Cybersecurity in nonprofit charter schools is different from the mid-sized nonprofit IT networks that Community IT typically supports. Here are a few cybersecurity best practices for nonprofit charter schools that can help you keep your technology both accessible and safe.
Students need easy access; make the access too difficult and participation will drop in ways fundamentally different from an employee-employer relationship.
There is an incentive to simplify account access due to volume. But this can mean security suffers – a “standard” login or initial password is easily exploited.
Students, parents, teachers, and administrators all need various levels of secure access to related accounts. Do not let convenience overrule privacy concerns.
In addition to “generic” opportunistic financial hacking, guard against non-financial threats from without and within the online environment, such as sexual predators and classroom bullies.
Online education presents additional challenges to novice users, whether students, parents, or staff – plan to offer extra help-desk support.
Have a clear process in place for reviewing and approving new apps. It’s likely that needs will change during the semester, so allow teachers to request and manage applications and websites that are specific to their class. This will avoid insecure or poorly designed apps being installed, and reduce cybersecurity risks.
Budget for loss and theft of devices, and understand that long-term budget planning can conflict with politics or suffer from frequent changes in decision makers.
Up until the last few years, educational institutions had very little need for predictable and highly reliable wireless connectivity, and it had almost no need for secure outdoor wireless connectivity. If expensive and costly wired infrastructure didn’t reach, those areas simply went unserved.
Today, there are myriad reasons to supply outdoor wireless connectivity, not least of which would be the current pandemic, but also to supply connectivity beyond students to include everything from Wi-Fi backhaul on campus shuttles to video surveillance and even to connect parking meters. Many IT departments attempted to make this work with expansive dense Wi-Fi networks, but these networks are incapable of delivering the reliability and security required by some if not all of the critical applications.
This is now changing with the availability of unlicensed wireless spectrum via the Citizens Broadband Radio Service (CBRS) spectrum recently approved by the FCC. Now, campus IT departments finally have a viable solution to reduce costs while addressing constantly changing connectivity and application performance requirements. CBRS-based private mobile networks can now provide educational institutions with the unprecedented coverage and reliability that cellular wireless is designed to deliver.
A new type of connectivity for new applications
For the last two decades, “wireless” in an education IT setting meant either the deployment of Wi-Fi infrastructure or the use of public cellular network services operated by large public carriers. The innovation and introduction of private mobile networks changes everything.
These networks are similar to the public LTE and 5G networks in their form and function but are deployed just like a Wi-Fi network that a school owns and operates itself. But unlike Wi-Fi, these networks use the unlicensed CBRS spectrum band between 3.55-3.7Ghz and can be used by educational institutions of all kinds to give them their very own LTE or 5G network, with full control and data ownership. This is something that, until now, hasn’t been possible.
Just as Wi-Fi is considered an essential technology that should be owned by the education IT department, so too will private mobile networks. The applications in which this technology is well-suited are simply the kind that education IT will consider mission-critical and want total and complete control over.
By Ben Gitenstein, vice president of product, Qumulo.
Schools are managing major digital transformations to better support student education, including campus safety. Security is even more top-of-mind during the holiday season — crimes like theft and burglary tend to spike when the campus empties out for holiday breaks. It’s a good time for schools to think about a security upgrade.
As schools enhance their security systems, they are adding an increasing number of high-resolution IP surveillance cameras and smart devices to improve safety for students and staff on campus. This creates an IT challenge: Security footage generates a massive amount of file data. Depending on the size of the campus, there might be hundreds or thousands of cameras, each producing enormous volumes of content, all day long, that needs to be managed and securely retained for increasingly long retention periods. Gone are the days that video surveillance data is deleted at the end of the day, now it is kept for future investigations and for analytics of foot and vehicle traffic patterns and anomalies on days of interest.
Forward-thinking campus security officers are partnering with their IT leaders to rethink the way they manage file data, in order to keep up with the fast pace of modern security systems. Below are five considerations for education when evaluating a file data platform to support today’s video surveillance and security system demands.
Without high availability and reliable access to file data, schools risk losing important video frames.
Video surveillance footage can be one of the most critical pieces of evidence used to solve crimes. It’s imperative that there are no interruptions in data flow, which can result in the loss of video frames. If the storage system is ever down, it means the district loses video recording — which could have big consequences if a security incident isn’t recorded.
The right file data platform should ensure that city and state agencies and public sector organizations never lose access, or a frame. And, built-in data protection to automatically create duplicate copies of data in a secondary location ensures this footage is protected from a system or datacenter disaster. Data availability and performance should be high on the priority list when a school plans out its file data system for video surveillance.
K-12 cybersecurity is much more challenging for IT teams now that school districts have shifted into remote learning. Students and staff are no longer in school buildings—at least not full-time—and can access sensitive data from anywhere, at any time, and on any device because of the cloud.
The COVID-19 pandemic not only caused a disruption in classroom environments, it also disrupted and forced a major shift in the cybersecurity strategies of K-12 IT teams. The data of students and staff, along with all the email, applications, and documents are now being accessed outside of school networks. IT teams are essentially flipped upside down when it comes to what needs to be closely monitored and are restrategizing to do so.
