Five Steps For Managing EdTech Security Risks

Uploaded on 2021-03-02 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

While cybersecurity is vital for any company whose activities have an online or digital dimension, it is even more crucial in the field of EdTech (hardware and software designed to enhance teacher-led learning in classrooms)​ given that the consumers are frequently represented by adolescents and children.
 
These users often don’t have fully developed coping or decision-making capabilities to be able to deal with the many types of cyber threats out there, which makes them more vulnerable. 
 
But minimizing risks should be performed by addressing issues for all parties: EdTech companies, students, teachers, etc., and EdTech companies do have the possibility to improve the situation for all these parties through a comprehensive multiple-step strategy as detailed below.
 
A Multiple-Step Strategy to Address Security Risks
 
In 2020, The US National Institute of Standards and Technology (NIST) recorded about 18000 vulnerabilities, 55% of which were highly severe or critical – an absolute historical record. Even low complexity vulnerabilities became more common and a huge proportion of these don’t even need to be triggered by the user to take effect. Such a situation forces virtually all companies with an online presence to look for cybersecurity solutions. 
 
There is currently a great diversity of  EdTech products and resources dispersed across divergent categories. There are tutoring websites, digital blackboards, collaborative learning tools, comprehensive online education platforms, specialized tools/platforms for exam administration, etc. Obviously, the cybersecurity risks accompanying each of these depend on the specific type of product, but there are some general measures to be undertaken that would be valid for most companies.
 
1. Hire competent cybersecurity professionals
 
To improve the situation, a company first needs to know in what direction it has to move, hence, someone knowledgeable and visionary is needed, who will lead the way and will make it possible to identify vulnerabilities and flaws in the way the company operates or in the products or services it offers to its customers. Properly formulated job descriptions for cybersecurity professionals are essential in recruiting the right people. These specialists need to be given the freedom to rebuild or adjust the processes and operations in the company, so that the highest security standards are ensured, regardless of the amount of effort invested.
 
2. Train the staff  
 
A company’s employees are a known vulnerability in terms of security, which is why they should be the primary focus of any improvement strategy. There would be huge gains from teaching employees even the basics of cybersecurity:
 
● How to create a safe working environment, making use of complementary security and online privacy tools like antiviruses, firewalls, VPNs. They should be made to understand that these safe environment rules apply to all devices, all locations, and all use circumstances – a compromised mobile device while the employee is commuting or at home could in theory expose the entire company.
 
● How to recognize and avoid phishing attacks. Note that, while most employees wouldn’t need deep expertise, it is important that ALL of them without exception learn the basics – a company is only as strong as its weakest link. If a hacker manages to obtain the login credentials of a single employee, this is enough to access the system from the inside and wreak havoc.
 
● Why it is vital to avoid malicious links, untrusted sources, unsafe websites, software products of dubious origin, etc., how to recognize industrial espionage. Fortunately, many of these things are also taught in online cybersecurity courses.
 
● Why it is of paramount importance to regularly back up important data. Apart from allowing to recover of accidentally lost data, this is instrumental in minimizing damage from a ransomware attack or from other types of attacks and infestations.
 
3. Ensure Privacy of Client Data
 
On-demand academic writing services could teach a lesson or two about privacy. This is an emerging EdTech category aimed at serving students and that is already represented by hundreds of platforms with different specializations. A responsible research paper writing service will typically have advanced privacy policies in place, for instance, encrypting client identity data and limiting its use, assigning IDs instead of names for internal use, enforcing client data privacy policies among employees (with proportionally adjusted penalties for violation), etc. 
 
Many of these privacy policies limit the exposure and circulation of private client information, making it more difficult for hackers to gain access to it and minimizing the negative impact of successful attacks.
 
4. Educate the Clients Aiming to Minimize the Risks for Them and for the Company
 
Concerning cybersecurity issues, treat the clients like your employees - educate them on the same issues but adjust the content to the audience (children, college, or university students, teachers, etc.). In addition, teach kids how to treat personal data, educate kids about cyber ethics, including how to deal with cyber bullying and trolling, how to behave with their peers, how to use anonymity ethically, how to recognize piracy, and avoid pirated content and plagiarism. 
 
When clients are informed and most users follow some simple security and privacy rules, EdTech platforms are more resilient to hacking attacks, data leakage, massive overrides, and can avoid a great variety of scandals, and reputation hits. EdTech companies could implement these education measures by bringing them to the attention of their users through multiple means: user agreements, disclaimers, notifications and reminders of various priorities, guides in the help section, online and offline seminars with the most influential categories of users (teachers, tutors).
 
5. Implement Advanced Reporting Tools and Act Upon the Data
 
EdTech products involving collaborative work have many attributes of social media – they might allow, text, audio, or video chats, posts, comments, likes, reactions, etc. And just like social media, these can be exploited for various forms of abuse: trolling, cyber bullying, harassment, cyber stalking, etc. Students would often avoid telling adults about their problems, hence, the need to offer them a redundant set of reporting tools. 
 
Using a reporting tool that is part of the platform itself would be a very natural choice for reporting problems that happen here (it’s easier to gather and forward the evidence). Reporting could be implemented for a great variety of issues, including those related to security (stolen passwords, data theft). Importantly, the data should be analyzed regularly in order to make conclusions and push optimizations that minimize negative outcomes.
 
Cautiously Excited About the Future
 
New technologies are appearing all the time and many of them are adopted by the EdTech industry. For instance, blockchain technology is currently employed by certain companies to secure and verify credentials and degrees. But most new technologies raise not only opportunities but also concerns. 
 
For instance, the concept of an AI that can read emotions has already multiple functional implementations nowadays, and the day might be close when EdTech sets eyes on it. If this happens, it would be important to anticipate the risks it generates, to rely on research and evidence, as well as on the help of educational policymakers in making such products safe before approving them for use.
 
Angela Baker writes about current issues, trends, and challenges in the field of education and performs research and produces complex written pieces for GetGoodGrade, a specialist  in academic assistance to students.
 
You Might Also Read: 
 
Cyber Security In Higher Education:
 
 
 
« Three Reasons The Security Industry Is Protecting The Wrong Thing
US Cyber Security To Get A Much Needed Upgrade »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.

Clango

Clango

Clango employs an identity-centric approach to optimizing your cybersecurity investment while minimizing risk.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.

Valmet

Valmet

Valmet is a leading global developer and supplier of process technologies, automation and services for the pulp, paper and energy industries.