Five Steps For Managing EdTech Security Risks

Uploaded on 2021-03-02 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

While cybersecurity is vital for any company whose activities have an online or digital dimension, it is even more crucial in the field of EdTech (hardware and software designed to enhance teacher-led learning in classrooms)​ given that the consumers are frequently represented by adolescents and children.
 
These users often don’t have fully developed coping or decision-making capabilities to be able to deal with the many types of cyber threats out there, which makes them more vulnerable. 
 
But minimizing risks should be performed by addressing issues for all parties: EdTech companies, students, teachers, etc., and EdTech companies do have the possibility to improve the situation for all these parties through a comprehensive multiple-step strategy as detailed below.
 
A Multiple-Step Strategy to Address Security Risks
 
In 2020, The US National Institute of Standards and Technology (NIST) recorded about 18000 vulnerabilities, 55% of which were highly severe or critical – an absolute historical record. Even low complexity vulnerabilities became more common and a huge proportion of these don’t even need to be triggered by the user to take effect. Such a situation forces virtually all companies with an online presence to look for cybersecurity solutions. 
 
There is currently a great diversity of  EdTech products and resources dispersed across divergent categories. There are tutoring websites, digital blackboards, collaborative learning tools, comprehensive online education platforms, specialized tools/platforms for exam administration, etc. Obviously, the cybersecurity risks accompanying each of these depend on the specific type of product, but there are some general measures to be undertaken that would be valid for most companies.
 
1. Hire competent cybersecurity professionals
 
To improve the situation, a company first needs to know in what direction it has to move, hence, someone knowledgeable and visionary is needed, who will lead the way and will make it possible to identify vulnerabilities and flaws in the way the company operates or in the products or services it offers to its customers. Properly formulated job descriptions for cybersecurity professionals are essential in recruiting the right people. These specialists need to be given the freedom to rebuild or adjust the processes and operations in the company, so that the highest security standards are ensured, regardless of the amount of effort invested.
 
2. Train the staff  
 
A company’s employees are a known vulnerability in terms of security, which is why they should be the primary focus of any improvement strategy. There would be huge gains from teaching employees even the basics of cybersecurity:
 
● How to create a safe working environment, making use of complementary security and online privacy tools like antiviruses, firewalls, VPNs. They should be made to understand that these safe environment rules apply to all devices, all locations, and all use circumstances – a compromised mobile device while the employee is commuting or at home could in theory expose the entire company.
 
● How to recognize and avoid phishing attacks. Note that, while most employees wouldn’t need deep expertise, it is important that ALL of them without exception learn the basics – a company is only as strong as its weakest link. If a hacker manages to obtain the login credentials of a single employee, this is enough to access the system from the inside and wreak havoc.
 
● Why it is vital to avoid malicious links, untrusted sources, unsafe websites, software products of dubious origin, etc., how to recognize industrial espionage. Fortunately, many of these things are also taught in online cybersecurity courses.
 
● Why it is of paramount importance to regularly back up important data. Apart from allowing to recover of accidentally lost data, this is instrumental in minimizing damage from a ransomware attack or from other types of attacks and infestations.
 
3. Ensure Privacy of Client Data
 
On-demand academic writing services could teach a lesson or two about privacy. This is an emerging EdTech category aimed at serving students and that is already represented by hundreds of platforms with different specializations. A responsible research paper writing service will typically have advanced privacy policies in place, for instance, encrypting client identity data and limiting its use, assigning IDs instead of names for internal use, enforcing client data privacy policies among employees (with proportionally adjusted penalties for violation), etc. 
 
Many of these privacy policies limit the exposure and circulation of private client information, making it more difficult for hackers to gain access to it and minimizing the negative impact of successful attacks.
 
4. Educate the Clients Aiming to Minimize the Risks for Them and for the Company
 
Concerning cybersecurity issues, treat the clients like your employees - educate them on the same issues but adjust the content to the audience (children, college, or university students, teachers, etc.). In addition, teach kids how to treat personal data, educate kids about cyber ethics, including how to deal with cyber bullying and trolling, how to behave with their peers, how to use anonymity ethically, how to recognize piracy, and avoid pirated content and plagiarism. 
 
When clients are informed and most users follow some simple security and privacy rules, EdTech platforms are more resilient to hacking attacks, data leakage, massive overrides, and can avoid a great variety of scandals, and reputation hits. EdTech companies could implement these education measures by bringing them to the attention of their users through multiple means: user agreements, disclaimers, notifications and reminders of various priorities, guides in the help section, online and offline seminars with the most influential categories of users (teachers, tutors).
 
5. Implement Advanced Reporting Tools and Act Upon the Data
 
EdTech products involving collaborative work have many attributes of social media – they might allow, text, audio, or video chats, posts, comments, likes, reactions, etc. And just like social media, these can be exploited for various forms of abuse: trolling, cyber bullying, harassment, cyber stalking, etc. Students would often avoid telling adults about their problems, hence, the need to offer them a redundant set of reporting tools. 
 
Using a reporting tool that is part of the platform itself would be a very natural choice for reporting problems that happen here (it’s easier to gather and forward the evidence). Reporting could be implemented for a great variety of issues, including those related to security (stolen passwords, data theft). Importantly, the data should be analyzed regularly in order to make conclusions and push optimizations that minimize negative outcomes.
 
Cautiously Excited About the Future
 
New technologies are appearing all the time and many of them are adopted by the EdTech industry. For instance, blockchain technology is currently employed by certain companies to secure and verify credentials and degrees. But most new technologies raise not only opportunities but also concerns. 
 
For instance, the concept of an AI that can read emotions has already multiple functional implementations nowadays, and the day might be close when EdTech sets eyes on it. If this happens, it would be important to anticipate the risks it generates, to rely on research and evidence, as well as on the help of educational policymakers in making such products safe before approving them for use.
 
Angela Baker writes about current issues, trends, and challenges in the field of education and performs research and produces complex written pieces for GetGoodGrade, a specialist  in academic assistance to students.
 
You Might Also Read: 
 
Cyber Security In Higher Education:
 
 
 
« Three Reasons The Security Industry Is Protecting The Wrong Thing
US Cyber Security To Get A Much Needed Upgrade »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.

Tria Federal

Tria Federal

Tria Federal is the premier middle-market Technology and Advisory services provider delivering digital transformation solutions to federal health and public safety agencies.