The use of cloud applications from afar, such as those within Google Workspace and Microsoft 365, is increasing and it’s causing IT teams to lose visibility and control of what is happening online. As K-12 IT departments and teams continue shifting cybersecurity strategies, here are three things to consider to be better protected.
An Explosion of Access Points
Students and staff are continuing school and work from home, even after returning for a short period at the start of this school year. This means that the number of access points into a school district’s network and domain has virtually exploded.
Previously, students accessed school accounts from inside the classroom using devices that stayed in the building and connected to school networks. Now, districts are bringing hundreds of thousands of new devices into their digital environment, which students and staff are using to access school data from anywhere, at any time.
Further, this access largely comes from home and public networks, which aren’t typically as secure. District IT teams also don’t have any control when it comes to firmware and hardware updates of the technology being used in homes—and that’s if a home even has the means to have an internet connection.
After completing high school in the U.S., most students are encouraged to take the traditional path of attending a four-year university with the intention of earning a degree and preparing themselves for a successful career. In fact, 88 percent of students say their main goal of going to college is to “get a good job” – a goal that has been significantly impacted by the COVID-19 pandemic. There are currently more than 50 million people out of work in the U.S., making the fight for any job right now that much harder.
The population of people looking for new careers is larger than ever, and they need support from education institutions to ensure they are as prepared as possible for the workforce and specific career pursuits. The problem? These jobseekers do not all have the same needs and goals, and therefore, education institutions cannot treat them in a “one size fits all” manner as they have done historically.
There is a systemic shift that needs to take place within our education system so postsecondary institutions can address the needs of these groups of jobseekers more effectively. For example, there are three types of jobseekers, also known as the ABC’s of the workforce: people looking for “any job,” people looking for a “better job” and people looking for a “career job.” Right now, our education institutions are not in a place to meet the urgent needs of our diverse, reskilling workforce.
The ABC’s of the workforce
People looking for “any job” want to understand their skills and how they apply to other careers, not just the role they currently serve. Millions of Americans currently find themselves in this category, looking for any job that will pay the bills. However, many people struggle to identify how the innate skills and experience they possess could be transferred to another career, and they need specific support to do so.
To support the unique needs of this category, education institutions and employers need to work together to offer short, COVID-resilient, job-specific training. This training needs to address the particular needs of employers in an industry, and should focus on quickly helping career workers to identify their skills and areas of success that can be applied to other areas of work.
People looking for a “better job,” want to make significant advancements in their career or are looking to move to a better fitting job. In postsecondary education, the continuing education and career services departments typically take on a role to help these students and career-oriented workers, but are oftentimes severely underfunded and understaffed. In fact, as the recession deepens across the country, universities are cutting funding to career services, making it harder than ever to service those in the “better job” category.
By Bob Stevens, vice president of Americas, Lookout.
Fall 2020 has already proven to be a challenging year for school cybersecurity. While teachers and students work together to learn in new environments, bad actors are exploiting the situation to breach systems and steal sensitive information.
While cybersecurity awareness in education is growing, Chromebook, tablet and smartphone threats aren’t as well-known, or well-protected, as their desktop counterparts. Administrators, teachers and students need to understand that – all devices – including mobile devices – need to be secured. The good news is that schools can take measures to prevent and mitigate damage from cyberattacks. Here are three steps to help students, teachers and administrators stay safe.
Secure Commonly Used Devices, Like Chromebooks, tablets and smartphones
Cost-effective yet functional, Chromebooks enable students to attend class and complete homework remotely. In some ways, security is a strength of Chrome OS. First, it doesn’t allow anyone access to its kernel – the core part of the operating system – and run apps in isolation. Chromebooks also automatically receive regular updates to ensure vulnerabilities are patched. However, there are numerous threats, such as phishing, that Chromebooks are still susceptible to.
For many students that don’t have access to laptops or Chromebooks, the existing tablets and smartphones their families own are critical to learning remotely. But these devices are rarely top of mind in a school district’s security strategy.
Implement Modern Endpoint Security Across All Mobile Devices
As education via mobile devices becomes a new mechanism for learning, defending against these mobile threats is as central to a district’s security as protecting desktop or laptop computers. Districts can mitigate these risks with modern endpoint security that protect against phishing and web content, network-based, and malware. Modern endpoint security can stop both known and unknown threats from these sources, helping get a step ahead of bad actors.
Help Users Identify Overlooked Mobile Threats
Security solutions are necessary, but teachers and students should still have a basic understanding of the threats they face, especially ones that can be difficult to detect. For example, it’s relatively easy to identify a malicious phishing email on a desktop. But on mobile devices, common phishing tell-tale signs are difficult to notice or are nonexistent. Even the youngest mobile users need to be aware of mobile devices’ hidden dangers. This awareness includes familiarity with the risks of a simplified user interface and smaller mobile displays, both of which make it challenging to identify questionable links or websites.
While many users are familiar with email-based phishing attacks, many mobile phishing attacks now start via SMS or text, social media platforms, gaming, or third-party messaging apps. Once a device is compromised, these types of attacks can provide access to a device’s microphone, email, photos, documents, and phone logs.
