Category: Industries

Apria Healthcare Sees and Secures 8,000 Devices with Absolute

Healthcare technology — which includes everything from medical staff tablets to patient monitoring devices and even prosthetics — is increasingly reliant on an interconnected network. This interconnectedness enables improved patient care, but it also opens the door for added risk. As cyber crime skyrockets across the healthcare industry, one of the nation’s leading home respiratory services and medical equipment providers, Apria Healthcare, recognized the risks early on and implemented Absolute to better secure patient data.
Apria operates more than 300 locations and provides service to 1.8 million patients annually with in-home care and 24/7 clinical services. In order to support home-healthcare — by far the fastest growing healthcare sector due to its potential for improved care at a reduced cost — Apria employees rely heavily on more than 8,000 devices.
Read: Why Data Privacy in Healthcare Matters
Unbreakable Visibility & Control
To ensure the highest levels of security, protect private and corporate information, and ensure HIPAA compliance, Apria needed a way to track their endpoint devices. They wanted a solution that would deliver zero-touch IT asset management, provide self-healing endpoint security, and employ always-on data visibility and protection. They needed intelligence on every device, with the ability to control every endpoint whether it was on or off their corporate network.
With Absolute Persistence®  already installed in the BIOS of their endpoint devices, Apria found unbreakable endpoint visibility and control by simply turning Persistence on. As a result, they now have a reliable, two-way connection to each device and can remotely monitor the status of their devices to avoid a healthcare data breach. They gained critical asset intelligence they could not find with any other security provider.
“Persistence [located] in the BIOS was the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better,” said Janet Hunt, Senior Director, IT User Support, at Apria Healthcare. “They really can’t, they don’t have that piece – that persistent piece is so important to me. I am always looking for opportunity and different technologies as they come up, and I haven’t found anything that’s as good as Absolute… nothing can compare.”
With Persistence activated on every device, Apria Healthcare is assured that no matter what happens to a device – whether it is lost, stolen, or breached – no one can turn that Persistence off. The device will continue to report back to Apria, who then has the power to wipe a device clean or shut it down even if the user installs a new OS.
Absolute also provides dashboard status on all devices that updates every 15 minutes. With a complete history of the device, security managers can demonstrate encryption, geolocation, usage, and device history. Absolute provides unprecedented asset intelligence, giving healthcare organizations a crystal-clear understanding of the value every asset is delivering to inform security and purchase decisions.
“If Absolute disappeared, I would retire because I would have no idea where anything was,” said Hunt. “That was the greatest thing about bringing Absolute in: I know where a device is.”
To find out how the Apria Healthcare uses Absolute to secure patient information, gain visibility into device location and activity and improve access to patient care in the field, check out the case study or read up on Absolute healthcare solutions.
 

