Five Steps For Managing EdTech Security Risks

While cybersecurity is vital for any company whose activities have an online or digital dimension, it is even more crucial in the field of EdTech (hardware and software designed to enhance teacher-led learning in classrooms)​ given that the consumers are frequently represented by adolescents and children.
 
These users often don’t have fully developed coping or decision-making capabilities to be able to deal with the many types of cyber threats out there, which makes them more vulnerable. 
 
But minimizing risks should be performed by addressing issues for all parties: EdTech companies, students, teachers, etc., and EdTech companies do have the possibility to improve the situation for all these parties through a comprehensive multiple-step strategy as detailed below.
 
A Multiple-Step Strategy to Address Security Risks
 
In 2020, The US National Institute of Standards and Technology (NIST) recorded about 18000 vulnerabilities, 55% of which were highly severe or critical – an absolute historical record. Even low complexity vulnerabilities became more common and a huge proportion of these don’t even need to be triggered by the user to take effect. Such a situation forces virtually all companies with an online presence to look for cybersecurity solutions. 
 
There is currently a great diversity of  EdTech products and resources dispersed across divergent categories. There are tutoring websites, digital blackboards, collaborative learning tools, comprehensive online education platforms, specialized tools/platforms for exam administration, etc. Obviously, the cybersecurity risks accompanying each of these depend on the specific type of product, but there are some general measures to be undertaken that would be valid for most companies.
 
1. Hire competent cybersecurity professionals
 
To improve the situation, a company first needs to know in what direction it has to move, hence, someone knowledgeable and visionary is needed, who will lead the way and will make it possible to identify vulnerabilities and flaws in the way the company operates or in the products or services it offers to its customers. Properly formulated job descriptions for cybersecurity professionals are essential in recruiting the right people. These specialists need to be given the freedom to rebuild or adjust the processes and operations in the company, so that the highest security standards are ensured, regardless of the amount of effort invested.
 
2. Train the staff  
 
A company’s employees are a known vulnerability in terms of security, which is why they should be the primary focus of any improvement strategy. There would be huge gains from teaching employees even the basics of cybersecurity:
 
● How to create a safe working environment, making use of complementary security and online privacy tools like antiviruses, firewalls, VPNs. They should be made to understand that these safe environment rules apply to all devices, all locations, and all use circumstances – a compromised mobile device while the employee is commuting or at home could in theory expose the entire company.
 
● How to recognize and avoid phishing attacks. Note that, while most employees wouldn’t need deep expertise, it is important that ALL of them without exception learn the basics – a company is only as strong as its weakest link. If a hacker manages to obtain the login credentials of a single employee, this is enough to access the system from the inside and wreak havoc.
 
● Why it is vital to avoid malicious links, untrusted sources, unsafe websites, software products of dubious origin, etc., how to recognize industrial espionage. Fortunately, many of these things are also taught in online cybersecurity courses.
 
● Why it is of paramount importance to regularly back up important data. Apart from allowing to recover of accidentally lost data, this is instrumental in minimizing damage from a ransomware attack or from other types of attacks and infestations.
 
3. Ensure Privacy of Client Data
 
On-demand academic writing services could teach a lesson or two about privacy. This is an emerging EdTech category aimed at serving students and that is already represented by hundreds of platforms with different specializations. A responsible research paper writing service will typically have advanced privacy policies in place, for instance, encrypting client identity data and limiting its use, assigning IDs instead of names for internal use, enforcing client data privacy policies among employees (with proportionally adjusted penalties for violation), etc. 
 
Many of these privacy policies limit the exposure and circulation of private client information, making it more difficult for hackers to gain access to it and minimizing the negative impact of successful attacks.
 
4. Educate the Clients Aiming to Minimize the Risks for Them and for the Company
 
Concerning cybersecurity issues, treat the clients like your employees - educate them on the same issues but adjust the content to the audience (children, college, or university students, teachers, etc.). In addition, teach kids how to treat personal data, educate kids about cyber ethics, including how to deal with cyber bullying and trolling, how to behave with their peers, how to use anonymity ethically, how to recognize piracy, and avoid pirated content and plagiarism. 
 
When clients are informed and most users follow some simple security and privacy rules, EdTech platforms are more resilient to hacking attacks, data leakage, massive overrides, and can avoid a great variety of scandals, and reputation hits. EdTech companies could implement these education measures by bringing them to the attention of their users through multiple means: user agreements, disclaimers, notifications and reminders of various priorities, guides in the help section, online and offline seminars with the most influential categories of users (teachers, tutors).
 
5. Implement Advanced Reporting Tools and Act Upon the Data
 
EdTech products involving collaborative work have many attributes of social media – they might allow, text, audio, or video chats, posts, comments, likes, reactions, etc. And just like social media, these can be exploited for various forms of abuse: trolling, cyber bullying, harassment, cyber stalking, etc. Students would often avoid telling adults about their problems, hence, the need to offer them a redundant set of reporting tools. 
 
Using a reporting tool that is part of the platform itself would be a very natural choice for reporting problems that happen here (it’s easier to gather and forward the evidence). Reporting could be implemented for a great variety of issues, including those related to security (stolen passwords, data theft). Importantly, the data should be analyzed regularly in order to make conclusions and push optimizations that minimize negative outcomes.
 
Cautiously Excited About the Future
 
New technologies are appearing all the time and many of them are adopted by the EdTech industry. For instance, blockchain technology is currently employed by certain companies to secure and verify credentials and degrees. But most new technologies raise not only opportunities but also concerns. 
 
For instance, the concept of an AI that can read emotions has already multiple functional implementations nowadays, and the day might be close when EdTech sets eyes on it. If this happens, it would be important to anticipate the risks it generates, to rely on research and evidence, as well as on the help of educational policymakers in making such products safe before approving them for use.
 
Angela Baker writes about current issues, trends, and challenges in the field of education and performs research and produces complex written pieces for GetGoodGrade, a specialist  in academic assistance to students.
 
You Might Also Read: 
 
Cyber Security In Higher Education:
 
 
 
« Three Reasons The Security Industry Is Protecting The Wrong Thing
US Cyber Security To Get A Much Needed Upgrade »

Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Visum Technologies

Visum Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.