Student device security begins with comprehensive planning.
Student devices play an increasingly central role in instruction. Whether it’s Chromebooks, Google Classroom, or other online instructional platforms, students spend more and more of their time each day using school-issued devices. With this increased use, however, come risks. Students might inadvertently share their personal information with third parties or mistakenly download software containing viruses or malware that can negatively impact a school’s wireless network.
To combat these challenges while also embracing the many benefits of students’ device use, school leaders need a comprehensive plan to keep students safe online, as well as protect the school’s technology infrastructure from bad actors.
Enhance device security by limiting what third-party content students can download.
Working with their in-house IT team or managed IT service provider, school leaders should limit what third-party content students can download on their school-issued devices. Without such restrictions in place, students can inadvertently infect a school’s wireless network with disruptive malware or provide a “back door” for bad actors hoping to steal students’ personal information.
A student hacker in Maryland, for example, recently gained access to thousands of students’ personal data through the school’s Naviance college and career readiness platform. The hack exposed individual students’ grades, contact information, and other demographic information and went largely undetected for several weeks. While the student hacker didn’t ultimately release any students’ data, the breach underscored the vulnerability of educational networks to hackers keen to harvest students’ personal information. This is particularly true when it comes to students’ Social Security numbers and financial information, which hackers can use to open up accounts in students’ names or sell the information to other bad actors for their own use.
Limiting students’ ability to download third-party content without an administrator’s permission can greatly reduce the opportunity for bad actors to access the school’s wireless network and, in turn, protect students’ personal data.
Use content-filtering software to restrict the sites to which students have access.
Of course, schools can use content-filtering software to greatly restrict the kind of sites to which students have access on their school-issued device. While striking the right balance between content access and filtering can be tricky, narrowing the range of websites students are able to visit can go a long way in ensuring that school-issued devices are used for exclusively educational purposes.
These systems are particularly important when a school allows students to bring their school-issued devices home with them, far from the watchful eye of teachers or administrators who might otherwise monitor their online activity. Schools with content filtering systems effectively funnel students’ online activity toward educational sites or online platforms the school uses for instruction, like BrainPop or Accelerated Reader, and in the process limit the risk of students accessing sites where they might inadvertently expose the school’s network to bad actors.
Promote student device security awareness through CIPA-related programming.
Perhaps most importantly, schools should leverage CIPA’s digital citizenship resources to teach their students how to stay safe online. Schools who participate in the E-rate funding program are required to be CIPA compliant, and while access to the E-rate program is essential for many schools, CIPA compliance also allows school leaders to impart best practices in online safety to their students.
From lessons that underscore “the power of words” to third-grade students to more complex discussions about “red flags” in online chatrooms, CIPA-compliant programming during a school’s advisory or social-emotional learning time can give students the tools they need, regardless of whether they’re at home or in the classroom, to safely navigate the internet and keep themselves and the school’s network secure.
Work with an IT service provider with experience in student device security.
Finally, most school administrators aren’t technology experts, so it’s important to hire someone who is, particularly when students’ safety is at stake. Schools face unique cybersecurity challenges, so working with an in-house IT team or external managed IT service provider with a track record of keeping students safe online is key to a broader online safety program. When selecting an in-house team member or external provider, school leaders should ask candidates about their experience in student device security or if they’re familiar with CIPA compliance requirements. Doing so both screens candidates’ cybersecurity knowledge while also signaling the importance of student device security.
At CTS, we help schools secure their student devices, so they accomplish their unique missions.
Our team has worked with more than sixty schools across the United States to keep students safe online and guard the integrity of schools’ wireless infrastructure. Our CIPA-compliant content filtering systems and anti-malware software ensures students only use their school-issued technology for educational needs and gives administrators peace of mind that students won’t inadvertently compromise the school’s network. Contact us today to learn more about our managed IT services and how we can help your school accomplish its unique mission.