Response from Spencer Dunford, general manager, SmartDeploy.
While K-12 and higher education have been affected differently, they’ve both seen significant impact in their daily tasks and overall IT strategy due to changes in workplace and IT workload. IT for education was generally well-defined and entailed tasks that could often be scheduled weeks, if not months in advance.
Just as most every school year followed a predictable start, end, and vacation days between, so too did IT projects within that environment. In many cases even the emergency project was limited in scope in this “old” model of IT in education. IT could plan on summer lab refreshes, on-premise devices, and projects planned out with weeks or months to prepare, for example. COVID-19 changed this.
IT had to make an immediate shift to support remote learning for students, training for teachers, and in many cases, coaching up parents too. Many of the initial changes were quick reactions to the changed requirements. Now a new year has begun with these new rules.
All the while, budgets have not changed. IT teams are being stretched and challenged. This has created incredible opportunities to adopt new technologies at a speed that would have been unthinkable in the past. But it also has pushed generalists into new specialties, and even the rare EDU IT specialist into unfamiliar realms of new technology.
In what will likely be the most unpredictable and complicated school years on record, only one thing seems certain — with technology being such an integrated element of education (now more than ever) university, school and district IT departments will be expected to support their administration’s decisions. School technology staff will play a more crucial role than ever in creating and sustaining a successful educational experience for students.
First, the most important thing is to prepare for the students who aren’t comfortable coming back, and to be ready for a permanent shift in expectations. Humans, though they hate change, are adaptable. We’ve now acclimated to having virtual what we used to have solely in-person, and though many will want to come back, it would be detrimental to disregard the population that has established the expectation that they don’t need to leave home to learn.
Unfortunately, giving students the option to choose how they want to attend inherently means not giving teachers and school support staff the same choice. Of course, while we wish health and success to everyone, the likelihood that plans put in place in August and September will change before the end of 2020 is very high, and being prepared (mentally, at the very least) to deal with that, is the key to keeping morale at a remotely tolerable level.
For those who have staff at home there are a handful of other things to consider and have plans for. Foremost, security. A recent flood of ransomware attacks targeted specifically at schools have cost districts and universities tens of thousands of dollars or forced multi-day closures.
These attacks have only increased in frequency since the workforce has distributed onto less-secure home networks. One of the easiest ways to protect your institution’s private data is to ensure all staff members who are working at home are regularly performing their system updates and have some kind of malware protector installed.
If you own the devices your employees are using at home, you can administer the malware protection yourself for an added element of control over the situation. If you don’t, there are plenty of free options available for download. If your employees are downloading and administering their own updates and malware protection, it’s a good idea to update your technology usage policy to include the details what kind of update and scan schedule you’d like them to maintain.
I am learning many lessons along the way for delivering the best virtual learning experience during this pandemic. The most critical being communication; when information is flowing in many different directions and decisions are made very quickly, communication must be clear across all stakeholders. This way, staff can set expectations and create stronger teams within Compass Charter Schools, resulting in improved morale during achallenging time.
Many families have technology at home that allows their scholars to learn virtually, but there are a number that do not. It is apparent across the information technology industry that many families do not have all that they need, fortunately, we were able to provide to our scholars and families, but many schools are not. There still are shortages of many different devices for virtual learning.
Another lesson that we learned is the importance of being able to provide essential networking and trouble shooting for parents and scholars at home. Many schools and learning centers have high-end networks and devices that are programmed to work efficiently. In a residential environment, these networks vary and may require special support to operate in a virtual learning environment.
These unprecedented times force companies to evaluate the way they serve their customers and redesign what that experience looks like to meet the demands that flood the market. Internet service providers are on the front lines and face an influx of requests for services.
This evaluation and redesign create many challenges because of the need for more technicians than are available to enter the home for installation and basic setup. This was a learning experience for everyone as we were able to see how dependent we are on technology.
I also want to share some best practice tips for an excellent virtual learning experience. Create and follow a schedule that will help achieve more productivity throughout the day and create a separation between personal time and learning time.
Have a designated clutter-free workspace that will keep distractions to a minimum and help stay focused on learning. Most importantly, this is an unparalleled situation that we are all dealing with, be adaptable, and flexible along the way.
Although numerous factors contribute to student success, many of today’s digital learning activities that drive great achievement begin with consistent broadband access. And while most of the nation’s schools have internet access, a recent report by the State Educational Technology Directors Association (SETDA), indicates that the quality and type of connectivity varies significantly – resulting in digital divides across the country.
