The accelerated adoption of hybrid learning has shifted the way we think about student safety. What once was a simple approach to protecting students within four walls has shifted to protecting students outside campus borders and in the digital universe. But a standard cybersecurity approach will not work in the education sector.
The pandemic made digital security a higher priority for school administrators because students and teachers are now using a mix of personal and school-provided devices for daily lessons. The growing number of remote devices increases the exposure of cybersecurity threats like never before.
In the US, K-12 schools serve over 50 million students, and, globally, schools collect and manage sensitive data from hundreds of millions of students, their parents, guardians, and school faculty.
The legalities behind the push
Due to the volume of confidential information collected, school districts have a moral and legal obligation to protect individuals' data, and ultimately ensure the safety of children.
The Children's Internet Protection Act (CIPA), enacted by the US Congress in 2000, strives to do just that. To qualify for certain federal funds, school districts must filter out explicit or harmful content web results for students. This includes content that contains guns, obscene or pornographic images, or gambling sites.
The UK's Children Act of 2004 requires organizations to safeguard and promote the well-being of children and young people and encompasses e-safety. The proposed Online Safety Bill adds responsibility to "in-scope" companies to assess risks and take action to tackle illegal activity that threatens the safety of children. Any platforms or providers that don't provide this level of security face hefty fines.
So why won't a standard cybersecurity approach work for the education sector? A standard approach includes basic filtering, but it might not cover advanced digital threats such as ransomware. Further, now that students are learning in a hybrid world, the education system needs to clearly define the responsibility of school administrators to combat evolving threats.
How schools can provide holistic safety
These are the top three ways to approach digital safety in education holistically.
1. Ensure safety inside and outside of physical classrooms
Safety, like learning, should be a fundamental right. Pre-pandemic school administrators were tasked with ensuring safety within the boundaries of their campuses while school was in session. Now that the lines between school and home are blurred, the education system should still be responsible for students' safety.
Whether it's at the library, home, or during afterschool care, student safety needs to remain a priority while operating school-provided devices or accessing school materials on external devices.
The first step toward implementing this is to step away from reactive monitoring and instead take a proactive approach to digital safety. One way to do this is by ensuring that cloud-based technology is deployed across all devices to protect students no matter where they are learning.
A cloud-first approach to digital safety allows school administers the flexibility to manage their current students, reduce deployment time, simplify management, and scale across districts.
2. Implement AI-based content filtering and keystroke monitoring
In addition to privacy concerns, educators also face new challenges on how to protect students from themselves and other students. One of the best approaches is AI-enabled filtering, which alerts adults to the type of information students are searching for.
Emerging technologies such as artificial intellgence can help reduce the number of false-positive content flags on devices, ultimately expediting threat response and reduce the administrative burden on school faculty, who have traditionally relied on static lists. AI algorithms can target specific phrases and content and adjust filtering in real time to identify and capture more potential threats before they occur.
Another way to monitor this type of behavior is through keystroke monitoring. Keywords that can be monitored include those pertaining to self-harm, cyber-bullying, and other dangerous acts that could be carried out on school grounds. This helps administrators hone their security approach instead of blocking whole sites and social channels such as YouTube and Instagram.
It's clear that archaic techniques such as static threat lists no longer serve the sector, and school administration should look toward AI detection and keystroke monitoring to combat emerging digital threats. Schools can also pair these AI tools with digital citizenship courses to educate students on how to be safer online.
3. Invest in enterprise-level solutions
Traditionally, local educational agencies have not prioritized installing enterprise-grade security solutions in the way that healthcare and financial institutions have. This security gap exposes teachers, parents, and students to risks such as identity fraud due to the sensitive and personal data that is shared. Ultimately, the lack of a strict security protocol can result in detrimental effects such as ransomware attacks and school lockdowns due to attackers locking up data storage and personal information.
While schools were rarely targeted by cyber attackers in the past, that has changed. In 2020, the US saw a record-breaking number of publicly disclosed school cyber incidents, resulting in school closures, millions of taxpayer dollars stolen, and student data breaches directly linked to identity theft and credit fraud.
It's time to upgrade how we protect children
Cybersecurity in the educational sector shouldn’t be approached as a quick fix to a complex problem. A holistic approach should take hybrid learning and enterprise-grade solutions into consideration.
That, coupled with AI-enabled content filtering and keystroke monitoring, can arm schools with a comprehensive digital safety plan. Ensuring a safe learning environment for students—no matter where they log on—should be a top priority for all school districts.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.