School is back in session. For many students this year, that means learning from their homes using devices like Chromebooks, tablets, and smartphones, rather than returning to the classroom. But with technology now at the center of how education is being conducted – hybrid or fully-virtual – students, teachers and administrators are faced with cybersecurity challenges.
If these new learning models weren’t daunting enough, we’ve already seen instances of bad actors taking advantage of overwhelmed school districts across the country. Consider the recent ransomware attack targeting the computer network of Fairfax County Public Schools, one of the country’s largest school districts, or the Las Vegas district that also exposed sensitive information due to a breach.
School districts can help address the security stress by training students and teachers to remain vigilant at all times, while also implementing a comprehensive mobile security solution.
To help teachers, students, parents, and administrators, here are some tips to help school districts and educational communities face these new cybersecurity challenges in this new online learning environment.
Mobile cybersecurity threats and Chromebooks risks
One of the adjustments schools have to make during continued virtual learning is the fact that students and teachers are using personal devices and new forms of mobile technology. Many families as well as teachers are using their personal tablets, phones, and Chromebooks to access classwork and email outside of the school’s walls – and its security perimeter.
Chromebooks are a popular solution for students – they’re a cost-effective way for students to access cloud resources, complete homework and learn. In some ways, Chrome OS devices are more secure than traditional devices like desktops and laptops. For example, Chrome OS does not allow access to its kernel, the core part of an operating system, and apps are sandboxed, so one bad app doesn’t impact the entire system.
Still, like any modern device, Chromebooks are still susceptible to phishing and malicious software. Anti-phishing and antivirus solutions remain important as they protect students from easy-to-make mistakes, like clicking on malicious links and downloading malicious apps.
For some students, mobile devices and tablets are their only options for attending class. But it’s important they’re aware of the unique threats on these devices.
Students, parents, and teachers need to be aware that phishing attacks are hard to detect on mobile. That’s largely because mobile displays are small and have a simplified user experience, which makes it harder to decipher what is real or fake when compared to a laptop or desktop. At the same time, mobile email, messaging, and apps provide additional channels for phishing attacks.
Districts must be hyper-aware of phishing, ransomware, and malware campaigns that could put both school administration and students at risk and train students, teachers, and administrators to stay vigilant against them. Without the proper training and security in place, school district infrastructure is at risk of compromise. Login credentials of teachers and administrators could be captured by mobile phishing, potentially exposing sensitive data such as employee information and student records.
Educating teachers and students on overlooked threats
Whether on Chromebooks, smartphones, or tablets, proper education is necessary to protect us all from mobile threats. Helping teachers and students understand the social engineering tactics used to obtain personal information like login credentials, resources, and passwords is critical. This includes awareness of the many ways malicious phishing links can be delivered.
A common misconception is that phishing is just email-based scams, but users must recognize that threats can be omnipresent through seemingly innocuous social media apps like WhatsApp and Instagram. Yes, even your video gaming app can give bad actors access to your device’s microphone, email, photos, documents, and phone logs.
To combat this, districts should offer basic training to teachers and students with best practices, including:
● Never give out personal information to someone you don’t know.
● Don’t open or click unsolicited links.
● Research sources to see if they are legitimate, and engage through their website, not an inbound link.
● Invest in modern endpoint security solutions.
User education is key, but it cannot be the only line of defense against mobile attacks. Modern endpoint security is an important consideration to protect every device. This needs to include protection against phishing and web content, network-based, and app-based threats. On Chrome OS, modern antivirus solutions can detect threats in new versions of apps to protect users from new viruses.
Remote learning is a reality for today’s students, but also introduces risk to school districts if devices are not adequately secured and users are not properly educated. While we’re unsure what the future holds, the lessons of mobile device security learned by kids, parents and districts alike will prepare us for a more secure mobile future, even when students are back at their desks.