The Biggest Cloud Threats to Remote Education — and How to Thwart Them
By Micah Castelo
Cloud adoption is rapidly accelerating because of remote learning but it has also put a spotlight on new cybersecurity concerns. With most schools continuing remote or hybrid learning, it has become clear that investing in a robust and resilient IT infrastructure such as cloud technology is a smart and necessary move.
The cloud enables schools and districts to adapt quickly in times of crisis and continue learning for students at scale. However, the cloud is not without risks. For example, 54 percent of IT professionals in education said employees put data at risk by sharing it in the cloud without their knowledge, according to a 2020 Netwrix report. Meanwhile, 65 percent of educational organizations don’t review permissions regularly.
Remote learning has complicated those risks. “If anything, what the pandemic has done is it has magnified the cybersecurity challenges for K–12,” says Sateesh Narahari, chief product officer for ManagedMethods, a cloud security vendor. “It has also increased the complexity of cybersafety.”
Therefore, it’s even more crucial for administrators and educators to be vigilant about security and privacy when using cloud-based platforms. IT teams must also adapt their cybersecurity strategies to keep online classrooms safe and secure.
The Top Cloud Computing Security Challenges in Education
What exactly are schools and districts dealing with? Here’s an overview of the common cloud security risks they should be ready to tackle:
- Loss of visibility: Today, most students and school employees are accessing cloud-based tools from multiple locations, networks and devices. This makes it harder for IT teams to maintain visibility into their users, Narahari says. Also, with everyone remote, location-based security and privacy assumptions are no longer as valid as they were before the pandemic, he adds.
- Data breaches and data loss: Leaking or losing student data is the biggest fear of educational organizations, especially when it comes to minors, says Stephen Manley, chief technologist for data protection company Druva. The U.S. Government Accountability Office found that between 2016 and 2020, thousands of K–12 students had their personal information compromised in data breaches. “When a student’s personal information is disclosed, it can lead to physical, emotional and financial harm,” notes the GAO’s report.
- Insider threats: Aside from outside hackers, IT teams also need to be watchful of threats inside their environment, Narahari says. Unintended sharing and other human errors also pose risks to data stored in the cloud, he explains. Students and educators may also misuse cloud services and applications; they may download unauthorized apps or post sensitive information in chat rooms.
- Videoconference bombing (Zoombombing): Cloud-based videoconferencing platforms are also vulnerable to hackers. Mainstream media has covered this extensively: bad actors jumping on calls to share inappropriate images, yell profanities and so on. Disruptive attacks may also involve students who are intentionally hijacking and interrupting online classes, Narahari says.
- Advanced malware and phishing: Manley says malware and phishing attacks are also becoming more sophisticated. For example, ransomware has evolved to where it’s not just about encrypting data. “It’s now about exfiltration as well, where [cyberattackers] will pull your data out before they encrypt it and threaten to post it if you don’t pay a ransom,” he explains. Right now, shared documents are the number one threat vector for ransomware in the education space, Manley adds.
How Can Schools Mitigate Cloud Threats?
IT teams need to ensure they’ve adopted security approaches, such as understanding vendor security mechanisms, leveraging single sign-on and multifactor authentication, setting up appropriate permissions and controls, and providing cloud governance and compliance training.
It’s also important to have cloud security tools that will give IT staff better visibility into how students, educators and other school employees are using popular cloud tools such as Google Workspace and Microsoft 365 Education, which are outside of the traditional security perimeter, Narahari says.
Cloud access security broker solutions can help simplify that task by giving IT teams the ability to monitor student and employee use of cloud services. Additionally, cloud security posture management tools help IT teams assess any vulnerabilities, check for compliance risks and manage identity and privileges more efficiently.
Manley says schools should have reliable data backup and understand where their most sensitive data is located. “If you know what your threat vectors are, which include student laptops and submitted assignments, do your best to protect that,” he says.
School and IT administrators should also remember that cloud computing has made it more difficult to detect student safety threats. Without students in the classroom, educators may have a harder time seeing signs of cyberbullying or mental health issues. Therefore, district administrators will need tools that give them a holistic view of student activity and safety across cloud-based apps, Narahari explains.
Of course, schools and districts will need to find solutions that best meet their needs. “It might seem counterintuitive sometimes but having what works for you is better than having the best product sitting on the shelf,” Manley says.