As the summer becomes fall, the “back-to-school” season moves into high gear. College students get ready to return to campus, and k-12 students look forward to the first day of school. It’s the perfect time to reassess your school’s data security program.
The unfortunate side effect of technology in the classroom is a growing threat to student security. The impact of compromised personal data on student privacy cannot be underestimated. In the United States, there are three major privacy laws that schools must comply with. Failure to do so can jeopardize a school’s ability to qualify for federal funding.
While it’s clear what educational institutions must do to comply with these laws, it’s not always clear how to help students become aware of the online threats they face on a daily basis.
The Vulnerability Conundrum
Every day, in schools across America, students engage with their friends, family, and teachers via unsecured applications and web sites. They do so indiscriminately on both their own mobile devices as well as on those supplied by their schools. As students link their devices to the Internet, download more applications and welcome more people into their “friends” community, it becomes harder and harder for them to determine who and what to trust.
According to the 2018 State of K-12 Cybersecurity: Year in Review, a report from the K-12 Cybersecurity Resource Center, last year, 119 schools experienced 122 cyber attacks -- ranging from data breaches to phishing scams and ransomware attacks. For instance, the Los Angeles Times reported that as many as 500,000 students and staff at the San Diego’s Unified School District may have had their personal data stolen – including social security numbers, DOB, phone numbers, health information – over the course of 2018.
Another article, The False Sense of (Cyber) Security: Data Breaches in Higher Ed, recognizes that each institution hit by a data breach experiences a corresponding blow to its reputation. The story goes on to detail university hacks that resulted in lost intellectual property, health and credit card information.
Clearly, both the regional school district and the college campus are viable targets for data thieves.
Educating Students About Risk
Threats are looming over schools and colleges, and as we said earlier, it's clear what schools need to do regarding their network and digital infrastructure security. But, what about what their students can do to protect themselves?
Aside from institutional threats, schools should take responsibility for educating their students on how to become better digital citizens. After all, all current students are experiencing a fully digitalized childhood.
Kids on average, according to a 2016 study, receive phones as early as when they are 10 years old. For the user, it means a new world of possibilities:
- Social media
- Entertainment
- Online browsing
- Email access
- Text communications
- Downloads
But, from a security perspective, when a new mobile, tablet or laptop user appears, it means there is a new target available for the following attack vectors:
- Social media / Email Scams
- Malicious Downloads
- Phishing
- Data Scraping / Collection
Not knowing these kinds of threats does not mix well with inexperienced teenage, or child device users. Looking for free games, or free offers, giveaways, and software is one of the most common ways these users fall for phishing, and malware campaign.
The reason behind that? It's a lack of awareness and criteria. That's why at Prey, we spend a good deal of time thinking about how we can work more closely with school administrators, their IT directors, teachers, parents, and students themselves to make everyone safer.
Click the poster to download the kit.
This year, Prey is kicking off a dedicated campaign designed to give all its educational constituents more safety information and to help promote the use of basic protection, like Prey's free personal application.
A core piece of this campaign is our Student Awareness Poster Kit, designed to raise awareness on the need for basic mobile security, and general basic threats such as phishing. The posters are available for free from Prey, Inc. and can be downloaded here.
These posters came to be due to a request by one of our partnered schools, whose IT manager had seen a few cases of student device loss. This user wanted to promote the personal use of Prey's free app, display the school's use of Prey as a theft deterrant, and spread awareness of certain classic threats, such as phishing.
The Prey posters can easily be affixed to a wall in any highly trafficked hall or class and they are presented in a ready-to-print format
The posters are presented in a ready-to-print format, so that they can be easily affixed to a wall in trafficked school halls and classes in a size you deem reasonable.
With catchy cartoon graphics, each of the four posters addresses a different aspect of mobile device security:
- Keeping your phone safe and your data private,
- The likelihood that a phone will be pickpocketed,
- Whether students’ phones are more likely to get lost or stolen,
- The danger of phishing schemes.
Schools are encouraged to download all four posters and to place them in prominent locations where everyone is able to see them. After all, a lost or stolen device can have a major impact on students and schools. There’s the financial loss, of course, but there’s also the possibility that important data will be lost or compromised.
What's more, even though schools may not appear so, they are the 4th most frequent device theft location, according to last year's Mobile Theft & Loss Report.
From the cases we've analyzed, threats range from break-ins to rogue employees and student-to-student pickpockets.
Promoting Personal Device Security
We promote the use of our free application not because of a commercial factor, but due to the belief that basic security should be accessible by anyone. The core anti-theft features have always been free and will always remain to be so.
Universities such as the Wesleyan University, and the University of California (Davis), promote us as well from their IT-desks, including us as a recommended piece of software for students to have on the gadgets they take in-campus.
Students who download the free version of Prey Anti-Theft can take advantage of the following features to keep their data private and their devices close at hand.
- Evidence Reports – Once a device has been set to “Missing” on the Prey control panel, a series of reports that include location, active and nearby networks, pictures, and user information.
- Control Zones – Creates areas on a map that detect and alert phone, laptop, or tablet movement in and out of them.
- Location History – Active tracking that helps detect odd patterns and unwanted movements.
- Security Actions – Helps protect the device with remote actions such as the lock, alert, and alarm.
School IT administrators who opt to protect their mobile fleets with Prey's advanced solutions get additional peace of mind with a comprehensive management suite, data protection features for an extra layer of Ferpa compliance, and reactive security tools.
We hope this marks the beginning of your School's awareness program! It is a simple and basic approach, but for us, it is the first step of this collaboration between Prey and its partnered schools. We will continue to work on more comprehensive advice and resources to drive these processes forward.
Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.