The way school districts operate is forever changed. The pandemic forced schools to adapt and increase their use of cloud platforms and cloud activity. Google Workspace and Microsoft 365 became the go-to option to stay connected, and students now have their own device to access their school cloud account. Anywhere, any time.
As the 2021 school year approaches, cybersecurity continues to be the top technology priority. However, CoSN’s The State of EdTech Leadership 2021 Survey Report found that cybersecurity risks are underestimated. The proper steps to protect the expanding cloud environments are not being taken. Not only are districts at risk, but so are the security and safety of everyone using the cloud applications a district provides.
As an IT team, taking the appropriate steps to monitor and control the activity taking place is critical. Here are five steps to take to protect students and staff in the cloud.
Watch for Phishing Activity
Phishing is the top tactic used by cybercriminals to gain access. Therefore, it’s critical to be able to spot phishing early on. This can be difficult, as phishing comes in a variety of forms.
● Spear-phishing: a well-thought-out email designated to specific targets, where an email looks to be coming from a person of power within the school district, making a request.
● Lateral phishing: occurs when an account is compromised, and the attacker can send phishing emails from one school district account to other accounts within the district.
● Malicious third-party apps: a phishing campaign attempting to get students and staff to download, install, or connect a malicious app that compromises an account upon sign-in.
● File attachments: phishing can also be sent using emails containing a malicious file attachment or a file that contains a phishing link to execute the spread of malware. These are more likely to be able to get past traditional email phishing filters.
Phishing attacks have become more advanced and severe. One incident in 2020 cost a district $9.8 million, according to The K-12 Cybersecurity Resource Center’s State of K-12 Cybersecurity: 2020 Year in Review report. The median cost of spear-phishing incidents is reported to be $2 million.
Training students, teachers, and staff to spot these attempts is crucial. They will often be the first point of contact. And once a single person falls for an attack, the phishing can quickly spread. Consistently watching the login activity of students and staff can help detect the unusual behavior indicating a successful phishing attack.
Monitor Login Activity
The increase in cloud technology means it’s more important to have the procedures in place to see where logins are coming from. A major benefit of the cloud is that students and staff can log in from anywhere, any time. This is also one of the risks. It’s difficult to know which logins are legitimate and which aren’t.
Districts experience hundreds of attempts to log in to an account every day. Quickly identifying an account successfully logging in from an unusual location can help an IT team stay ahead of an attacker.
On the other hand, seeing the many unsuccessful attempts should raise concerns and an IT team can keep a closer watch of where logins are coming from. Because if left unmonitored, attackers have time to connect malicious apps to an account. Causing further damage.
Remove and Prevent Unnecessary Applications
When protecting against cyber threats, the third-party applications students and staff connect to their accounts can be just as—if not, more—harmful. Cyber attackers create malicious apps mimicking a trusted app a district uses. All with the common goal of tricking victims into handing over their information.
OAuth uses login credentials from one application to log in to a separate application with an access token. This is another way an attacker gains access. When students and staff choose to log into an app with the ‘Sign in with Google’ function, this is OAuth in action. While an attacker doesn’t have access to a user’s password, the access token can be used to still access emails and files. A student or staff member may not even realize they handed over those permissions.
Creating a list of approved applications that have been tested and verified is one way to be better protected. From both malicious apps and OAuth exploits. Another tactic strongly recommended by the National Institute of Standards and Technology (NIST), is application whitelisting. This takes the approved list of apps a step further and controls which apps are permitted to execute on endpoint devices. However, the security of the stored data is at risk if apps aren’t monitored—even if they are approved.
Adopt a Data-Centric Approach to Security
Data stored in the cloud is believed to be secured by the provider, but it isn’t. Districts are responsible for protecting their cloud environments and the data stored within. This is often a misunderstood concept among IT teams.
A data-centric approach means monitoring where data is stored, who created it, who has access to it, where it’s shared, and knowing if data is exposed to the public. This approach also helps protect districts from insider threats—the students and staff.
Insider threats aren’t usually malicious. But that doesn’t mean there aren’t times when accidental data loss occurs. It can be as incidental as someone sending an email or sharing a file to their account. Or a student sharing an online document with a parent. These incidents can be equally as damaging to cybersecurity and data privacy.
Monitoring the behavior of a district’s cloud accounts, and the data circulating within and between them protects data from falling into the wrong hands. It also helps better detect threats to the safety of students and staff.
Find Online Behavior Putting School Safety at Risk
Cloud applications used at school also contain hidden safety risks. This is an area IT teams have increasingly had to address in the past 18 months.
The increase in apps and cloud storage used in districts makes it easier to hide risky behaviors. Cyberbullying, threats of violence, discrimination, self-harm, inappropriate images, and explicit content exist. IT teams are often the first ones to find these incidents and alert counselors, principals, and superintendents.
Districts think of school safety in terms of content filtering and controlling what can be accessed online. Now, the cloud is forcing IT leaders to take a more holistic approach. What is being created, shared, and stored by students and staff must be monitored—because districts are providing the cloud technology and must keep the online interactions safe.
A recent Supreme Court ruling determined school officials have no authority to punish students for speech that occurs in places unconnected to the campus. The ruling also stated districts do have the right to regulate off-campus speech in a variety of situations, which makes the monitoring of school-provided technology more important. Because incidents of bullying, harassment, and threats circulate within the cloud apps that are supposed to be used for academic purposes.
The rapid introduction of remote learning and the move to the cloud opened up districts to emerging cybersecurity and safety threats. With these proactive measures, districts can be better secured in the cloud. Students and staff will also be more protected as the use of cloud applications provided by their district increases.
This article was authored by Charlie Sander, CEO of ManagedMethods. ManagedMethods is an easy, affordable platform developed for school district IT teams to manage data security risks and detect student safety signals in the cloud