“I hate using these computers! I can’t put any of my software on them.”
The speaker was a science teacher, and the computers in question were stand-alone ones, not linked to any of the school’s networks.
“That”, I replied, “is the general idea”.
It may seem counterintutive for the person in charge of education technology in a school to lock equipment down so much that it can be used only in certain ways. However, if you view part of your job as making the kit usable by anyone, and another part of your job as protecting both teachers and pupils from software that could cause them harm in some way, then you have to take certain measures.
You might think that having antivirus protection is enough, but I think it’s worth going further, just in case. Another department in the school, which had their own laptops that they were in charge of, allowed anyone to use whatever software they liked. One day a rather distressed teacher came to me with one of the laptops he’d taken home from there because he couldn’t do anything with it. He’d allowed his son to install a games program he’d found on a diskette. Unfortunately, either the diskette or the program had not been checked for viruses, so the laptop ended up being riddled with them.
The stand-alone desktops and laptops under my care, on the other hand, were locked down in three ways. One was that I’d disabled the access to any other drive apart from the C drive. Another was that I’d installed a Windows shell which gave access to only the standard programs. Finally, this being in the days before wi-fi was ubiquitous, they were not connected to the internet while they were in school.
To be honest, anyone who knew what they were doing could have circumvented these measures, but I was banking on the fact that not many people would know enough to do so. Also, I think if you make something difficult enough for people, they’ll give up sooner rather than later.
Things have changed, right?
That was around 25 years ago, and things have changed since then, right? Well, there are plenty more viruses , trojans, spyware and other stuff around these days. Also, I can virtually guarantee that every time I go into a school to advise them on their computer use I will discover at least one person who brings in their own laptop or software that has not been checked for viruses.
Also, an interesting survey from Malwarebytes has been brought to my attention by the Aspectus Group. Admittedly, Malwarebytes is not exactly an unbiased source, but then very few sources are. The research is still interesting and thought-provoking though. Here’s what the press release says:
In a recent report, Malwarebytes Labs found that educational institutions and students are prime targets for cybercriminals, given school networks often lack strong protection due to limited budgets and resources. Key findings in this sector include:
-
In this first half of 2019, Emotet, Trickbot and Trace have been particularly active in Education, with the three representing nearly half of all Trojans detected (44 percent) and more than 11 percent of all compromises.
-
Trojans have accelerated their attacks among industries, up 132 percent in 2018
-
Education was the top industry impacted by Trojans in 2018 and is accelerating in 2019
-
Trojans represented almost 30 percent of all detections in institution-owned devices.
-
Among devices plugging into the network, Trojans represent the single largest threat category, even above generic Malware and Adware detections.
-
One in three (33 percent) of these compromised non-institution-owned devices carry Trojans, globally:
-
Germany – 34 percent
-
US – 26.8 percent
-
Australia – 21 percent
-
Singapore – 17 percent
-
UK – 5 percent
-
-
-
-
In 2018, Education was the top industry for Adware compromises, Trojan detections, and second on the list of verticals most commonly hit with ransomware.
-
This continues in the first half of 2019, with Adware, Trojans and Backdoors the three largest categories of threats identified among Education institutions’ devices.
-
Adware – 43 percent
-
Trojans – 25 percent
-
Backdoors – 3 percent
-
Additionally, data from educational institutions and .edu domains from March 2018 to March 2019 found:
-
The second most prevalent threat were identified as backdoor threats.
-
There was a high spike in detection activity in July 2018 and September 2018 for Trojan infections from .edu emails overall.
-
Spyware infections to these domains spiked in August 2018, suggesting that summer is a prime time to hit students and educational institutions, while they are low on staff and perhaps less vigilant about security practices.
-
Summer shows .edu email addresses are also most likely being used on a wide array of other networks as students travel home and beyond, putting them at increased risk to infect devices which will be brought back onto campus networks in the fall.
Malwarebytes also recently launched a new initiative to help students get access to premium protection – and help fund technology education. Students with .edu email addresses can get four years of premium protection for just a $5.00 donation. Since launching in May, this program has raised more than $50,000 to advance technology education. To apply for this discount, visit: https://www.malwarebytes.com/student-discount/
To read more about Malwarebytes for education visit: https://www.malwarebytes.com/education/
I thought the student discount might only apply to students in the USA, but I’ve just been informed that the discount applies to UK students as well — all they need is a Student Beans account which is free! Information on the Malwarebytes student discount can be found here. If you’re in a school in England, it’s worth checking if you subscribe to the LGfL, because they offer Malwarebytes as part of their software bundle.
Where does leadership come in?
I started off by saying that viruses and so on are a leadership issue. They are. You might have a fantastic technical support team who are paranoid about viruses and security. But there is also a place for leaders to:
Keep staff informed about the dangers of viruses.
Ditto students. No, they do not already know about all this just because they are young!
Discourage staff to bring in their own laptops unless they have up-to-date antivirus software installed.
Have a system whereby any laptops loaned out are checked for viruses when they are returned.
Make sure there is up-to-date antivirus software on all school computers.
Consider locking the computers down in the ways I outlined near the beginnning of the article.
If you found this article useful, you might like to sign up to my newsletter, Digital Education, which is aimed at educational computing leaders and teachers.