Education Sector Calls for Resilience, Support in the Face of Cyberattacks

This article was originally published in eSchoolMedia.
Nearly 50 school districts and colleges have been pummeled by ransomware and other forms of cyberattacks in recent months. These have ranged in nature from disruptive, as in the case of the Flagstaff two-day closure, to catastrophic, such as in Louisiana where the governor recently declared a state of emergency following “severe, intentional security breaches” on school computer systems. Hefty ransomware demands are paralyzing districts, while also impacting students’ ability to learn and causing panic among faculty, families and children.
At Absolute, we recently released a report on the state of cybersecurity in the education sector—which leveraged data from 3.2 million active devices active in 1200 K-12 organizations across North America—and shows that complex IT environments and digitally savvy students are leaving schools massively exposed. More than 90% of education IT leaders are managing up to five versions of common applications, and 42% have students that are actively circumventing security via rogue VPN or web proxy apps.
Although we’ve closed out October and National Cybersecurity Awareness Month, it’s important to continue to shed light on this ongoing issue and seek answers for schools and their students, who remain some of the most vulnerable victims. While large enterprises receive training and guidance needed to help thwart a data breach, these practices remain almost non-existent within our schools – even though students today are much more tech-savvy than any previous student body. It’s this savviness that is actually proving to be a threat in itself, with students using their own digital know-how to work around any existing school security controls… and in parallel, opening up back doors for hackers to sneak in as well.
Although schools remain the second highest targets of these attacks, little has been done to alleviate these issues. IT leaders in schools simply don’t have the bandwidth to be as prepared as they should be for an inevitable cybersecurity incident, and the immediate response is to spend more money that doesn’t exist within an already limited budget. They are so underprepared and under-resourced that a new law has passed in the US senate, demanding that the federal government ramp up its support for organizations hit by ransomware. No organization could be in greater need than the local elementary school.
Staying calm and maximizing existing defenses are two critical ways to combat a threatening cyberattack. But in order to provide answers and assurances to rightfully concerned parents and faculty, visibility is a non-negotiable. It’s visibility that makes it possible to assert and maintain control. You can ensure the school’s internet safety policies are adhered to and set up alerts to flag any suspicious activity or non-compliant devices. You can take steps to protect highly sensitive student information if a device ends up lost, or in the wrong hands. With full visibility and control, the most effective decisions can be made to limit the extensive damage a cyber attack can cause and will create a more resilient defense system to protect against future attacks.
There were 160 publicly-disclosed security incidents recorded this past summer. The impacts of a data breach can shake normality for any organization, and when it comes to the education sector, schools are being forced to close their doors and wait for the crisis to pass. It is one thing for a hurricane or the next blizzard to cause school closures… it’s another for a cyber attack to disrupt the ability to educate on schedule. The education sector is calling out for assistance, and it’s time to start listening.

Achieving Enterprise Resiliency Requires A Cyber-Committed Board

This article was originally published in Forbes. 
Today, 84% of the total value of the Fortune 500 is comprised of intangible assets. This means that for most major businesses, the value of digital assets, data and intellectual property (IP) is five times greater than that of physical assets. And the core DNA of their businesses, the thing that most needs protecting, lives in the virtual.
As those assets increasingly come under attack due to cyber hacking, fraud or negligence, companies find themselves scrambling to deploy more and more security controls — at a time when the forecasted worldwide security spend is expected to spike to nearly $134 billion in 2022. This trend represents an astronomical investment in defending against the rapidly escalating risk, but has yet to yield a deceleration of cyberattacks.
Against this landscape, the role of the board also continues to evolve — with an increasing expectation that board members bring a basic level of cyber competence to their roles. October was National Cybersecurity Awareness Month, so it seemed an appropriate time to share a few guiding principles that I believe are central to building and fostering cyber awareness, engagement and commitment at the board level.
Recognize cyber risk as a business risk
Cyber risk is not an elusive, cryptic puzzle that cannot be clearly measured and articulated. The same thinking that we apply to corporate governance and managing financial, operational or legal risk can and should be applied to cyber risk. From setting the vision and establishing a framework for success to ensuring investment and overseeing auditing controls, these are the things that boards need to be doing in partnership with management — especially from early on in the operation.
Let’s use financial risk as an analogy. Not all board members are deemed financial experts, but they have competency in understanding the company’s financials, which controls are in place, which additional controls are needed and who is auditing the testing of these controls. The same framework should be applied to cyber risk. Where is the real value in the company, and what are the real risks to those assets? These two questions should be your starting point. From there, all of the same questions apply: Which controls are in place? Which additional controls are needed? How are they being tested, and how do we map against the industry? Will cyber risk be a topic across the board, within specific audit meetings, or within some other committee?
Know how to define ‘enough’
Asking the right question, “Are we doing enough?” is critical. But sound cyber competence means also having the ability to answer the question. It requires the ability to define “enough” in the context of that particular business and the appetite for risk, as well as how to know if “enough” is really working. What makes this especially tricky is that there is no one-size-fits-all formula for measuring risk. It’s possible for an organization to spend an infinite amount on cyber protection and never achieve perfection. And this question can quickly start to feel like an unanswerable one.
I know this from my own personal experience. During my time at Citigroup, I had the opportunity to look deeply at online financial fraud. Similar to cyber mitigation, where you know you will never get to zero, it is important to understand what your level of risk tolerance actually is to help determine what success looks like. Given the nature and scope of your business, what is regrettable versus unacceptable? For example, a board would view employees having personal content on enterprise devices very differently from a nation-state attack or misused consumer data.
Boards should be having open discussions with management to determine where the lines need to be drawn, what is most important, what is achievable and in what investment envelope.
Make resiliency the end goal
Resiliency, by definition, is the ability to bounce back. Achieving enterprise resiliency requires not just the ability to mitigate cyber risk, but also to respond, recover and heal quickly from both real as well as perceived damage.
When the call comes that you’ve been compromised, it cannot be the first time you’re having a conversation about how to respond. Talking through things like escalations, communications, disclosures and communication to customers, partners and regulators, is a worthy exercise for the board and management to undertake together. What are the thresholds? How and when will it be communicated to the board? What are the board’s responsibilities in these scenarios? This is another area where external facilitators can play a helpful role.
As we move forward, enterprise resiliency will increasingly become core to a company’s agility in a crisis. Boards will continue to use acute cyber awareness to drive fundamental shifts in how organizations think about cyber risk and bring forward new ways to build successful, resilient enterprise security strategies.
For more on how to achieve enterprise resiliency with Absolute, visit Absolute.com.

