Panda Security, a provider of cloud-based security software, recently released a report that says 63 percent of K-12 schools experience malware outbreaks or unauthorized user access at least twice a year. The report, Kindergarten-12 Education IT Security Report (PDF), had some other interesting infobits.
Personal devices on K-12 networks
The survey reports that eighty-two percent of schools allow students and staff to connect personal computers and laptops to the school network. Panda says schools recognize outside devices introduce external risks, but they struggle to fully integrate security policies for multiple devices. Only 74 percent of districts are monitoring the use of external devices. Fifteen percent fail to take any extra security measures, leaving those school systems more vulnerable to infection.
Most schools have implemented IT security best practices, there is still room for improvement reports Panda. The report says ninety percent of schools install anti-virus and/or anti-malware on computers, but nearly 25 percent fail to use firewalls, block high-risk websites, or employ user authentication. 86% prevented the use of very risky websites; while 89% mandated users install security software on their systems. Further, 15% of respondents acknowledged that there weren’t any extra security measures in their districts if they wanted to use laptops.
Social media threats
Social media is a top concern for schools, but the stringency of school policy varies greatly. Ninety-five percent of schools have a social media policy in place, citing the mitigation of malware-related risks as the main reason for implementation. Twenty-nine percent of schools allow students unlimited access to social media sites, while 32 percent deny students access altogether.
Schools lack the funding to be secure. I have always said that schools face attacks from the inside and the outside. Insiders in a K-12 school network range from technically unsavvy to damn good malicious attackers. Despite this, the report says 72% of schools reported that budget limitations were the main obstacle, to better security and 38% reported non-availability of staff, and 29% of the schools, reported their IT staff had to attend to other more important tasks than IT security. IT administrative staff at 38 percent of schools report removing viruses or malware from IT systems a few times a week, and 21 percent are doing this daily according to Panda.
With malware on the rise and new threats propagated through social media every day, having the right security tools in schools has never been more important. Security issues consume staff time, diverting attention from the business of education. Help Net Security quotes Rick Carlson, president of Panda Security US, who has a great grasp of the obvious, “While the Internet is an invaluable tool for education, it can cause serious interruptions to day-to-day operations if schools fail to properly address security concerns.”
rb-
Just to prove the point, the Oakland Press is reporting that 4 students at Romeo High School in Romeo, Michigan were caught allegedly intercepting 60 staff members’ emails, including the Superintendent after “something goofy” happened to the website. While I have no first-hand knowledge, the news did say the attackers went after people who read their emails on their cellphones. So more than likely it was some kind of Bluesnarfing attack, maybe including a Cain and Able payload to get at passwords.
Related articles
- Notable data breaches (boston.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.