When upgrading their IT architecture, school districts will sometimes fail to ensure their network has the capacity to support a growing number of devices and technologies coming into their classrooms, which area necessity for 21st-century learning. But luckily, there are a few ways that education IT leaders can plan to ensure their infrastructures can support school technology for years to come. Here’s how:
Wi-Fi connectivity needed for growing number of devices
Today’s K-12 students will enter a workforce that demands tech savviness, problem solving and critical thinking, among other skills. To be prepared, students must have the tools, in school and at home, to thrive in an increasingly digital community. Therefore, addressing sufficient broadband and ensuring digital equity aren’t simply wants – they’re needs.
When thinking about technology in schools, what comes to mind? Augmented, virtual or blended reality, the Internet of Things (IoT) and artificial intelligence? What about high-tech whiteboards, smart pods and one-to-one laptops or tablets?
To embrace these innovative learning environments and advanced methodologies, and others like them, schools need adequate intranet infrastructure. Without it, teachers who want to employ innovative, technology-enabled pedagogical methods are forced to abandon their lesson plans. As 87%of the country’s teachers use digital learning in their classroom, those left without the proper digital foundation can feel left in the dust.
By Matt Yeh, Senior Director of Product Marketing, Delphix
Nearly ten years ago, Marc Andreesen, one of the world’s most influential investors, famously proclaimed that “software is eating the world.” At the time, no one understood the magnitude of what that meant. But today, the world’s most powerful and prosperous companies are software companies that have brought a tidal wave of digital innovation and disruption to almost every industry from retail and banking to manufacturing and insurance.
And the next frontier for software? Education.
In the midst of the COVID-19 global pandemic and mandated “social distancing” measures, the demand for digital services and software has skyrocketed. Schools across the country have begun planning for what just weeks ago was an unthinkable scenario: a fall semester without students on campus.
As educators prepare for what could be a dramatically different start to the upcoming school year, students and teachers alike need much more than “Zoom University” (which is going through its own coronavirus growing pains) in providing high-quality online learning experiences.
From K-12 to community colleges and public and private universities, the education industry needs to adopt a new playbook for the digital world. For example, the automotive industry is undergoing a tremendous shift towards digitally-enabled car-sharing, ride-hailing and autonomous vehicles.
In order to transform their road to success, organizations in this industry have had to transform how they leverage data and software to meet new business models.
Lucy Security works with many K-12 districts across the country to help build cybersecurity awareness and protect against phishing attacks (most ransomware attacks start with a simple phishing email.)
Below are some comments from Colin Bastable, Lucy CEO, about the types of trends and issues he sees and what K-12 IT departments can do to protect their employees, pupils and district resources from clever cyber attackers.
According to Colin Bastable, CEO of security awareness training firm Lucy Security:
Education: an easy target for cyber attackers
K-12 school districts range from fewer than 100 employees to several thousand. Some have tiny budgets, and some have more significant resources, but they all struggle with vulnerability to cybersecurity attacks. Just this week, CNN reported that a Texas school district lost $2.3 million to an email phishing scam. Unfortunately, this news is just the latest in an ever-increasing trend of cyberattacks targeting K-12 schools.
According to the K-12 Cybersecurity Resource Center, more than 752 cyber incidents at K-12 schools have been reported since January 2016, resulting in loss of productivity as well as much-needed funds.
Common K-12 cyber scams
One common scam is the Gift Card Scam, where an email purporting to be from the school principal or a head of department asks an administrator or assistant if they can buy some $100 gift cards. Often, this might be during a break, such as Thanksgiving, when the school staff are unlikely to meet.
Once the admin has the cards, they email a reply (to the fake email address) saying “I have them” and the thief asks them to scratch off the security number and send pictures of the cards, “because I need to get the gift to the students today.”
Another common attack is to send a change of bank deposit details to the school payroll staff.
These are quite simple attacks, yet extraordinarily successful. More sophisticated attacks involve BEC (Business Email Compromise) attacks, like the gift card scam, but involving hundreds, thousands and millions of dollars in losses, where the imposter asks for urgent payments to be authorized.
Ransomware attacks are also prevalent in K-12 and local governments, causing multi-million-dollar losses and billions of losses worldwide.
Response from Samir Tout, professor of information assurance, School of Information Security and Applied Computing, Eastern Michigan University.
In the last decade, we have witnessed a shift in the IT landscape with the rise of cloud computing, mobile devices and the Internet of Things (IoT). As a result, a new era has begun—one that brings along promising infrastructural enhancements, albeit with new challenges to the modern enterprises, including educational institutions. This necessitates that IT leaders at schools and universities perform a thorough analysis of how this will impact their systems, networks, and most importantly their data.