5 Steps to Securing Your School’s Devices Over the Holiday Break

Much to the delight of students, faculty and administrators everywhere, holiday break is almost here! But they aren’t the only ones eagerly anticipating end of semester school closings: criminals are also waiting for campus shutdowns so they can take advantage of the valuable technology now commonplace in schools, from K-12 to colleges and universities.
Before taking off for the semester break, follow these easy steps to ensure your school’s devices and students are safe:

Remind users of safe behavior. Students, faculty and staff that take devices with them should be reminded (more than once) not to leave their individual or school-owned laptops or tablets in cars or other places where they can be easily spotted by crooks looking for an easy score. If someone does fall victim to theft or loses a device during the break, be sure to make available clear direction for course of action you expect. Who do they notify and how?
Update device software. Cyber criminals are equally as troublesome this time of year, with holiday phishing emails putting school networks at grave risk for cyberattack. Use the holiday downtime to push updates to device software and patch known vulnerabilities. If this sounds like an overwhelming task, consider relying on automation for help.
Track your devices. If a device does go rogue, you have a very vulnerable attack vector. Key to mitigating this risk is uncompromised visibility and control over the device, whether it’s on or off the network. Being able to quickly locate a missing or stolen device means you can remotely shut down unwanted network access and, if all goes well with law enforcement’s help, even retrieve stolen devices.
Store devices in locked cabinets and/or alarmed areas. It sounds obvious but you’d be surprised how many laptops, tablets, virtual reality headsets, digital cameras and other small-sized tech gadgets can be left lying around. This type of tech is in high demand and easy to swipe so make it harder for the thieves and keep everything under lock and key.
Don’t leave technology in plain sight. While a determined thief will break in regardless, you can prevent your school becoming victimized by someone who otherwise may not have considered pilfering your school’s tech. Remove from view or cover any larger equipment like desktop computers, printers, interactive whiteboards, and other tech that will be left behind.

Technology in our schools enable modern learning paths and brings a new level of innovation to the classroom. But it must be protected. You can safeguard your investment – not to mention your students, teachers and administration along with their  data – with the Absolute platform. In the event of loss or theft, you can remotely detect and remediate devices to prevent potential security issues and ensure compliance.
To learn how Klein Independent School District in Klein, Texas tracks, manages, repairs and recovers devices in their 1:1 computing program, download the case study.

