Misunderstandings about what a web content filter can do is putting K-12 district data at risk
There are several cybersecurity myths circulating in the K-12 IT world. Perhaps the most pervasive I’ve come across is the idea that a web content filter is a sufficient solution for district data security. This myth isn’t just wrong—it’s dangerous to student data privacy, district finances, staff identity protection, and more
According to the 2019 K-12 Cybersecurity Report by the Consortium for School Networking (CoSN), basically all schools are using a web content filter and a firewall. However, only 3% of schools are using cloud security technology.
This is a problem because most schools are using cloud apps like G Suite and Office 365, along with a litany of other EdTech SaaS apps (both sanctioned and not sanctioned by IT). Without strong cloud application security, sensitive data stored in those apps are left unprotected.
This is just part of the reason why cybersecurity in schools is generally inadequate. An analysis of 2019 K-12 cybersecurity incidents reveals an alarming increase in the number of cyberattacks. The education industry is also ranked at the bottom of 17 major industries when it comes to cybersecurity.
To improve the outlook in 2020, district IT teams need a better understanding of what web content filters do for them, what they don’t do, and where they have cybersecurity gaps to prioritize and close.
What is a Web Content Filter?
K-12 content filtering blocks inappropriate content before it appears on the monitors of students. It protects students from content that might do them harm. Almost all schools have web content filters because Federal regulations require their use.
Congress passed the Children’s Internet Protection Act (CIPA) in 2000, making web content filtering a legal requirement for schools. Furthermore, schools that want to take advantage of the E-rate program are required to have web content filters. However, the E-Rate program doesn’t provide funding for the filters (a common source of frustration among district IT leaders).
How Do Web Content Filters Protect Schools & Students
Web content filters mainly focus on cyber safety in schools by preventing students from accessing explicit and/or harmful content when they use the internet.
Content filters protect students from viewing or interacting with images, videos, text, etc. that could harm or upset them. This type of material includes content that is directed at adults, pornographic material, and scams that might attract a student. They also keep students focused on classwork, rather than entertainment.
Content filters do have a minor role in cybersecurity because they restrict student access to malicious websites that could encourage a student to download malware or take other actions that would introduce cyber threats to the school’s systems.
Do Web Content Filters Secure Student & District Data?
We’ve talked with many K-12 IT professionals over the years, and have found a lingering misperception about web content filters and the security they provide.
The truth about web content filters is that they can’t secure student and district data—particularly when that data is stored, accessed, and shared in Google G Suite and/or Microsoft Office 365. Just preventing students from accessing malicious websites doesn’t do the vast majority of the work required to prevent criminals from accessing sensitive student data and district records.
According to the CoSN report, all school systems use firewalls in addition to web content filters. But those firewalls can’t secure data stored in G Suite and Office 365, which represents a huge gap in your district’s cybersecurity infrastructure. Therefore, content filters and firewalls are just a small part of the infrastructure suggested by the NIST cybersecurity framework that is required to protect both student and district data.
School districts need a multi-layered cybersecurity infrastructure to secure their data. Here’s an analogy that describes this type of infrastructure. Think of it like a school building…
- Your web content filter is like the school bus: The school bus safely transports students to and from school, but the bus never enters the school and can’t provide protection inside the building.
- Your firewall is like the things that restrict access inside the school: Doors, locks, and metal detectors restrict a person’s movement in and out of the school. Securing access to the building ensures that unauthorized people can’t enter the school. It also ensures that students don’t leave school without permission.
- Cloud security is like the safety measures inside the school: School leaders understand that safe school buses and locks aren’t infallible, so they must protect students and staff while they’re in the building. Leaders install safety measures such as cameras, hall monitors, and campus resource officers. School leaders can use these tools to identify when someone is in the building who isn’t authorized to be there, and when an authorized person is doing something they shouldn’t be doing.
Many schools are using the NIST Cybersecurity Framework as a guide to develop their cybersecurity plans. Schools see a number of benefits from using the Framework. It provides an organized approach to developing effective cybersecurity plans and identifies areas where you need to strengthen your defenses. You can tailor the framework to meet your needs and incorporate it into your existing cybersecurity program.
Web content filtering is an important part of a school’s overall safety and cybersecurity tech stack, but it doesn’t do everything on its own. If your school district uses G Suite or Office 365, and you’re not using cloud security technology, there’s a huge gap in your cybersecurity tech stack, and your data won’t be safe until you fill that gap.