Educational institutions produce a massive amount of data about their students and staff. Such data constitutes a luring treasure trove for hackers who may launch advanced attacks against various layers of the school/university systems. IT leaders at these institutions must pay attention to key measures that are still common even to a great degree to the modern IT landscape.
If established, these measures would mitigate or possibly eliminate the risks of potential intrusions. They include: system hardening, secure perimeter architecture, anti-malware and endpoint defenses, strong encryption, establishing and adopting security policies, and applying information security principles such as least privilege, separation of duties, and role-based access control.
Furthermore, one of the most forgotten yet important measures is security awareness training and professional development for the staff that maintain the institution’s infrastructure. This has become even more vital with the advent of the modern IT landscape mentioned above, as staff members must stay up-to-date or otherwise risk being ill-equipped to properly maintain the infrastructure and its hosted data.
IT leaders must set strategic goals that embrace the above measures as part of the fabric of the institution. This means, among other things, that they include them in their strategic plan, allocate proper budgets for them, and support them with resources and, when necessary, expedited approvals.
Good cyber hygiene is critical to protecting “back end data.” Regular software updates and patch management are critical in mitigating known software vulnerabilities.
Two-factor authentication is vital to hedge against phishing and other social engineering attacks. Appropriate data encryption serves to protect critical data. And, vulnerability scanning/management of the environment is key to identifying and closing all known system vulnerabilities.
Modern firewalls and end-point protection protect against ransomware and reduce the overall threat landscape. And cyber security awareness training for all users is critical to help them understand common social engineering-based threats and attacks. Assess and validate cyber security controls in place to protect data stored in any hosted/cloud-based system.
The current IT landscape is full of concerns. Anything that cybercriminals can monetize is a risk. Probably the most common problem I hear about is ransomware, which can be addressed by managing patches/updates and ensuring off-site backups are regularly completed (and isolated).
You know what you’re doing, and the service you’re providing is helping teachers teach and students learn. In my case, that’s directly what my colleagues and I are doing, putting teachers and students together in web and video conferences, integrated with their learning management systems. I know what we’re doing is making the process of education easier, better and more efficient. We’re absolutely helping more students access their teachers and helping more teachers use the modern tools of teaching.
That’s comforting. And rewarding.
But it is also isolating and challenging at the same time.
The 22 part is that for anyone to recognize your work, they have to see you, know you’re there. They need to understand that great bridges require great bridge builders.
The catch part is that, if you do your education IT job well, you’re invisible. Your IT can be so good, so seamless and so intuitive that no one has any idea you were ever there. Or that it did not simply just work that way to start.
In IT, being invisible is winning, even though it may not always feel that way. I liken it to what a studio-level makeup artist must feel – you know, the person who makes movie stars look great or gruesome, depending on the role. If you’re at the movies and you’re talking about the makeup, something probably went wrong. It’s only when they’re really good that they can fade away.
And sure, knowing you do good work is satisfying. And please don’t misunderstand, I’m not in this business for glory and adulation. I feel certain that almost no one goes into education for that. Still, what we do – those of us who build the bridges and apply the makeup of education IT – is not easy. Or free, unfortunately.
It can also be a marketing challenge. Wrap your head around this sales pitch. “What I do is so smooth and subtle that, once you start using it, you won’t notice it all.” Where do you sign, right?
I exaggerate. People do notice when they have to drive around a river instead of having a bridge to cross. But once it’s up, people don’t remember what it was like before. And people who’ve become used to driving around an obstacle, or not traveling at all, don’t know cool bridges are available.
Polluting my metaphors again, I think back to the talented make-up artist who probably has to go pitch new producers and directors by saying, “You probably didn’t notice me at all in this other movie, but …”
To tell you the truth, though, I’m not deterred by the education IT paradox. Solutions that work are always in demand. Bridges are easy to sell when people have to get somewhere. When people look at nearby towns and cities and say, “hey, how did you get that cool bridge?” the phone rings.
And the big education dynamics favor companies like ours. More and more people are studying online, and more schools are needing to invest in tools that make that reality easier and safer.
But as it does, I feel for others in education IT or in IT in general – on staff or on their own. I know that some of the best among us are the least seen. That’s what happens when we do our jobs well. And it can get old. It’s also not likely to change. I cannot see a future in which IT solutions have pretty construction plaques saying, “Built by Julie Carter at IT Solutions in 2019” or whatever. So, we’re just going to have to accept that as the way it is.
