The answer is most likely “yes” with respect to COVID-19. The U.S. Centers for Disease Control and Prevention (CDC) has released operational guidelines for K-12 school districts that should help prevent new infections. The American Rescue Plan (ARP) Act of 2021 allocated nearly $122 billion to safely reopen schools and “address the impact of the coronavirus pandemic on the nation’s students.” And, as of June 3, 2021, more than 5.9 million adolescents ages 12-17 years have received at least one dose of a COVID-19 vaccine, according to the CDC. Younger children too will soon be similarly protected. However, the prospects are far less encouraging for the security and privacy of students and their personal data.
Structural Problems in School Cybersecurity
When the COVID-19 lockdowns began in March 2020, threat groups responded to the sudden shift to remote learning with an unprecedented onslaught of cyberattacks targeting K-12 schools across the United States. The result, according to a March 2021 report by the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, was “408 publicly-disclosed security incidents, school closures, millions of dollars of stolen taxpayer dollars, and student data breaches directly-linked to identity theft and credit fraud.”
However, the cybersecurity risks facing the K-12 school sector existed long before the SARS-CoV-2 virus made its destructive debut on the world stage. According to the report, a commitment to school-related security risks has “largely been absent” among policy makers and school leaders, who have historically focused on “physical security risks, natural disasters, and extreme weather events.”
This oversight has exposed the nation’s 98,000 public K-12 schools and 50 million students to frequent attacks by threat groups eager to exploit the vast troves of sensitive data collected on students, their families, school employees, and district operations staff.
Between 2016 and 2020, thousands of K-12 students had their personal information compromised in data breaches, according to the U.S. Government Accountability Office. The data included “grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm.” Some of the most egregious attacks explicitly targeted the health and safety of children. In October 2016, the U.S. Department of Education Privacy Technical Assistance Center issued a Cyber Advisory warning that criminals were threatening children with violence, shaming, and bullying unless extortion payments were made.
Managing Cyber Risks with ManagedMethods
BlackBerry OEM partner ManagedMethods helps school districts significantly reduce this cyber risk exposure by managing the complexities of cloud access and security. The company’s software-as-a-service (SaaS) platform provides IT Administrators with complete visibility into how users store, access, and share files in their district cloud accounts. It also protects the integrity of data stored and accessed in Google Workspace™ and Microsoft 365® applications against malware, ransomware, and exfiltration. This is important both for operational resilience and adherence to U.S. state and federal data privacy mandates such as the California Consumer Privacy Act and the Family Educational Rights and Privacy Act.
The ManagedMethods® threat detection stack always included robust capabilities for detecting and deterring malware and ransomware once it reached the cloud. However, detecting and stopping malware on customer endpoints before it entered the cloud posed a knotty problem. According to David Waugh, ManagedMethods Chief Revenue Officer, “Our customers wanted us to solve the malware protection problem for them. We decided the best approach was to integrate a malware scanning engine into our platform and deploy it as a service.”
In 2017, ManagedMethods signed on as a BlackBerry OEM partner. The BlackBerry® malware scanning engine was included in a Spring 2018 cloud services upgrade. Since then, ManagedMethods has never second guessed its decision to partner with BlackBerry. “BlackBerry is fully engaged in supporting our business,” says Waugh. “They actively solicit our feedback on detection results so they can continuously refine the AI model. In every respect, we have a great working relationship.”
To learn more about the partnership between ManagedMethods and BlackBerry, click here.
Author's Note: BlackBerry acquired Cylance in February 2019. All reference in this blog to the Cylance organization and its branded products and services utilize BlackBerry branding.