How Schools Can Mitigate Endpoint Security Risks

Endpoint security is an integral part of a school’s cybersecurity plan.

K-12 school leaders and IT professionals are well-aware of the growing threats to cybersecurity that their educational institutions are facing. Based on a survey conducted in February 2022, 56% of K-12 schools experienced some form of ransomware attack in 2021. While it is true that schools have been at risk of cyberattacks since the early 2000s, the recent uptick in cybercrime involving schools correlates with the Covid-19 pandemic. The rise of digital and remote learning and the subsequent increased use of devices and online platforms have left schools more vulnerable to attack. These new tools for learning have had a positive impact on student achievement and student engagement so they are here to stay. However, this means that schools are recognizing that endpoint security, a proactive plan to ensure that any device that can be connected to the network is safe from threats, is extremely important. Schools need to behave as if every network endpoint is a potential opening for a cyberattack because it is.

The growing number of endpoints in a school makes it difficult for school leaders to maintain full visibility and control of their tech ecosystem.

Schools have become technology-rich environments. With such high-density wireless usage, many schools and districts are finding themselves in need of a wireless network upgrade to be able to better support this integration of technology into the instructional and operational aspects of school life.

Devices like Promethean boards are being used to support teaching and learning and security cameras and access control systems are supporting student and staff safety. Schools are striving for a 1:1 student-to-device ratio. Then there are the laptops for faculty and staff, printers, and mobile devices. When added all together, an individual school can easily have hundreds, if not thousands, of endpoints.

Even though schools are no longer in the remote learning phase of the pandemic, device sprawl continues to occur and can be an obstacle to the visibility IT teams need to ensure cybersecurity. Teachers are still needing to take their laptops home for lesson planning or grading. Other staff and administrators might find themselves using school-issued devices to catch up on work at home in the evenings or on the weekends. Some schools, in an effort to reduce digital inequity, allow students to take their school-issued devices home to complete homework and to study. There are also schools with ‘bring your own device’ (BYOD) policies, where school staff and sometimes even visitors are allowed to connect their mobile phones and other devices to the network.

School IT Support Provider

This number of endpoints and their multiple locations, while good for learning and digital equity, can increase a school’s vulnerability to cybercrime.

Unsecured IoT devices are a commonly overlooked point of access to a school’s network.

Schools are increasing their use of IoT devices and because of this, there are so many devices outside of the obvious – laptops, desktops, mobile devices, and tablets – that are connected to and reliant on a school’s network.

Access card systems to help limit and differentiate access to the building is reliant on the network. Security cameras to keep schools safe and document incidents are reliant on the network. Smartboard, Promethean boards, smart projectors, and smart HVAC systems are all connected to and reliant on the network. An IoT threat report, published in 2020, shared that 98% of IoT device traffic was unencrypted. This low level of security around devices that are frequently used in schools leaves personal and confidential data on the network exposed and it creates opportunities for hackers to collect personal or confidential information. It also leaves devices open to disruption. Through IoT device hacks, cybercriminals could unlock or lock school buildings, delete or leak security camera footage, and significantly alter the temperatures of schools to freezing cold or uncomfortably hot.

School leaders are focusing on how to protect their endpoint-rich environments because these devices are here to stay.

A school’s responsibility is not to limit its endpoints. These tech devices are good for students and good for schools. The responsibility, instead, is to proactively secure the devices and mitigate the risks.  Fortunately, there are many strategies that schools can employ to secure their endpoints. Here are a few to consider:

  • Use of strong passwords and multi-factor authentication: Requiring staff to use strong passwords that are unique, long, a mix of letters, numbers, and symbols, and that do not contain any personal information such as names or birth dates can keep devices safer from hackers. Also enabling multi-factor authentication via SMS, phone call, or authenticator app adds an additional layer of protection in case a cybercriminal is able to gain access to a password.
  • Keep the anti-virus and malware prevention software on all devices updated: Installing antivirus and malware protection software on every device possible is a critical source of protection for schools. In addition to keeping the school’s data safe from bad actors, this can also ensure that internet speed isn’t compromised. Software updates are frequently made available so keeping software current on all devices is important as well.
  • Cybersecurity awareness training for staff: Cybercriminals expect and rely on staff to have a low level of cybersecurity awareness. Training school staff on how to spot phishing scams will significantly reduce the likelihood of them clicking on a suspicious link or downloading an attachment from an untrustworthy source. Every day the AV-Test Institute registers over 450,000 new malicious programs or potentially unwanted applications. Antivirus and malware protection software is frequently being updated but still is not able to keep up with this volume of change. Because of this user awareness is a critical first line of defense.
  • Secure IoT devices: The security of IoT devices begins with the procurement phase. The first step in securing these devices is to evaluate them and be certain that they meet a school’s IT security standards and data privacy requirements before purchase. Additionally, schools can increase security for IoT devices through network segmentation. Keeping these devices on a separate VLAN can safeguard the school’s network, even if the individual device is compromised.

At CTS, we help clients increase their endpoint security and protect their learning environment.

IT has provided transformational benefits to education. These changes and technological advances will continue to proliferate and schools are finding ways to adapt. Creating a strategy for assessing and increasing your school’s security posture is one of these necessary adaptations. Taking the necessary cybersecurity steps, which include a focus on endpoint security, takes time and effort. With all the other pressing demands of the day-to-day work of schools, it can feel hard for school leaders to carve out the space needed for this critical work. This is a place where outsourcing can help. At CTS, our clients have access to our device management platform. By putting all of a client’s devices on this platform, we ensure easy and comprehensive deployment of security updates in addition to other operational benefits like managing settings, deploying software and apps, printer management, etc. We also support our clients with cybersecurity awareness training for staff and sourcing and procurement of IoT devices.

We work with our schools to strengthen their security posture and mitigate cybersecurity risks, particularly the risks associated with endpoint devices, that can disrupt education. Our managed IT services have supported more than 40 schools in securing their student, staff, and broader network data. Contact us today to learn more about how we can keep your school’s data safe, so you can focus on accomplishing your school’s mission.