Half of US Schools Skipped Remote Security Training

A new report on the cybersecurity of the education sector has found that nearly half of the schools in the United States did not implement new training or tools to protect staff and students during the pandemic.

The CTNT report “Lessons learned: How education coped in the shift to distance learning” from Malwarebytes details data from 500 students and 75 IT decision makers at educational institutions.

Researchers found that while 70% of schools adopted new software such as Zoom, Remind, and Google Classroom to enable students to learn remotely, nearly half (46.7%) of IT decision makers said their schools developed “no additional requirements” for the students, faculty, or staff who connected to the school’s network.

Over half (50.7%) of IT decision makers said that no students, staff, or faculty were required to enroll in cybersecurity training before the new school year began.

Over a quarter of IT respondents (28%) said that their school did not have sufficient laptops, computers, or tablets to allow teachers, administrators, and staff members to work remotely. Providing all parents and students with devices was a problem for 40% of schools. 

Nearly half (45.3%) of schools were unable to provide every student with a device to use for distance learning, creating educational inequality. 

Inconsistencies in the perceived cybersecurity of the schools was found to exist between the students and the establishments' IT departments. Just 2.7% of IT decision makers said that their schools suffered a cyber-attack; however, 46.2% of students said their schools had suffered a cyber-attack. 

Taking security precautions appeared to help schools fend off Zoom-bombing attacks. Overall, 29.3% of respondents suffered a Zoom-bombing attack, but the same fate befell just 18.2% of respondents who said they had engaged in cybersecurity best practices. 

“Students during the pandemic are struggling with digital access, engagement and a severe sense of isolation. Cybersecurity should be the least of their concerns, and yet, it’s concerning to find that nearly half of educational institutions show a lack of preparedness,” said Marcin Kleczynski, CEO of Malwarebytes. 

“It is essential that schools—and all organizations—stop viewing cybersecurity as an afterthought; protecting our students and their data online should be a top priority for educators.”

What’s Hot on Infosecurity Magazine?