Building your Case for School Technology Budgets

By 2025, technology spend in K-12 is forecasted to reach $342 billion. But with school districts around the nation continuing to face serious budget crises, technology in the classroom must be fought for despite its innovative learning properties.
There’s no arguing the cost of rolling out Edtech programs like one-to-one computing and similar initiatives requires significant investment in devices, applications, bandwidth and more. The expectation for every school board then is a demonstrable return. To ensure sustainable student technology programs, administrators must be able to show the positive effects of their technology investments. ROI matters.
The best indicator of ROI is almost always found within learning outcomes but getting to the data that proves technology is escalating scores in this area isn’t always easy.
Data-driven Insights
With a one-device-for-every-student program, an important metric to monitor is device use. But use should go far beyond simple distribution figures including how are devices being used. Are they being to their full potential on campus or are they left idle? What does student web activity look like? How many times does a device leave the classroom? Are devices being used at home and for how long?
In our recent study of 3.2 million anonymized K-12 endpoint devices, Cybersecurity and Education State of the Digital District in 2020, we found devices are actually too-often underutilized. 21 percent were used for <1 hour per day and 60 percent of devices weren’t used by students at home.
For more on device use in schools, read: Cybercriminals Take Aim at K-12
With this and similar such district-wide data, administrators can assess student groups or even individual users and make more informed decisions on improving academic performance.
This kind of analytical information comes only with full visibility of the devices in your endpoint inventory, however. With this kind of insight, you should also have extensive control over those devices, no matter whether they are on or off the district network. Where are they, what are they running, and are their security applications working as they should?
Endpoint Visibility, Control & Resilience
Full visibility and control over these devices will mitigate risk, improve operational efficiency, ensure internet safety policies are adhered to and, when done right, demonstrate compliance so that future discounts from such organizations as e-Rate and Student Support and Academic Enrichment (SSAE) are possible.
Full visibility and control over your device population also provides you with another very powerful capability – endpoint resilience. Making the most of the devices you have, both in and out of the classroom, will improve learning outcomes. Making the most of the tools you have on those devices will tell you whether or not they are working as they should or if they are exposing your district to cyber risk.
For more on how to prove classroom technology ROI and mitigate the risk that technology inevitably brings to students, educators and staff, watch our latest episode of Cybersecurity Insights, K-12 Education 1:1 Programs. And while you’re at it, be sure to subscribe to the Cybersecurity Insights playlist on YouTube.

Schools Under Cyber Siege Need a Path to Resilience

Originally published in THE Journal.
Just as the school year kicked off, families on opposite sides of the U.S. faced temporary school closures. Mother Nature was responsible for some. But not all. While several southeastern states dealt with the effects of Hurricane Dorian, across the country, one Arizona city encountered a very different type of scare. Cybercriminals waged a ransomware attack on the Flagstaff Unified School District, forcing a two-day shut down for 15 schools serving almost 10,000 students.
Flagstaff is far from alone. In July and August, 2019, the number of publicly disclosed security incidents in K-12 schools reached 160 — exceeding the total of all incidents experienced in 2018 by an incredible 30 percent. Nearly 50 school districts and colleges have been hit with ransomware so far in 2019 ranging in nature from disruptive, as in the case of the Flagstaff two-day closure, to catastrophic, which describes the scene in Louisiana when the governor recently declared a state of emergency following “severe, intentional security breaches” on school computer systems.
The Education Sector is Facing a Crisis
It’s one thing for impassible roads to hit pause on a school schedule. It’s an entirely different and unacceptable scenario when cyber extortion not only gets in the way of educating our youth but puts data pertaining to their health, academics and social development at risk of exposure and compromise — not to mention the public funds that are flushed away to ransom payments and cleanup efforts. Yet here we are, co-existing with cybercrime as the new normal and witnessing escalating ransomware attacks turn schools into the second-largest victims of all sectors.
The pace of growth of the “digital school district” continues to climb given the many benefits technology brings to students and educators. Funding for educational technology has increased by 62 percent in the last three years, and the new U.S. Digital Equity Act proposes to commit federal dollars to bring even more tech to the classroom. And while the many benefits of the digital classroom are clear, this rapid growth, combined with complexity and the continued restricted budgets for management, make our schools and our students increasingly vulnerable.
When Complexity and Risk Plague Today’s Digital Classroom, Resilience Matters
Technology is no doubt an asset, though we need to acknowledge not just the risks to student safety and privacy it poses, but also the complexity that IT folks have to wrangle. Education IT leaders once responsible for a few hundred devices, a few dozen apps and a single network have now found themselves managing tens of thousands of devices (as 82 percent of schools now provide students with them), hundreds of apps, and a distributed set of users accessing unknown networks — all with limited resources and budget in most cases. Meanwhile, by clicking on one bad link on a school-issued device, a student can become a conduit for a ransomware attack.
As endpoint and environmental complexities increase, and risk alongside them, it’s no surprise that 68 percent of education IT leaders in the U.S. list cybersecurity as their top priority. In tandem, several state governments, including Louisiana, Texas and North Dakota, have stepped up their efforts to safeguard schools against cyberattacks with various measures such as cyber policy mandates, cyber commission formation and state IT department oversight for schools.
For policymakers, educational institutions and their IT leaders, and even concerned parents, collaborative cybersecurity efforts should rally around the concept of resilience, or the ability to bounce back. Here are three steps to get on the path to cyber resiliency:

