Tech threats

How stable are your systems? How safe is your data?

Glaucia Rosas and James Wilkinson of the EduTec Alliance see a ‘perfect storm’ on the horizon for educational technology in schools. Here they explain why and what schools can do to prepare.

Heavy dependence

Over the past few years, schools have become heavily reliant on educational technology. For most, it is now mission-critical and essential to their day-to-day operations. However, this reliance has come at a price. Expertise in the various aspects of Information Technology is not a ‘core-competency’ of most educators, and tech components have often been selected and installed in a haphazard manner.

Our research indicates that the average number of components in a school’s educational technology ecosystem has risen to 80, with some schools over the one hundred mark. Moreover, many components have been ‘installed’ rather than ‘implemented’, with insufficient attention given to standard procedures, training and data security.

Threats on two fronts

In this context, the threat of an apocalypse is coming on two fronts. The first is the inherent instability of the educational technology ‘stack’ in many schools. If you think of a ‘Jenga’ tower then you have the right mental image. The current issue is that no-one can predict which component is going to fail or when. It may be irritating, or it may be catastrophic. Any additional component may be the one that breaks the camel’s back.

The second front is related to the data that the vast majority of a school’s information systems profusely produce and rely on. Twenty years ago data were mostly paper based and relatively difficult to steal, unless you had physical access to the premises. Now the vast majority is held digitally, and represents a valuable prize for cyber criminals, who troll the internet looking for vulnerabilities to exploit.

The ‘Data Sandwich’

Unfortunately, the data filling in this ‘sandwich’ of educational technology and cyber-threat is only going to get richer with time. As an example, AI (Artificial Intelligence) based teaching and learning systems are already flooding schools with rich behavioural data on individual students. With these two threats in mind how can you recognise when the tower is becoming unstable or the security of your school’s systems – or data – are at risk? Secondly – what can you do to mitigate the risks involved?

Front 1 indicators of threats to educational technology ecosystem

Some of the classic early warning signs of instability in a school’s educational technology ecosystem are obvious enough:

IT Overload: with plates constantly spinning, putting out fires to keep systems up becomes more common
Parents: complaints about inefficient school communication and home learning issues

Then there are more indirect signs that should not be ignored and could be indicative of a pattern

Staff frustration and even burnout because there are too many systems to work with and whose performance is unreliable
Student confusion resulting in missed deadlines and lack of engagement

Action to counter Front 1 risks

To put educational technology back on to a stable and more manageable footing, schools must at a minimum

Audit their technology ecosystem (components and integration points) so that they understand what they have, what they are actually using, how much it’s costing them and the issues that staff and pupils are facing
Develop an in depth understanding of where their data physically reside, and which suppliers hold what. This is vital for various international privacy laws such as GDPR as well as cyber security
Create a shared vision of educational technology to be incorporated into the school development plan and a strategy for how to achieve it
Adopt formalised processes and adequate staff and student training
Benchmark against industry best practice

Front 2 indicators of cyber threats

The problem with Front 2 risks is that there are few if any early warning signs. As you’ll have seen from the news headlines, cyberattacks are becoming commonplace, and cybercriminals have evolved into sophisticated gangs, often in the employ of state actors.

The game has moved from ‘encryption’ to ‘extortion’. Gangs use increasingly sophisticated tools to find vulnerabilities in an organisation’s systems – deploying ‘phishing’ techniques and known exploiters to gain access. Once in, they tend to stay around for several months, expanding their reach, exfiltrating data and searching for the ‘crown jewels’. The first most victims know will be an email requesting a large amount of crypto-currency in return for their key data not being leaked to the media and/or sold on the dark web. Ransomware attacks are a real threat to schools and according to an article, published by the Sophos Group The State of Ransomware 2021, the education sector is currently in second place (after Retail) by percentage of attacks suffered. According to research, nearly all victims pay, 92% of the victims don’t get all their data back, and the average cost of recovery is USD 1.85 million.

Soft Targets

Schools are especially vulnerable because they are seen to be ‘soft targets’ with largely unprotected data that is rapidly increasing in both value and volume. Schools hold detailed information about parents and their children: financial, contact, safeguarding, behavioural etc. This data may be on the school’s premises, in the cloud or on a supplier’s servers on another continent. Very few schools know what data is held, or where and how well their solutions providers are protecting what they’ve been entrusted with.

Action to counter Front 2 risks

At a minimum, schools should ensure that;

All systems and components are ‘patched’ with the latest updates
Security Awareness Training is being held for students and staff
Strong passwords and multi factor authentication (MFA) are in place

The EduTec Alliance’s CIBP (Cross Industry Best Practicing) Benchmarking Guide includes a measure for cyber threat protection and is available here.

In depth information on how to improve your school’s educational technology can be found on the EduTec Alliance website at www.edutecalliance.com, and YouTube channel.

Glaucia Rosas is the former Head of Digital Learning at St. Paul’s School, Sao Paulo, and former Education Technology Coordinator at Cognita Schools.

She has delivered numerous workshops for teachers and school leaders and spoken at conferences worldwide on leadership, innovation and digital culture for learning institutions.

James Wilkinson has spent over three decades in the international management consulting industry as an IT solutions integrator. He worked with organisations such as Accenture and Ernst & Young. James was a Board member at St. Paul’s School in Sao Paulo with responsibility for information technology and Chairman of the St. Paul’s Foundation.