Parents and school officials must collaborate to operate schools like a digital native start-up instilled with a security culture

Parents have long held a special duty to protect their school-aged children from bad actors on the Internet.

Now COVID-19 has dramatically and permanently expanded that parental responsibility, as well as extended it to ill-prepared school officials in K-12 campuses all across the nation. The prospect of remotely-taught lessons remaining widespread for some time to come has profound privacy and cybersecurity implications, going forward.

Overnight, those in charge must learn how to operate all of our elementary, junior high and high schools as if they were digital-native startups. Students, parents and teachers at each K-12 facility, henceforth, need to be treated as the equivalent of remote workers given to using a wide variety of personally-owned computing devices and their favorite cloud services subscriptions. And it must be assumed that many of them are likely ignorant of good cyber hygiene practices.

School district officials will have to adapt and embrace a bold, new paradigm – and they’ll have to do it fast. The stakes are very high. Organized hacking groups will be quick to single out — and plunder — the laggards. Here’s what all parents and school officials need to spend the summer thinking about and planning for:

"Zoom-bombing" entered our lexicon soon after schools began their first attempts at using the suddenly indispensable video conferencing tool to conduct classes online. Attackers quickly figured how to slip obscenities and even pornographic videos into live classes.

This was an early indicator of how far most schools have to go in adopting an appropriate security posture. No one enforced the use of passwords, nor insisted on strict teacher control of those lessons. To Zoom’s credit, password protection and a "waiting room" feature, which allows the host to control when a participant joins the meeting, are the default settings

for its free and single license paid accounts. Yet it’s understandable that a teacher, in the absence of school policy, might disable the password and waiting room functionalities to keep the class open to last-minute stragglers.

"What people have to keep in mind is that using a cloud service to hold a meeting or call is kind of like having a meeting out in the middle of a city where anybody can potentially join or listen in to what’s going on, or just cause problems," observes Kowsik Guruswamy, chief technology officer at Menlo Security, a Silicon Valley-based supplier of malware-blocking technology. "However, these inconveniences of enforcing passwords and using waiting rooms are completely reasonable if you want to ensure a secure, private meeting."

Clearly, school districts need to set basic security criteria for Zoom classes, including processes for making sure participants only use the latest, fully patched version of whatever collaboration tools are being used and reporting any malicious, or even suspicious, activity to school district security.

Zoom-bombing is comparatively easy to get under control. However, operating more like a digital-native company presents a host of complex exposures school districts will now have to come to grips with.

For one thing, the youngsters are apt to be light years ahead of the adults in terms of their digital aptitude. "The fact is that K-12 students are social media savvy, incredibly comfortable on the internet and willing to stretch the boundaries of common sense, to a greater degree than the faculty," says Colin Bastable, CEO of Lucy Security, a cybersecurity training company based in Zug, Switzerland, that does a lot of work with schools.

And yet, school districts, now more so than ever, must take proactive steps to mitigate the same privacy and data security risks as any other small- to medium-sized business (SMB.) This begins with securing sensitive school district records, belonging not just to students, faculty and staff, and includes monitoring and protecting online payment systems, now sure to come under expanded Business Email Compromise (BEC) attacks.

The thing that most alarms Jesse Norton is the exposure to kids. Norton is  a security consultant at Spirent Communications, an 82-year-old British supplier of network performance testing equipment. "This brings the possibility of pedophiles getting access to these lists," Norton says. "This can result in long-term consequences, like identity theft ten years from now, or even the use of childrens’ identities in human smuggling/sex trafficking rings. Criminals can be ingenious when it comes to utilizing the  resources they get their hands on."

When I asked Norton how he would grade the security posture, generally, of K-12 schools, in the U.S., here’s what he told me: "I can't speak for all schools, the only one I know about is where my kids go. They are ill prepared for configuring a network to work, let alone securing it; definitely getting a D minus."

  • cc攻击防御_cdn高防什么意思_快速解决


    04-17    来源:长虹华伟

  • 阿里云高防ip_香港高防cdn节点_怎么防


    09-24    来源:长虹华伟

  • ddos盾_防cc攻击拦截代码_怎么防

      弗吉尼亚州福尔斯彻奇2015年1月26日诺斯罗普格鲁曼公司(纽约证券交易所:NOC)任命Heather M.Crofford为其企业共享服务(ESS)组织......

    11-12    来源:长虹华伟

  • cdn高防_服务器安全防护设备_免费试用


    11-14    来源:长虹华伟

  • cdn高防_ddos高防ip阿里云_免费测试


    02-12    来源:长虹华伟

  • cc攻击防御_天海神盾游戏租号系统_新用户

      这是我们正在进行的新系列中的第二个,它为您提供了成功部署DMARC所需的技巧和技巧。阅读前面的提示DomainKeys Identified Ma......

    09-02    来源:长虹华伟

  • ddos高防ip_云盾浏览器下载安装_快速解决


    02-23    来源:长虹华伟

  • 防ddos_苹果x高防手机_秒解封

      从这里一切都好起来了网络学院教授员工新技能以填补人才缺口2018年10月,英国兰开斯特大学(Lancaster University)的两名学生......

    10-26    来源:长虹华伟

  • ddos防御工具_抗ddos攻击解决方案_怎么办


    11-12    来源:长虹华伟

  • ddos防火墙_cdn防御ddos效果_怎么防


    11-10    来源:长虹华伟

Ctrl+D 将本页面保存为书签,全面了解最新资讯,方便快捷。