Battle the false sense of security. Millions of dollars of public funds are invested in applying security controls in schools — giving parents and educators a false sense of security. Many of these controls are fragile or by-passable — meaning that without consistent monitoring, you may be more exposed than you think. Make the most of the tools you already have and spend your budget on more impactful projects. Ask the question, “Are the controls we already have in place functioning at all times?”. Security controls cannot protect you when they are taken offline by wiley students, or bypassed. Foundational device controls include, at a minimum, anti-malware, encryption, authorized VPN, patch/client management, and web-filtering/firewalling on the client — and all need to be based on a platform that enable visibility and resilience for IT.
Strengthen your immune system. In the complex world of endpoint security, increased security spending does not equate to increased safety any more than taking more vitamins guarantees you will never get the flu. In fact, every additional security tool, while adding protection, also increases the complexity on the endpoint and therefore the probability of failure as agents. A recent Absolute study reveals that schools that have encryption in place experience agent failures on an average of nine devices per day — almost half of which never recover, leaving students and staff at risk of potential data breaches. In order to protect your students, your data and your investment, ensure you have fundamental controls activated to gain a persistent connection to each device — on or off the school network. It’s only then that you can repair or replace critical apps that have been disabled or removed.
Make cybersecurity the air students breathe. Creating a culture of online security and open communication about online threats is not just good practice, it’s an ethical responsibility. Turn it into a game; teach students what attackers do, test them on practical examples, and give each of them a sense of achievement when they win. Yammering on about ransomware crippling the school or how awful an attack would be for their district is unlikely to stop an 11-year-old trying to circumvent security policies. Let them know what villains may try to do, and challenge them to step up and help stop them. Provide a means for them to report suspicious online behavior without fear of punishment. Make them the hero of the cyber resilience story.

The pace of ransomware attacks on schools in 2019 suggests another victim will feel imminent pain and, as such, the urgency to heed these steps cannot be overstated. It’s a tricky balance but doable to enable the digital classroom to thrive, while also protecting student safety and privacy.