At the same time, we can take comfort in the real value we’re providing, unseen as it may be. Cynical types may say that gleaning value from the service you provide, regardless of recognition is cold comfort. I prefer to think of it as warm comfort. It can be easy to forget that IT is about making connections and helping people do great things, in our case, helping people learn. When we do that, we’re doing right, whether anyone notices or not.
At a time when schools systems are collecting more data than ever and implementing new technology to improve their classrooms, education leaders must act to better secure the personal information of their students, staff and stakeholders. Unfortunately, instead of bolstering security, reports are showing that the education industry ranks dead last in cyber security, pointing to low awareness, limited budgets and a lack of expertise, making many schools easy targets for cyber criminals.
growing threat against schools
Educational data is a valuable black-market commodity because student records often contain information such as birth dates, addresses, Social Security numbers and, in some cases, financial records. In fact, since 2016, K-12 institutions have been hit with more than 400 cyber security incidents, and in 2018 alone, there were 122 publicly-disclosed cyber security incidents impacting schools in 38 states, according to the K-12 Cybersecurity 2018 Year in Review report.
Additionally, in December 2018, a hacker stole the personal details for more than 500,000 staff and students from the San Diego Unified School District. And just a few weeks ago, Louisiana Governor John Bel Edwards issued a statewide emergency declaration in response to a cybersecurity incident that affected several school districts. That same month, Watertown city school district in New York was hit with a severe attack that prevented employees from logging into accounts or accessing files. The bottom line is, based on the treasure-trove of data educational organizations have access to, coupled with a lack of budget, awareness and protocol, schools are vulnerable to advanced cyber attacks, and criminals know it.
brings new risk
Fortunately, awareness is spreading. Technology chiefs indicated in the CoSN IT Leadership survey that cyber security is now one of their top priorities. Education leaders are also recognizing that these attacks not only have the potential to cause financial loss for schools, donors, students, and staff, but they can also erode trust in the educational institution itself. For students, it’s not just about their privacy and preventing identity theft, but also about their future academic and workplace careers. Ultimately the problem for school systems rests in constrained budgets, inadequate cyber security staffing, and in some cases, senior leaders who may not truly understand the threats they are facing. Out of 17 industries analyzed, education ranked last in cyber security, according to the 2018 Education Cybersecurity Report.
Most schools are accustomed to putting student education at the forefront, and while they may also devote energy and resources to physical security, it can be easy to overlook the modern threats lurking in connected systems. Behind the promise and excitement of smart boards, smart TVs, laptops, tablets, and IoT devices, criminals are waiting to exploit vulnerabilities.
One major issue is the large number of staff and administrative users with personal and school devices that expands the attack surface. Many schools now have students utilizing their own laptops during school hours, bringing more points of vulnerability into the school. For example, students or faculty could be working remotely on an unsecured Wi-Fi network, opening the possibility of an attacker gaining access to a school’s system. Many also use apps such as Office 365, Dropbox, GSuite and Slack to communicate and collaborate on projects. While these apps do offer some security, they are often no match for the advanced cyber threats that are changing daily. If a student were to unknowingly share a document infested with malware to Dropbox, it could compromise the entire system.
several actions that educators should take to mitigate cyber risks. One place
to start is with a simple risk assessment to identify vulnerabilities. This
could include an inventory of all devices and connections in the system,
including BYODs, along with apps and software. During this assessment,
questions should be asked such as “How is the technology being used?” and “What
processes and protocols are in place?” Comprehensive risk assessments can often
reveal several simple ways a school can improve its security.
Other cost-effective steps that leaders should take include:
a cybersecurity plan that covers the management of networks, maintenance of
equipment, establishment of policies and how human practices and solutions will
protect the data.
endpoint security, application security and processes for ensuring patches and
strong password and protection on all devices.
visitors from using the WiFi.
Additionally, schools, much like enterprises, should have a system to backup data and a plan for recovery should an attack occur. For it is slowness or lack of preparedness that often leads to the most serious disruption.
Finally, as human awareness is a critical component of cyber security, students, faculty and staff should be educated on cyber security issues, how to reduce the risks and what procedures to follow in the event of a breach. For all employees, such training should occur before every school year and for students, computer security literacy should begin as early as the third grade. While cyber security risks will always be a reality in today’s digitally-connected environment, school-wide awareness, planning, and education can reduce many of your vulnerabilities lowering their risk and better protecting the sensitive data of their students and faculty.