Managing Data and Device Security in Education
Managing Data and Device Security in Education
A record-breaking number of school cybersecurity incidents have been recorded in the last two years. A K-12 cyber incident map tracked 408 publicly-announced school incidents, including data breaches for students and teachers, ransomware and malware attacks, phishing scams, and denial-of-service assaults. Furthermore, many of these events were severe: shutting down major school districts, costing taxpayers millions of dollars, and exposing student's personal data.
The pandemic also exposed significant gaps and critical failures in the resilience and security of the K-12 tech system. Cybersecurity experts have repeatedly testified before Congress that these incidents are no longer isolated to individual users: most cybersecurity incidents are now intruder attacks against devices attached to networks, including endpoint computers and mobile devices used by students and educators.
Today’s students are using more devices in school than ever before; from traditional desktop computers to notebooks, tablets, smartphones, PDAs with full-featured web browsers, digital cameras with video capabilities, online interactive whiteboards that support remote sessions over the Internet, and smart TVs used for classroom presentations or streaming Netflix. The list of endpoint devices continues to grow exponentially.
Moreover, each device has a different operating system with its own security requirements. Cybersecurity efforts must focus on securing all endpoint devices attached to any network controlled by the district. Schools must adopt a more rigorous cybersecurity mindset, the way that government institutions, healthcare providers, and financial institutions tend to protect their data.
Cybersecurity Incidents That Have Harmed K-12 Schools
Districts have been hit with ransomware attacks because criminals know they lack the cybersecurity skills, experience, practices, and policies to meet the threats. Common cybersecurity incidents that have harmed K-12 schools include:
● Districts being forced to pay ransoms when their servers were seized by cybercriminals;
● Districts losing student records when one of their endpoint devices, such as a laptop used by an employee, was stolen or hacked;
● Teachers or students falling for email phishing scams that steal user credentials or trick users into installing malware;
● Districts losing proprietary data because an endpoint device was not managed properly (e.g., the device used an outdated operating system with known cybersecurity vulnerabilities);
● Schools shutting down for several days because district networks or databases are completely inoperable due to a security breach;
On top of tangible monetary, data, and time losses, there are intangible losses: parents and local governments have expressed a loss of trust in school districts that were hacked due to avoidable mistakes.
Implementing a Zero-trust Security Model for K-12 Schools
While individual schools should also have robust security systems, cybersecurity plans should be well-developed at the district level. A zero-trust policy is a cybersecurity mindset that includes built-in security access points and check-ins for every user and endpoint device on a district network. In other words, this cybersecurity model assumes all users and devices are potentially malicious until proven otherwise, denying access to resources and databases until an authorized user on a secure device is verified.
A zero-trust approach helps a district ensure future security by making them a harder target for cybercriminals. K-12 schools have been increasingly victimized as they are more often considered “soft targets,” while businesses have become more hardened with more advanced security investments. Furthermore, implementing endpoint device security as part of an overall cybersecurity program will require changes in how schools approach cybersecurity by providing one-time burn-in procedures for endpoint computers.
A zero-trust policy for school districts should consider the sorts of endpoint devices a district will need—whether they’ll be sent home with students and faculty, how many and what kind—as well as the kinds of learning software and information databases that will be used. Such a policy should also embrace education: teaching students and staff about good cybersecurity practices should be part of the policy.
HP Wolf Security for School Districts
At Vanguard, we are proud partners of HP, and can guide you to the best devices for protecting your classrooms and optimizing learning. With our Asset Management Solutions, we can help you to procure, deploy, and manage the security of your classroom devices from when they first come out of the box to when we recycle them. We strongly believe that no other IT Partner offers anything comparable in our marketplace.
HP Wolf Security protects school districts from hardware, software, and network attacks by reducing the attack surface through self-healing firmware, in-memory breach detection, and threat containment via isolation. The key element of HP Wolf Security is the application of zero-trust principles to endpoint security to stop even the most well-disguised threats.
HP Wolf Security is the perfect solution for security scenarios where students are the "weak links" owing to their limited understanding of how clicking on malware or phishing links can expose entry points to a network. It leverages HP Sure Click, which opens untrusted files and websites and files in isolated virtual containers known as micro-virtual machines (micro-VM) and in the process prevents any malware from affecting your computer, accessing your files, or even getting into your other web browser tabs.
School districts that use HP devices enjoy added security features of the HP Wolf Security solution, including hardware-enforced security: a hardware security module that sits separate from the motherboard and monitors security vulnerabilities on the computer in real-time.
Contact us today to learn how we work with school districts like yours to deploy HP Wolf Security and keep your educators, students, and data safe from cybersecurity attacks.