For many schools in 2023, BYOD (bring your own device) is seen as a positive option, giving students autonomy in bringing their own devices to school to engage with online learning.
While there are advantages in giving students the option of bringing their own smartphone, laptop or tablet to school, BYOD adds another layer of complexity to cybersecurity within schools. Every device connecting to the school’s network poses significant cybersecurity risks, the kind of risks schools can’t afford to take.
Schools are already vulnerable to an attack, with education institutions facing the highest data encryption rate (73%) compared to other sectors (65%), however the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors.
So while BYOD can help schools offer a high standard of education in a hybrid world, they can also put sensitive information at risk – for students, teachers, and institutions more broadly.
Data management systems, web-based platforms, social platforms, cloud services, remote-user-access software, and mobile-learning tools have allowed schools and universities to cut costs, drive efficiencies, and remove much of the friction involved in communicating with students (and their parents).
Before we give you our hints on how to create a secure BYOD environment, let’s look into the five biggest risks associated with BYOD:
- Potential malware infections
When students use their own devices, there’s a higher chance they will intentionally or unintentionally download and install malicious software to their device, putting sensitive information such as student records and personal data at risk. We recommend encouraging students to only download and install software from reputable sources and to keep their devices updated with the latest security patches.
- Data theft vulnerability
Students are likely to store sensitive information such as passwords and personal data on their devices, increasing the risk of potential for data theft. This information is especially vulnerable if devices are lost or stolen. At Truis we recommend encouraging students to use strong passwords, encrypt their data, and educating them on the risks of connecting to public WiFi networks and sharing personal information online.
- Unauthorised access
Sensitive information on student devices can be vulnerable to unauthorised access if devices are not properly secured. We recommend having a policy in place to prevent students from accessing sensitive information (such as test scores and results) on other students’ devices, and providing guidance for students on the importance of strong passwords and two-factor authentication.
- Risk to the school’s network
Not only do BYOD pose a risk to the individual data of students, but they can also pose a risk to the school’s network. Every device connecting to the school’s network puts the network at risk of being infected with malware, and puts sensitive information, such as student records and personal data, at risk. Our recommendation to mitigate this is to implement school network security measures, such as network access controls, firewalls, and intrusion detection systems, to protect the network from unauthorised access.
How Truis can help
It’s clear that having access to the network from a wide range of devices is now expected at many schools, and the days of having complete control over the devices being connected are gone. Users want to access the school system from anywhere and from any kind of device – whether that’s a Windows, Apple, Android, Chromebook or any smart device.
As the school year starts, now is the time to make sure you have a clear and comprehensive BYOD policy in place, outlining the acceptable use of devices, the responsibilities of students and the school, and the consequences for violating the policy. Additionally, schools should regularly educate students and parents on the importance of cybersecurity and how to protect their devices and personal information.
5 actions for minimising cybersecurity risks for BYOD:
- Mobile Device Management (MDM) software: MDM software can be considered as part of your overall BYOD policy to monitor and control the security of BYOD devices, as well as help to support school-wide policies and procedures for the safe use of these devices. This software can also be used to remotely wipe lost or stolen devices, protect sensitive data and information, and roll out software updates.
- Establish a secure network infrastructure: You can ensure the security of the school’s network infrastructure by implementing firewalls, intrusion detection systems, and network segmentation. This can help prevent unauthorised access to the network and limit the spread of malware or other malicious activity.
- Educate students, parents and teachers: It pays to educate students and teachers on the importance of cybersecurity, including how to avoid common cybersecurity threats and how to properly secure their devices. This education can be delivered in the form of training sessions, workshops, or even simple reminders and alerts.
- Use encryption: Ensure the security of sensitive data and information by implementing encryption for all devices and data storage. This includes encrypting sensitive information on the devices themselves, as well as the data being transmitted over the network.
- Regularly monitor and update security measures: By regularly monitoring your school’s cybersecurity measures, you can update them as necessary to address new and emerging threats. This includes updating security software, as well as regularly reviewing and updating school-wide policies and procedures for the safe use of BYOD devices.
Now is a great time to make sure these essentials are in place, and to remind students, parents and teachers of their responsibilities in keeping data safe and mitigating the cybersecurity risks associated with BYOD.
By encouraging vigilance, having clear policies in place, and proactively taking steps to minimise risk, you can start the school year with confidence around the use of BYOD.
Looking for support?
At Truis, we’re well versed in helping schools manage their end-user device security and protecting essential data from modern cyber threats.
From managing incidences to day-to-day maintenance of your school’s network security, we’re here to help.