How Klein Independent School District Maximizes Their 1:1 Program

Technology in our schools enables modern learning paths and brings a new level of innovation to the classroom. While it is inarguable that technology has enriched the lives of students, it has also introduced significant risk. Today’s K-12 technology leaders are faced with a multitude of challenges brought on by high-tech learning environments including student, faculty and staff safety and privacy, growing IT complexity, device loss and/or theft and demonstrable resource ROI. To track, manage, repair and recover across more than 37,000 endpoint devices, the Klein Independent School District (ISD) in Klein, Texas turned to Absolute.
Maximizing a One-to-One Computing Program
Klein ISD is known for its innovative culture and dedication to leveraging technology to empower students and staff to harness the latest advancements in education. It made perfect sense then when they deployed a one-to-one computing program that provisions one device for each student.
For the last ten years, Klein ISD has leveraged Absolute for its ability to provide a single source of truth into their device fleet and manage them remotely. They also rely on Absolute for deep analytics on device use and the protection of student, faculty and staff data. To deploy Absolute, Klein ISD simply activated the technology already embedded in each device at the manufacturer.
“Initially, stop loss was the primary reason we chose Absolute, but what keeps us at the table today is their ability to provide us with more information about what’s being stored on the devices and what’s being utilized,” said Chris Cummings, Information Technology, Teaching & Learning, Klein ISD. “I continue to choose Absolute because of their innovation. They help us stay ahead of compliance and offer the latest advantages to our students and faculty.” 
Peace of Mind
Nationally, cybersecurity spend is on the rise. The 2019 CIO Agenda K-12 Education Industry Insight report from Gartner found that 47 percent of K-12 organizations plan to make cybersecurity their primary investment. However, recent research by Absolute found that, in the complex world of endpoint security, increased security spending does not equate to increased safety. In fact, every additional security tool only increases the probability of failure as agents and controls conflict with one another on the endpoint.
According to global Absolute research, Cybersecurity and Education: The State of the Digital District in 2020, 38 percent of patch agents require at least one repair monthly and 28 percent of encryption agents fail monthly. Without visibility and control of endpoint devices, students and districts are exposed.
For Klein ISD, this meant a reliance on Absolute for their tamper-proof device visibility and control for a persistent, self-healing connection between IT and all devices, whether they are on or off the network.
“It’s one thing to implement a security program; it’s another to measure the effectiveness of your security program,” Cummings added. “And with Absolute, we’re able to verify just how effective our program really is.”
Understanding what’s happening on the devices, responding to suspicious events, and empowering applications to persist and automating their restoration when incidents occurs is the key. To learn more about how Klein ISD benefits from Absolute, download the full case study: The Power of Persistence Maximizes Klein Independent School District One-to-One Computing Program.

It’s Time To Solve K-12’s Cybersecurity Crisis

This post was originally published in Forbes magazine by Louis Columbus.

There were a record 160 publicly-disclosed security incidents in K-12 during the summer months of 2019, exceeding the total number of incidents reported in all of 2018 by 30%.
47% of K-12 organizations are making cybersecurity their primary investment, yet 74% do not use encryption.
93% of K-12 organizations rely on native client/patch management tools that have a 56% failure rate, with 9% of client/patch management failures never recovered.

These and many other fascinating insights are from Absolute’s new research report, Cybersecurity and Education: The State of the Digital District in 2020​, focused on the state of security, staff and student safety, and endpoint device health in K-12 organizations. The study’s findings reflect the crisis the education sector is facing as they grapple with high levels of risk exposure – driven in large part by complex IT environments and a digitally savvy student population – that have made them a prime target for cybercriminals and ransomware attackers. The methodology is based on data from 3.2M devices containing Absolute’s endpoint visibility and control platform, active in 1,200 K-12 organizations in North America (U.S. and Canada). Please see full report for complete details on the methodology.
Here’s the backdrop:

K-12 cybersecurity incidents are skyrocketing, with over 700 reported since 2016 with 160 occurring during the summer of 2019 alone. Educational IT leaders face the challenge of securing increasingly complex IT environments while providing access to a digitally savvy student population capable of bypassing security controls. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations. As of today, 49 school districts have been hit by ransomware attacks so far this year.

