Dive Brief:
-
Amid growing cybersecurity threats, school systems are paying extra attention to free ed tech tools in light of the risks they may bring.
-
School systems need to be thoughtful about what — and how — digital tools are added to district or schoolwide usage, said Doug Levin, director of the K12 Security Information Exchange. However, he added, schools should also balance adoption against safety and not be so draconian as to not permit anything.
-
“We certainly don’t think it’s prudent for school districts to say ‘No, you can never use these tools,’” Levin said. "But there needs to be a process, and it needs to be something that works for all parties.”
Dive Insight:
There are ways school systems can add guardrails to help protect their networks, Levin said. Cybersecurity is critical when schools and districts rely heavily on online connections not just for curriculum, but for operational functions like running payroll, managing school lunches, operating door locks, and ensuring school buses run on schedule.
Levin, a former executive director of the State Educational Technology Directors Association, also built the K-12 Cybersecurity Incident Map, which monitors reports across public schools and districts throughout the U.S.
When it comes to curricular tools, Levin suggests that cybersecurity measures around installing resources such as “freemium” ed tech products should include responsible use of credentials, online usernames, and passwords entered to download or access cloud-based programs. That’s why Levin says he is a big believer in multi-factor authentication, which requires another verification route — such as a code sent to a pre-authorized mobile device or email address — to be entered in addition to a password and username.
“[Multi-factor authentication] is very effective in combating credential theft, so that helps mitigate the problem,” Levin said. “But password reuse and password sharing is also a big challenge, and it’s resulted in a number of schools having cybersecurity issues.”
While schools need to assess which ed tech products to use, Levin suggests additional guardrails could include granting users temporary rights to install software or using firewalls and other ways to segment and isolate devices. In that way, should a freemium or paid ed tech tool prove to be a cybersecurity risk, information technology staff can potentially limit what Levin calls “the blast radius.”
“We tend to think in school systems that everyone can do it or no one can,” Levin said. “It’s better to think about exceptions and making it workable, and that’s best done in dialogue with maybe a cohort of early adopter teachers and how to limit risk to the school system.”
