to roll out a 1:1 vs. BYOD program is high on their lists.

Most of the information you’ll find about the pros and cons of 1:1 vs. BYOD focuses on considerations such as cost, maintenance, management, and equitable access. Few discuss the data security needs that need to be addressed. If your team is working on either making a 1:1 vs. BYOD decision, or you’ve already made the decision and you’re in the midst of rolling your program out, hybrid learning security considerations need to be flushed out for both 1:1 and BYOD scenarios.

State of K12 Cybersecurity Webinar Poll InfographicWhat is Hybrid Learning Security?

Securing school networks and data is a critical issue for all districts at all times. But in the upcoming hybrid learning environment that will be new to many school districts, data security will be a bit different than what most K-12 IT leaders and security admins are used to.

The shift to K-12 remote learning in the spring of 2020 led to plenty of cybersecurity challenges. For example, one of the hottest cybersecurity topics for district IT teams this summer is how to control 3rd party apps that were connected to their domains in the spring (and going forward). Now that hybrid learning is here, you’ll have students in the classroom at some times, and learning remotely at others. This hybrid learning model is going to present new security challenges.

The hybrid security environment is unique because students and teachers won’t just use the school building’s network. They’ll also use their home network. Any malware, spyware, etc. they pick up when their devices are not protected by the school’s network security could end up on your network when they return to the classroom.

The zero-trust security model has been popular among both small and large businesses for years, and it’s time for school districts to start implementing this type of cybersecurity infrastructure. It focuses on securing access to data, rather than only controlling access to networks. It also allows you to secure sensitive information no matter what device is being used or where users are when they access school cloud apps. It also provides an additional protective layer around sensitive data, should an attack breach your network.

“I’m not overly concerned about students and teachers using public or unmanaged networks for the simple fact that I treat all endpoints as hostile to begin with. Whether I own them or not, there is zero trust there.”
— Neal Richardson, Director of Technology @ Hillsboro-Deering School District
Quote from The State of K-12 Cybersecurity & Student Data Privacy Panel Discussion

[FREE WEBINAR] Google Classroom and Beyond: Attendance, Safety, and Security in Hybrid Learning Environments. REGISTER >>

Comparing 1:1 vs. BYOD in Hybrid Learning Security

The question for many district IT teams is: Which device model is best? From a hybrid learning security standpoint, there are pros and cons to both.

Securing 1:1 Devices

Though the upfront cost of a 1:1 program is higher than BYOD, it does make K-12 hybrid learning security quite a bit easier. District IT admins have more control over 1:1 devices in areas such as the types of security software used and device-level security settings and configurations.

They also have access to a greater number of device and extension-based content filters and student safety monitoring solutions that are available on the market to meet CIPA compliance requirements. There is also greater availability of device-based antivirus and remote access software that makes it easier to protect the devices and assist users if there’s a problem.

IT admins will still need to monitor and control access to accounts and files stored in their cloud applications, even with a 1:1 program. This is because device and extension-level security tools don’t have the capability to monitor activity happening within cloud applications, such as G Suite and Microsoft 365.

Keep in mind, too, that even if you decide on a 1:1 device plan, you’ll probably have some teachers, staff, and students who use their own device from time to time. For example, if a student forgets to bring their school-provided device home, they’ll undoubtedly end up using their own device for accessing remote classrooms and doing their homework. Therefore, your 1:1 hybrid learning security plan needs to be able to secure access to school cloud apps and information regardless of the device being used.

Securing BYOD Devices

BYOD programs seem more cost-effective for school districts because they can avoid upfront costs for acquiring the right number of devices. But a BYOD program comes with a long list of process, management, support and accessibility issues that may reduce the program’s cost-effectiveness over the long term.

For many districts, the Spring 2020 remote learning experience created a de facto BYOD program. Students and teachers, in many cases, needed to use their home computers to log in for remote learning. This is causing huge security problems for districts that don’t have cloud monitoring capabilities in place.

Districts opting for a BYOD program will be more reliant on cloud-based content filtering, access monitoring, and data security tools to keep their student, staff, and business data secure because they won’t have as much control over students’ personal devices. Cloud-based security also helps keep students safe and districts compliant with FERPA, HIPAA, CIPA and other regulations.

Cloud Security for 1:1 and BYOD Hybrid Learning

Regardless of which device model your district decides to use for hybrid learning, cloud application security is a critical element of building a zero-trust security posture. If your district is using G Suite and/or Microsoft 365 for the coming school year, that means your district is going to be storing a large amount of sensitive data in the cloud.

That means you need to incorporate cloud security tools into your cybersecurity infrastructure. It provides broad benefits for both 1:1 and BYOD initiatives for districts that are planning for hybrid learning in the fall. Cloud-based monitoring and management give IT admins the ability to maintain full visibility and control over data access and user behavior—whether students are logging in from home or the classroom. It also helps to keep your network free of cybercriminals or other “bad guys” when devices used at home reconnect to your network.

If your district is evaluating your own 1:1 vs. BYOD decision, you need to consider the unique security issues that hybrid learning presents.

New call-to-action