“Today’s educational IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy, and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute.
Research from Absolute found:
K-12 IT leaders are now responsible for collectively managing more than 250 unique OS versions, and 93% are managing up to five versions of common applications. The following key insights from the study reflect how severe K-12’s cybersecurity crisis is today:

Digital technologies’ rapid proliferation across school districts has turned into a growth catalyst for K-12’s cybersecurity crisis. 94% of school districts have high-speed internet, and 82% provide students with school-funded devices through one-to-one and similar initiatives. Absolute found that funding for educational technology has increased by 62% in the last three years. The Digital Equity Act goes into effect this year, committing additional federal dollars to bring even more technology to the classroom. K-12 IT leaders face the daunting challenge of having to secure on average 11 device types, 258 unique operating systems versions and over 6,400 unique Chrome OS extensions and more, reflecting the broad scale of today’s K-12 cybersecurity crisis. Google Chromebooks dominate the K-12 device landscape. The following graphic illustrates how rapidly digital technologies are proliferating in K-12 organizations:

42% of K-12 organizations have staff and students regularly bypass security endpoint controls using web proxies and rogue VPN apps, inadvertently creating gateways for malicious outsiders to breach their schools’ networks. Absolute found that there are on average 10.6 devices with web proxy/rogue VPN apps per school and 319 unique web proxy/rogue VPN apps in use today, including “Hide My Ass” and “IP Vanish.”  Many of the rogue VPN apps originate in China, and all of them are designed to evade web filtering and other content controls. With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with the Children’s Internet Protection Act (CIPA).

While 68% of education IT leaders say that cybersecurity is their top priority, 53% rely on client/patch management tools that are proving ineffective in securing their proliferating IT infrastructures. K-12 IT leaders are relying on client/patch management tools to secure the rapidly proliferating number of devices, operating systems, Chrome extensions, educational apps, and unique application versions. Client/patch management agents fail 56% of the time, however, and 9% never recover. There are on average, nine daily encryption agents’ failures, 44% of which never recover. The cybersecurity strategy of relying on native client/patch management isn’t working, leading to funds being wasted on K-12 security controls that don’t scale:

“Wyatt continued, this is not something that can be achieved by simply spending more money… especially when that money comes from public funds. The questions they each need to be asking are if they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without key foundational elements of a strong and resilient security approach in place – things like visibility and control, it becomes nearly impossible to protect your students, your data, and your investments.”
Providing greater device visibility and endpoint security controls while enabling applications and devices to be more resilient is a solid first step to solving the K-12 cybersecurity crisis. Thwarting the many breach and ransomware attacks K-12 organizations receive every day needs to start by considering every device as part of the network perimeter. Securing K-12 IT networks to the device level delivers asset management and security visibility that native client/patch management tools lack. Having visibility to the device level also gives K-12 IT administrators and educators insights into how they can tailor learning programs for broader adoption. The greater the visibility, the greater the control. K-12 IT administrators can ensure internet safety policies are being adhered to while setting controls to be alerted of a suspicious activity or non-compliant devices, including rogue VPNs or stolen devices. Absolute’s Persistence platform provides a persistent connection to each endpoint in a K-12’s one-to-one program, repairing or replacing critical apps that have been disabled or removed.
You can download the full Absolute report here.

Cybercriminals Take Aim at K-12

The school year is underway and millions of devices are now in the hands of students. More than 80 percent of today’s K-12 organizations provide computers to students and an estimated 70 percent of schools will be one-to-one by 2020.  With school-issued devices commonplace, schools have become easy targets for cyberattacks.
Since 2016, nearly 700 cyber incidents have hit K-12 organizations. And threats like ransomware have forced schools to close their doors, and even compelled Louisiana’s Governor to declare a state of emergency after several schools were wrecked by the Ryuk ransomware in the summer of 2019.
The K-12 attack surface has lured cybercriminals, but the technology itself has also become somewhat of a nightmare. In Absolute’s new study, Cybersecurity and Education: The State of the Digital District in 2020, we looked at 3.2 million devices across 1,200 schools and discovered over 6,400 unique Chrome extensions in-use, 319 security bypass apps (e.g. rogue VPN), and more than 130,000 app versions. The IT complexity is staggering.

