Special Report
Privacy & Security

5 Steps to Curb Cyberattacks in 1-to-1 Computing Schools

By Mark Lieberman — March 17, 2020 4 min read
BRIC ARCHIVE
  • Save to favorites
  • Print

Digital devices are everywhere in schools these days. They are used to complete assignments, conduct research, play educational games, and generally enhance teaching and learning. In an increasing number of schools, every student has access to at least one digital device during the school day. Oftentimes, they can take those devices home after school. That proliferation of school-issued devices can open schools up to all kinds of cybersecurity problems.

Education Week asked K-12 technology leaders in districts with 1-to-1 computing environments to offer tips on minimizing those cybersecurity risks. Here’s what they suggested:

1. Invest in the right products.

It’s impossible to protect school districts from the wide range of security threats without outside help—but not all available products are created equal.

Anti-virus and endpoint security are two basic products that help improve cybersecurity. Chris Sette, the IT manager for the Meriden public schools in Connecticut, recommends splurging for a product that utilizes machine learning that “actually analyzes what’s happening on the machine and makes a determination that there is something out of the ordinary.” Sette’s team checks outputs from those tools every day.

Tools that offer transparency for parents as well are especially worthwhile, according to Bryan Weinert, who runs the 1-to-1 program at Leyden High School District 212 in Illinois.

The district uses Securely to offer parents a portal they can access to see their children’s activity outside the school day. The tool also offers the option to allow parents to see students’ activity during the school day, but the district opted out of that feature. “If a parent is concerned about what they’re using Chromebook at home for, now we’ve provided parents a way to look as well,” Weinert said.

2. Make hackers work for it.

Maintaining strong lines of communication between teachers and parents is important—but there are ways to accomplish that goal without putting cybersecurity at risk. Last summer, the Meriden district’s tech team scoured district and school websites, as well as other sites hosted by the district, to remove all email addresses for staff members and replace them with contact forms.

Weinert’s district has installed content filters that allow his team to monitor all activity on the devices students receive through the 1-to-1 program. Parents and students have been informed that they should have no expectation of privacy on those devices, he said.

“We’re not actively monitoring—that would be multiple people’s full-time jobs,” Weinert said. “If there’s ever anything that does come up, our deans, disciplinarians, principals have the ability to go in and look at what’s going on.”

3. Communicate constantly with teachers and set them up for success.

Sette’s team emails teachers any time there’s a chance they’re receiving a spam message cleverly disguised to look legitimate.

Melissa Tebbenkamp, the director of instructional technology for Raytown Quality schools in Missouri, says a high priority in her district is ensuring that teachers’ and students’ devices don’t have administrative privileges unlocked. “There’s not a single user in my district, not a single technician, not myself, not my superintendent, not my students that are local machine administrators. Their accounts don’t have permission to install programs.” [The district has one special account that has the power to make those changes.]

Why not? Many cyberattacks require some sort of download or the ability to edit the device’s internal registry. “If the user account that it’s executing under doesn’t have the permissions to do that, then that virus or that malware or that trojan can’t go anywhere,” she said.

4. Start teaching cyber hygiene in kindergarten.

Meriden students start getting lessons on online safety, and warnings about indiscriminately sharing information in kindergarten. Those lessons continue throughout elementary and middle school, so that by the time they reach 6th grade and are taking devices home, “we have created a culture of internet safety,” Barbara Haeffner, the director of teaching and innovation for the Meriden public schools in Connecticut, said.

5. Never assume that what you’re doing is enough.

Districts that stop at simply installing a firewall aren’t likely to see all their problems solved. “Having a broken lock on a door is really not gonna help you that much,” said Sette.

District leaders emphasized consulting state laws around data privacy. In Connecticut, for example, each school district is required to get a data-privacy agreement from a vendor partner, whether it’s paying for the vendor’s product or getting it for free. The district has procedures in place for teachers asking students to sign up for accounts or interface with products that fall under the law, Haeffner said.

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Reading & Literacy Webinar
The Future of the Science of Reading
Join us for a discussion on the future of the Science of Reading and how to support every student’s path to literacy.
Content provided by HMH
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
College & Workforce Readiness Webinar
From Classrooms to Careers: How Schools and Districts Can Prepare Students for a Changing Workforce
Real careers start in school. Learn how Alton High built student-centered, job-aligned pathways.
Content provided by TNTP
Mathematics K-12 Essentials Forum Helping Students Succeed in Math

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Whitepaper
Strengthen Your K-12 School's Zero-Day Protection
Remote learning technology and BYOD policies increase your K-12 school's attack surface, including its susceptibility to zero-day attacks. With CIS...
Content provided by Center for Internet Security
Privacy & Security Q&A Why Teachers Need to Take Cybersecurity Seriously
Cyberattacks are becoming more common in schools.
3 min read
Gloved hand reaching into a laptop screen hacking someone's account.
iStock/Getty Images Plus
Privacy & Security Tech Glitch Could Have Exposed Thousands of School Districts' Confidential Files
The incident shows the challenges school districts and education companies face in protecting sensitive data.
3 min read
Eye of the hacker in a keyhole . Spyware, hacking, cybercrime concept. Vector illustration.
DigitalVision Vectors/Getty
Privacy & Security PowerSchool Paid a Hacker's Ransom. Now Cyber Criminals Are Threatening Schools
More extortion attempts are possible, and districts affected by the data breach should be prepared.
The New York Stock Exchange is decorated on July 28, 2021 for the first day of public trading of the cloud-based educational software maker, PowerSchool.
The New York Stock Exchange is decorated on July 28, 2021, on the first day of public trading of the cloud-based educational software maker, PowerSchool.
Richard B. Levine/Alamy