As schools introduce smart devices into their classrooms, they inadvertently make themselves vulnerable to data security risks. Educational institutions that know how to secure their teaching technologies will be able to reap the full pedagogical benefits of these learning tools while keeping their information safe from potential threats.
Why should schools look into securing their smart devices?
As of the early 2010s, the education sector was already considered one of the most affected by data breaches, accounting for 16.8% of all incidences in the US alone.[1] Data breaches are any security incidents that lead to the accidental or unlawful disclosure, alteration, destruction, or loss of data owned by organisations or individuals. The effects of these breaches can be highly damaging to the reputation and safety of anyone affected.
Security experts have noted that in the case of breaches in schools, attackers would have a 76% chance of obtaining personal identifiable information (PII) if education data is compromised.[2]
Potential impact of security breaches to teachers and students
According to the US Department of Education, the student-related PII collected by schools can range from their names and addresses to records of their special needs requests and disciplinary incidents.[3] Schools may also store their teachers’ employee information, which can include their passwords and National Insurance numbers. If any of these were to be stolen, attackers could use them for fraud, identity theft, blackmail, extortion, and other related safety concerns.[4],[5]
On top of stolen data, a breach in the school’s network can also lead to other threats such as hacking and ransomware attacks that can seriously cripple their day-to-day operations.
Potential impact of security breaches to schools
The effects shown on the graphic are based on the impact levels listed on the National Institute of Standards and Technology’s Standards for Security Categorization of Federal Information and Information Systems.[6]
As mentioned earlier, smart devices are one of the items that can leave schools vulnerable to attacks. Because technologies such as smart boards are always connected to the internet, they’re often left exposed; without the appropriate security measures set up, they could become the cracks that attackers need to shatter a school’s system. It is therefore critical for schools to take stock of all the smart technologies they use and find ways to secure all the gaps.
How can schools make their smart devices more secure?
If your school is using smart devices for teaching or other purposes, it’s always good to take note of three key points: your devices, your network, and the cloud. Addressing the security issues at each level will help create a holistic security strategy for your school.
Below is a checklist you can use as a guide to help ensure that your smart devices are safe to use in school.
Device security
☐ Does your school have smart device usage guidelines?
Improper use of your smart devices is one way of exposing your school to security threats. Improper use includes activities such as opening unsecure websites, unauthorised sideloading of apps, and downloading suspicious files. To prevent breaches caused by improper device use, your school should have a set of smart device usage guidelines that clearly state the dos and don’ts for students and teachers.
☐ Are you able to assign and modify user privileges for your devices?
Another way to prevent users from improperly using your school’s smart devices is by assigning user privileges. Some smart devices like the BenQ Board give IT administrators the ability to enable different secure user modes that ensure that only authorised personnel, such as teachers, can log in and use their smart boards.
☐ Do you receive firmware updates and security patches for your devices?
One of the common ways hackers get inside an organisation’s system is by using exploits. They first seek out internet-connected devices with vulnerabilities—this means that these devices still use outdated versions of firmware or apps. Attackers can then exploit these vulnerabilities to either install backdoors and other malware or do other malicious activities like steal confidential data.
Most security-conscious vendors, such as BenQ, provide their customers with regular firmware updates and security patches for these vulnerabilities. Your school’s IT administrator should always ensure that these updates are installed in a timely manner to prevent possible breaches.
☐ Can you install security software?
As an extra layer of protection, you may opt to install security software on your new devices. Check whether or not your school’s existing security solution can be extended to your smart devices.
Network security
☐ Does your school have smart device usage guidelines?
An unsecure smart device connected to an unsecure network can expose your school to remote attacks. In a security research conducted in 2017, printers using open network ports were identified as data security risks in the educator sector. Printers made up 43.9% of all unsecure devices found in US-based schools.[7] Although the thought of exposed printers may not seem serious, hackers can still use this opening to move laterally within your school’s network until they find their actual targets.
Your network administrator should not leave your smart devices exposed. They can start fixing this issue by closing all the unused ports on your school’s network and segmenting the network according to function. Segmentation ensures that all smart devices used for internal operations are separate from those that are shared with third parties.
☐ Does your smart device allow you to configure its network settings to make it more secure?
Some smart devices such as the BenQ Board allow IT administrators to configure their network settings for more stable and secure data transmission within their school’s network. Take advantage of these settings to ensure that your boards are fully compliant with your school’s existing network security measures.
Cloud security
☐ Does your smart device use secure cloud systems?
Many vendors offer cloud-based management platforms allowing your IT teams to remotely monitor and manage your school’s smart devices and user lists. Because these consoles and dashboards are all online, you must ensure that these websites are using protocols such as HTTPS and SSL for secure communications. It’s also best to find out what security standards these services use when authorising your login credentials.
Schools that use the BenQ service portal for device and user management are guaranteed that these standards are always applied whenever they access their BenQ cloud accounts.
☐ Is your smart device and its cloud services compliant with data protection regulations?
Since many smart devices require user data to enable certain services, your school must check if the device and its related cloud services have been audited and are compliant with the data protection regulations governing your country. Using compliant devices such as the BenQ Board helps ensure that your school’s information is used only for the purposes agreed upon.
You can download the Better Security with BenQ for more information.
References
Huq, N., “Follow the Data: Analyzing Breaches by Industry (Trend Micro Analysis of Privacy Rights Clearinghouse 2005–2015 Data Breach Records)”, Trend Micro, https://documents.trendmicro.com/assets/wp/wp-analyzing-breaches-by-industry.pdf, published 22 September 2015, last accessed 17 April 2023.
Ibid.
“What Parents Need to Know about their Student's Data”, Protecting Student Privacy, US Department of Education, https://studentprivacy.ed.gov/training/what-parents-need-know-about-their-students-data, last accessed 17 April 2023.
“A Parent’s Guide for Understanding K-12 School Data Breaches”, Privacy Technical Assistance Center Student Privacy Policy Office, US Department of Education, https://studentprivacy.ed.gov/sites/default/files/resource_document/file/Parent%20Guide%20to%20Data%20Breach.pdf, last accessed 17 April 2023.
Huq, N., “Follow the Data: Dissecting Data Breaches and Debunking Myths (Trend Micro Analysis of Privacy Rights Clearinghouse 2005–2015 Data Breach Records)”, Trend Micro, https://documents.trendmicro.com/assets/wp/wp-follow-the-data.pdf, published 22 September 2015, last accessed 17 April 2023.
“Standards for Security Categorization of Federal Information and Information Systems”, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (NIST), https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf, last accessed 17 April 2023.
Huq, N., Hilt, S., and Hellberg, N, “US Cities Exposed: Industries and ICS (A Shodan-Based Security Study of Exposed Systems and Infrastructure in the US)”, Trend Micro, https://documents.trendmicro.com/assets/wp/wp-us-cities-exposed-industries-and-ics.pdf, published 15 February 2017, last accessed 17 April 2023.