Teachers and students must recognize threats from these sources so they don’t fall prey to attacks. All mobile device users should have a basic cybersecurity awareness and regularly seek best practices like researching a source for legitimacy before tapping on inbound links and never sharing personal information with strangers online.
Students and teachers are learning a lot this year, not just from the standard curriculum but also about technology’s role in the learning process. It’s critical that for administrators, teachers and students to understand that mobile security is a part of their technology education. Whether that means learning about the role of modern endpoint security as a part of a district’s overarching security strategy or better recognizing potential mobile threats, we can all walk away from the 2020 – 2021 school year better armed against threats in today’s increasingly mobile world.
Worldwide, schools and universities are now, like never before, dealing with a large-scale disruption in education. With restrictions still in place, many schools are still closed or functioning at a reduced capacity or with socially-distanced classes, which makes it challenging to have a stable schedule. Everyone is affected: students, teachers, other school staff, parents.
This unprecedented situation calls for a flexible hybrid learning approach in order to minimize further disruption and ensure that high-quality teaching and learning can continue. Hybrid (or blended) learning takes any classroom a step further to the virtual learning environment, but it still allows for face-to-face interaction and communication, albeit less than in the regular classroom.
Using all sorts of edtech (educational technologies) teachers can create engaging and interactive online learning experiences for students of all ages and across grade levels, provide personalized support, keep track of and assess each student’s progress, and so much more!
Theoretically, online education eases the job of teachers and enhances learning for students. Practically, it comes with a catch. Or more. First, there are so many ed tech tools out there, that it’s impossible for any teacher to test them all and see which ones are the best for their classroom. Secondly, the available technology is often misunderstood and underused, so results are, sadly, quite poor. Thirdly, and most importantly, transitioning to the virtual learning environment can be extremely hard for both teachers and students.
If the ongoing COVID-19 epidemic has taught us anything, it is that the world is changing and that it is necessary that we change with it. Services once considered essential to everyday life have been shown to be non-critical, and entire sectors of the economy such as business conferencing and education have been revolutionized.
The use of IP technology has evolved from simply being a way to connect computers, and it has transformed into a means to connect people. Nowadays, IP technology finds use in all walks of life, but the sector in which it has the greatest potential to do the most good is undoubtedly education. IP technology, when leveraged in the form of voice and video communication has the potential to change schooling as we know it.
This can be achieved through its impact on improving security, unifying communications systems, streamlining digital media systems, and enhancing mobility.
The world is beginning to take data security and information safety more seriously, and IP technology offers a unique way to blend a variety of security technologies with embedded security in routing and switching platforms to give your school network the best possible protection. Some of the network technologies available to be leveraged by IP technology include:
Academic institutions have traditionally been slow to embrace technology and provide students with access to the latest digital tools. Meanwhile, college and university students have been quick to integrate digital devices, tools and apps into their daily lives. A new study released b yonline scheduling platform Doodle reveals the true extent of the digital divide in education and how it may put college and university students on a path to academic failure in these COVID-19 times.
Following this, 32% of students say they prefer to use an online scheduling tool to book office hours with their professors. That’s a healthy percentage of students with the desire to automate the office hours setup process. But it’s not what’s currently available to them, with 66 percent of professors still clinging to outdated methods and using email or syllabus listings to coordinate their office hours.
These findings prove there is a big gap between the digital-first behaviors of students and the non-digital processes used by professors. As further proof of this, an overwhelming majority (83 percent) of students think that their professors should use technology more in their day-to-day work. While this digital divide has been evident for some time and before COVID-19 came along, it now has the potential to negatively affect students’ academic performance in a remote learning environment.
With cases of COVID-19 rapidly increasing this fall, many schools have decided to continue a remote or hybrid learning environment instead of returning fully to the classroom. K–12 and higher education institutions must be ready to quickly pivot between remote learning and classroom or on campus education, or provide a combination of both.
It’s easy to jump in quickly and select technology based on what seems to make sense in the moment, but the infrastructure and other technologies schools invest in will make a significant impact long term. Schools should start by creating a strategy that addresses these questions: What do we want teaching and learning to look like? Where are the resources? How do we make a model of this? This involves a combination of devices, infrastructure and professional learning.
We’re supporting higher education and K–12 by helping them unify their technological infrastructure to support daily teaching whether remote or in the classroom. This includes servers, data storage, network capacity, data management software and data security. Additionally, we are supporting technology transitions to ensure IT teams are up-to-date on new equipment and can support any backend or user issues if they arise.
How are you guiding them? What issues are schools facing with their IT?
Since the pandemic we have seen a considerable increase in the number of devices that have come online off the school or university network. This creates two challenges for these institutions: make sure the devices are safe and secure when they come back on the network and make sure the network is ready for the additional device load. The threat to education institutions is real and the FBI has now issued alerts around increasing ransomware attacks With an increase in endpoint users and network access points and generally stretched IT teams, schools can find it difficult to properly respond once an attack occurs. We always recommend that security is baked in, not bolted on, so security is integral to the technology itself.