Protecting Tech-Savvy Students in the Digital District

Full report

Related article

2019  saw  an  unprecedented  number  of  cybersecurity 

attacks on K-12 — the summer months had more incidents

reported  (160)  than  in  the  entire  year  of  2018  (122).

Almost daily, there are new reports hitting the headlines.

The incidents range from disruptive — Flagstaff School in

Arizona closed for several days to address a ransomware

attack— to catastrophic — Louisiana’s governor declared

a   state   of   emergency   following   "severe,   intentional  

security breaches" on school computer systems.

The  motivations  behind  these  high-profile  attacks  are 

usually  ransom  money  or  mischief.  However,  there  are 

many attacks, more sinister in nature, that target individual

students   directly.   One   particularly   disturbing   trend   —  

sextortion — targets vulnerable children online. A predator

reaches out to a young person via a game, app, or social

media account.

 Through deception, manipulation, money

and  gifts,  or  threats,  the  predator  convinces  the  young 

person to produce an explicit video or image. This content

is  then  sold  online  or  used  later  to  extort  ransom  money 

from the student or parents.

As  cybercriminals  and  online  predators  take  aim  at  K-12 

schools   across   North   America,   IT   leaders   are   asking  

themselves  how  they  can  ensure  the  safety  of  their 

students  and  staff  —  and  how  they  can  prevent  those 

same students from adding to their problems.

Digital Natives are Unintended Insider Threats

As   schools   rally   to   protect   vulnerable   students,   the  

students themselves are doing everything in their power to

circumvent those protections. There may be no malicious

intent  —  the  students  just  want  access  to  content  that 

may  be  restricted  on  school  devices  —  but  their  actions 

create gateways for malicious

outsiders

.

This research found that while schools are using technology

to  filter  potentially  harmful  web  content,  today’s  tech-

savvy  students  have  the  digital  know-how  to  work  their 

way around the security controls.

`

Forty-two    percent    of    schools    have    students    that   

circumvent  security  using  web  proxies  and  rogue  VPN 

apps.   Our   research   uncovered   319   of   these   apps   in  

K-12.  They  have  names  like  ‘IP  Vanish’  and  ‘Hide  My  Ass,’ 

many  of  them  originate  in  foreign  countries,  and  all  of 

them  are  purposely  designed  to  evade  web  filtering  and 

other  content  controls.  With  an  average  of  10.6  devices 

per  school  harboring  web  proxies  and  rogue  VPN  apps, 

schools are also at risk of non-compliance with applicable

student safety laws.

The content shared over these apps is completely cloaked

from  IT  and  poses  a  serious  risk  to  student  privacy  and 

safety  online.  It  also  leaves  the  wider  school  network 

prone to malware, ransomware, and other viruses.