Cybersecurity Challenges in the Classroom
Even though the coronavirus pandemic is more under control than it previously was, today's classrooms are still digital, and students are migrating to more online services like their Learning Management Systems (LMS) to checking their report cards or financial information. While talking about login password security might sound funny to talk about in a classroom setting for children in Kindergarten, but as technology evolves, it may be better for start young.
Especially now, schools and universities have to prioritize solving cybersecurity issues by implementing new solutions and educating faculty and staff. With online classes becoming more prominent during the pandemic, schools are open to more vulnerabilities. Each student could be a gateway to letting hackers access the institution's confidential information.
However, IT teams need to make sound decisions that not only mitigate the user experience for the faculty, staff, and students, but also make the learning curve for these solutions low so that teachers who may not be tech-savvy can still log in without any problems. Also, the elephant in the room is the cost on completely changing the security infrastructure. Many may think that good solutions with multi-factor authentication, self-service password reset, and single sign-on could be fairly on the expensive end, but that discussion is saved for later.
We interviewed a third-grade teacher in an Ohio school district to get her perspective on the challenges of cybersecurity in the classroom. Her students use Chromebooks on a daily basis for math and English language arts, so most of her curriculum can be supported digitally meaning online assignments and quizzes for her students, and formative assessments and student data for her. She faces cybersecurity in the classroom through cybersecurity issues, lack of computer skills in young students who are used to touch screens, and students who come from low socio-economic backgrounds who do not have the same experiences or opportunities that more affluent families may have. All of this affect the way students develop computer skills and cybersecurity habits.
Unfortunately all things considered, this means the most traditional method of authentication will be the one most commonly used: passwords.
Dependent on the school district or university, the student's login credentials generally follow a specific formula (i.e. 5-digit student ID numbers, a mix of characters from your first, middle, and last name, or a combination of both). From the third-grade teacher in Ohio, she noticed that students in her district picked up on these patterns and were able to hack into each other's student accounts. In her district too, the teachers are generally the ones in charge of holding passwords, and when students forget their password, the teacher has to contact the IT department and get the password reset. It is an annoying long process that should not exist in the first place. Why the teachers hold onto the passwords and not in a more secure environment beats me because when passwords are misplaced, the student's information is at risk.
Remembering should be for lessons, not for passwords. There are work arounds for teachers to keep better track of passwords which can safely secure them more efficiently, but decisions like these are given for the IT team to decide.
Fortunately, IT teams have longed for increased security in K-12 and higher education districts through MFA and password expiration policies which guide institutions in a direction of security and usability. The struggles vary greatly from each institution due to the technology that is being used and the policies that are currently in place. Security can become a hindrance to using technology effectively since it may add steps to a process, or may change the path people take to complete a task.
Security VS Usability
When making decisions, the conversation about usability and security go hand in hand. One targets keeping data secure while the other focuses on not making it cumbersome to complete daily tasks. Security of information is very important to the new trend of everything being online. Assessing higher education IT security needs, which can vary based on each institution, is the key to developing a successful process for all end users to be secure and have a steady workflow.
One key feature of higher education IT security to access may be mandating MFA:
- Giving the user the ability to select the delivery method they prefer to ensure the workflow can be tailored to each end user. Allowing options gives the end users peace of mind when adapting to new processes, and a sense of control over the change, this can lead to better adaption rate for new higher education IT security procedures.
The ability to increase security should be a process that is slowly implemented into any environment. Allowing users to control the speed in which they adopt will help any new policy become accepted. The process of increasing higher education IT security by adding new policies for passwords and the methods used to login should not happen overnight. Below are some factors to help ease the transition to stricter security for any institution.
Decision-Making Factors for Higher Education IT Security
- Preparing the audience. Work towards a culture of security and build awareness to potential areas that can be improved or should be watched. Having people aware will make the adaptation to new policies and procedures an easier transition for the end users.
- Environment. Be aware of the weak area(s) within your environment and certain protocols that may be loose in a security sense. Try to transition people to think different when dealing with data. Look for patches to any holes in the security of the environment.
- Incorporate Technology. Utilize technology in a variety of way for students and staff to enjoy the ease of use and mix of technology within their environment. “Will this allow students to engage with technology?” is a great question to keep in mind when looking to implement new products or software to the members of your institution.
- Flexibility. Keeping a flexible approach is also important to security. Not all security policies should be for the “whole”. Custom grouping in regards to security standards and importance should be allowed.
- Developing proper password security protocols, such as multi-factor authentication and password expiration policies, can be strict or lenient based on the culture of the institution. Having policies and plans is not only helpful to the organization but also helpful to the end users. It is important to keep the user up to date with how their information is being protected and what security measures, like keeping up with security trends of minimizing threats and leaks, are being enacted.
Staying up to date with new technological trends and security requirements have become very important in keeping a secure and usable environment for students and staff while also creating a streamlined process for users. This allows for self-service options that reduce help desk calls and a way for end users to feel that they can tailor their experience.
With all the different solutions on the market for security and authentication, finding one that fits your unique environment is the first step. This is followed by pricing and how it will affect your budget. There are primarily two different pricing models to evaluate. The first is the per-user model, which can add up quickly and has the potential to make planning your budget difficult. The second is the fixed server-based pricing model which is easy to plan for. Although the upfront cost for a per-server option may be large it can easily be amortized over time. This option allows it to be built into upcoming budgets with no surprises. Taking advantage of a per-server pricing model can be very beneficial to your institution, it allows the flexibility to add more users and negates the concern of a price increase while also increasing the security for the end users. Allowing institutions to utilize this as a building block increases the infrastructure and back-end environment to benefit all. With current trends, students have a device that this can be leveraged in a multitude of ways to benefit both institutions and end users.
Utilizing a Single Sign-On (SSO) solution that includes Self-Service Password Reset (SSPR) can start a transition to a more digital-friendly environment. An authentication solution that simplifies the access for all end users can lead to multiple money saving opportunities. For example, you can move away from paper textbooks and take advantage of eBooks or move exams from paper to computer-based exams. These not only help end users prepare for the next steps after schooling but can also greatly reduce the cost in the universities other departments. Taking advantage of technology, whether it is software or hardware, creates a dynamic learning environment for students. Taking advantage of a portal, which has the daily needed applications, is just a click away to simplifying access for students and staff.
That being said... PortalGuard is the leading solution for higher education institutions, providing solutions for multi-factor authentication, single sign-on, and self-service password reset. All of these solutions together make it easy for students to access their login, reset their password, or better secure their account without mitigating the user experience and annoying the IT help desk with forgotten or stolen password calls.
Here is more on how PortalGuard may be a fit for your institution that fits your budget while also shaping to be the best option for your students, faculty, and staff that still is highly secure and convenient.