The impact of digital transformation in the classroom is perhaps more noticeable today than ever before. Schools are embracing technology with the mindset of increasing teacher and pupil productivity, streamlining processes to make teaching more efficient as well as improving and widening the overall learning experience for students.
Gone are the days of chalkboards or whiteboard markers, replaced instead with interactive whiteboards and computer screens. Moreover, textbooks and folders have been swapped for tablets or laptops and learning resources now include videos and websites. Children are also encouraged to carry smartphones in case of emergencies, meaning the student of today has completely evolved from the student that existed at turn of the 21st century or even a decade ago.
The use of laptops in schools has been important in recent years, but with the demands of distanced learning in the wake of the Covid-19 pandemic, they have become an essential tool in the learning development of many students. Laptops enable pupils to connect to cloud resources, receive instructions and help when performing their homework. They have also become more affordable through grants and student discounts. The UK government even offered support to schools and families in providing laptops and tablets during the period of coronavirus lockdown where remote education was being carried out Moreover, the Department of Education was awarded a further £27.3m to provide laptops to disadvantaged children whose schooling will be affected by local lockdowns over the coming months.
But herein lies the problem. With so much of our daily lives dominated by technology, and with the popularity of Bring Your Own Device (BYOD) programs, it’s critical we look at the safety and the security of these devices, especially as many students begin returning to school, whether in a physical or virtual capacity. For school administrators and educators, there is an added reliance on bringing in their own devices to access school servers. This can create challenges when protecting sensitive data and the school’s own systems.
One of the most common devices in use is the Chromebook laptop, which is powered by the Chrome operating system (OS). Like most modern endpoint devices i.e. mobile phones, Chromebooks face many of the same security issues which must be addressed accordingly.
Traditional desktop security isn’t enough
Some readers might ask themselves, surely Chrome OS already has security embedded within? And to some extent, they would be correct. Much like their Android and iOS counterparts, these systems are better protected than legacy systems. For example, unlike Windows, the Chrome OS will deny any entry attempts to its key internal infrastructure – also known as the kernel – which means Chrome OS is difficult to compromise. Furthermore, Chromebooks are regularly updated, with patches for system vulnerabilities released and applied automatically. Another crucial security feature is that all applications are sandboxed. This means if one application is compromised if is more difficult for it to impact or exploit others.
Naturally, these attributes make Chrome OS a more appealing and a more secure operating system to use. However, it must be stressed that desktop security alone is not appropriate for these devices. Security teams must adopt a layered approach to security in order to effectively protect Chromebooks against common cyber threats like phishing, malware and ransomware. These are amongst the most prevalent threats facing consumer devices and failure to adequately pivot security measures could cause serious disruption for schools and students alike.
Protection against phishing
Laptops and smartphones have a myriad of ways in which cybercriminals can deliver dangerous phishing campaigns, especially to those within the education sector. For instance, phishing messages or links can be sent across communication services used by teachers like Google Hangouts or instant messaging applications like WhatsApp and Facebook Messenger, which are frequently used by pupils. Phishing happens to be the most common cyberattack vector and it works by enticing the victim to click on a malicious link created by hackers to steal information (such as credentials) or to dupe the individual into downloading a dangerous application onto the device. To reduce the risk level of a phishing attack, it’s key to install anti-phishing security that will detect and block phishing links, regardless of how they are delivered – i.e. via an application, text message, email or otherwise.
Despite hackers becoming more astute and devious with their tactics, building education and awareness around cybersecurity threats can be just as important as technological controls when it comes to preventing an attack. Email-based scams are still the most common delivery vectors and thankfully there are tell-tale signs of a phishing attack which users can be trained to spot – for example; grammar mistakes, unknown weblinks, the sender being unrecognizable, or a demand to act urgently. Remember, if it sounds too good to be true, then it almost always is.
Failing to spot phishing is more common than one might think as cybercriminals devise clever tricks to fool users, and a successful phishing attempt will often lead to a malware infection. Apps that operate on Chrome OS, including Android apps, are vulnerable to malware. This makes having antivirus defenses essential. Modern antivirus solutions leverage AI and Machine Learning to scan and analyze the behaviors of a threat from large datasets across devices and applications. This helps to spot threats embedded in existing or new variants of apps and provides user guidance on removing it from the system.
Equally, if a Chromebook is being used, it is strongly recommended to set out polices and guidelines on what Chrome extensions can and cannot be installed. Hazardous Chrome extensions exist and, in one such case, a Chrome extension called Cursed Chrome had the ability to seize control of the victim’s browser when installed. Following these protocols will help students and teachers to avoid accidentally installing malware and corrupting their systems and the wider school network.
Adding a necessary layer of security
In the midst of what can be described as a very abnormal year, the education sector has attempted to restore some normality in early September, with schools reopening for the new academic year. As teachers and pupils return in some capacity while keeping to the governments guidelines, some may still resort to working from home and so Chromebooks, like many laptops, provide great options for students and teachers who want to have the flexibility of working remotely. Just understand that these laptops require a modern security solution in the same way you would have security for other endpoint devices like smartphones or tablets. If this is followed, we can greatly reduce the cyber risk for educators and protect students which can only better the overall learning experience.
Tom Davison, technical director – international, Lookout