Cyber Threats to K-12 Remote Learning: One District Fights Back

When the COVID-19 pandemic began, Aylwyn Ribeiro was still new to the job as the manager of networking and security for Burnaby School District 41, British Columbia’s fourth-largest public school district. His mission is to protect the sensitive information of the district’s nearly 25,000 students and 4,000 staff.

To meet the remote-learning needs of students and staff who lacked adequate home computers, thousands of the school district’s devices literally walked out the door within a few months. They entered the wilds of much less controlled home-networking environments, where they still needed regular maintenance and security.

The district had distributed the devices, but quickly found it lacked visibility into what these devices were up to. For example, it did not know the patching status of the devices, whether antivirus software was up-to-date, and if they were compliant with privacy and security rules. “We needed a single tool that could let us actively see remote endpoints on any mobile device,” says Ribeiro.

The district’s mostly on-premises legacy tools did not play well with others, and staff needed to become experts in a host of applications and tools to use them properly. The system was complicated, difficult to use, and required hours of training. Burnaby needed another way to handle the rising security threats it faced.

Adopting modern-day tools

The district explored whether to continue offering VPNs or to push data and file management to cloud-based tools like OneDrive and SharePoint. Instead, Burnaby chose to simplify control over the devices its students and teachers were using. It deployed the latest antivirus and endpoint management technologies in new ways to remotely administer and protect its 9,000 distributed endpoints.

One new security management platform, Tanium Cloud, was up and running the day it launched. “We had instant visibility on our endpoints after deploying,” says Ken Kiewitz, the district’s manager of IT services. “Our new tools integrate everything with a simple application programming interface that has just been a lot easier to manage.”

Thanks to the cloud-based service, Burnaby’s IT team can now see what each endpoint is doing. It has the ability to update, patch, and deploy software to users wherever and however they log in. “It’s just a whole level of management we’ve never had,” says Ribeiro.

The new cloud service shows what students are doing online, including whether they are using the network and websites inappropriately. “It doesn’t matter whether it’s fighting on the playground or going to an inappropriate site, we have a code of conduct,” says Kiewitz.

Our new tools integrate everything with a simple application programming interface that has just been a lot easier to manage.

He says his department is not playing Big Brother: “We want to take note when something is particularly problematic and raise the awareness of users,” he says. “Kids are like any of the other 30,000 people we have on the network. We have a duty to provide a safe environment, whether that is physically or online.”

The district’s 25-person IT department has had to contend with would-be student hackers using tools readily available online. “Our label for them is ‘curious individuals,’” Kiewitz says. Some students see the district’s fast network as an opportunity for high-speed multiplayer gaming. But their attempts to install rogue software have so far been unsuccessful.

[Read also: Cybersecurity’s next generation]

One curious teen from several years ago was able to gain access to the district’s system and rummage around at a network level, recalls Kiewitz. “We were able to take his enthusiasm and turn that around and get him more engaged as a student,” he says. “A few years later, I ran into him and he was heading up a subsidiary of IBM.”

Unlike the 73 districts, covering nearly 1,000 schools, that were hit with ransomware attacks in 2021, Burnaby has never had a major security breach, and it wants to keep things that way. 

“We continue to work on our environment to harden it so that we don’t become front-page news,” says Kiewitz. Particularly important to protect are the “crown jewels” of personal data like Social Insurance numbers, home addresses, and phone numbers that hackers can use to steal a child’s identity, open credit cards, apply for government benefits, and conduct other illicit activities.

When you can talk real data with senior management, people listen.

“A forward-thinking district is looking at ways to improve its security posture, both from an operational and logistics, and [a] disaster management perspective,” he notes. “People are understanding that it’s not a matter of if, it’s a matter of when we’ll see an attack.”

Preparedness starts yesterday

Tightening security in education comes with its own set of challenges. The district’s community of close to 30,000 users includes some who are more informed about online dangers than others. The goal is to lift knowledge overall. “Users are your first line of defense,” says Ribeiro.

The district conducts user awareness campaigns that simulate real phishing attacks. The IT department is also notified when users fall for a hacker’s attempt to steal passwords and gain access through fake email. After analyzing the data about how and why the breach occurred, a member of the IT staff reaches out to see if further help or training is needed. The IT department also looks for trends over time to identify staff who fall victim to attacks repeatedly so they can be offered targeted training.

[Read also: To strengthen cybersecurity, let’s support our tech teachers]

An important benefit of good tools, training, and preparedness is that Burnaby’s IT team can identify underutilized software—for which the district sometimes pays hefty subscription fees. Now, the district can pinpoint which people given a tool are actually using it on a regular basis, or whether a large proportion of users are not using certain elements of a tool.  

“That gives us an opportunity to rethink a deployment and the cost associated with it,” says Kiewitz. “Then we are able to use the savings to do other things in the network and security space.” From a strategic standpoint, Kiewitz can back up decisions with data about actual usage. “When you can talk real data with senior management, people listen.”