Based on the new research, we see three key challenges facing today’s K-12 technology leaders – challenges no other industry faces.

Savvy students — more than five times as many tools for users to tunnel around security controls and policies than other sectors. (rogue apps were found in 42 percent of organizations)

Increased complexity — within five years, K-12 IT leaders have gone from managing a couple of operating systems, a handful of apps, and a few hundred devices to managing hundreds of versions of operating systems, apps, extensions, and thousands of devices. (93 percent of common apps are outdated)

Increased endpoint risk — as complexity expands, so does risk, leaving both students and schools increasingly vulnerable to cyberattacks. Case in point: schools have become the second-largest pool of ransomware victims, slightly behind local governments and closely followed by healthcare organizations. (56 percent of patch agents fail)

It is no surprise then, that 68 percent of K-12 IT leaders say cybersecurity is their top priority, and nearly half (47 percent) say their primary investment will be security controls and tools. But K-12 IT leaders must carefully consider their plans for more security spend and take aim at cyber resilience above all else.
School districts are saddled with the expectation to demonstrate ROI (the effects of the one-to-one program) but on the other hand, they need to keep tabs on security and inventory gaps in a quickly growing endpoint population. Read: Quantifying K-12 Device Use with Absolute.
How do you solve the riddle? Resilience is the key.
Winning the Battle Against Cyber Threats
It is increasingly critical school districts work to reduce IT complexity and improve endpoint resiliency by gaining visibility to every device everywhere. Then, IT leaders can identify use patterns, justify tech spend for maximum ROI, and discover device use patterns and rogue apps, how often devices are used, and what risks students are creating. K-12 IT leaders can rely on Absolute to unmask complexity risks and automate endpoint security—restoring fragile security controls, apps, and agents—to safeguard digital learning for the next generation.
To learn more about the cyber risks facing today’s K-12 schools, download the full report Cybersecurity and Education: The State of the Digital District in 2020.
 

Back to School – Laptop Theft 101

Stop me if you’ve heard this one before: Did you know that according to Gartner, a laptop is stolen every 53 seconds? It’s not a joke. According to the University of Pittsburgh your laptop has a 1 in 10 chance of being stolen and a nearly 98% chance of never being recovered. Did you also know that nearly HALF of all laptop thefts occur in classrooms?
Most students aren’t likely to to think twice about the value of data on their laptop; they instead think the device itself holds the true value. This couldn’t be further from the truth. The true price of a lost or stolen education device goes far beyond the value of the machine itself. Think of the countless hours and crushing brain energy spent researching and drafting your final thesis, sculpting your musical magnum opus, or the 2,000+ layer Photoshop or Illustrator file you’ve contributed to every week and weekend for the last 4 months of your life. Truth is the data on your device represents irreplaceable concentration, time and effort – invaluable commodities in today’s fast paced digital landscape.
Losing a device is one thing, but losing the data on it – potentially hundreds of hours of work – can drastically interfere with your education goals not to mention cause additional stress during an already difficult time of your life. Don’t take that risk.
Of course there are software ‘solutions’ like popular anti-theft products but they’re bulky, expensive, and stop short of offering TRUE protection. Sure, many can tell you the location of your device but will they actually assist in the RECOVERY of your device once it’s missing or stolen?
What then can be done to protect your device AND it’s data? Beyond protective software, you can start by practicing our top ten recommendations for laptop security:

Never leave your laptop unattended .
Keep your laptop in a secure, hidden place .
Lock doors and windows when you’re not in your room .
Use a discreet laptop case .
Never leave your laptop in your vehicle .
Purchase a Laptop Theft Recovery Solution .
Personalize your laptop’s looks .
Write down your laptop’s serial number .
Use secure passwords and update them regularly .
If someone tries to take it, give it up – it can be replaced… you can’t !

What happens when even these tried and true methods fail, I hear you ask?
Luckily there is one solution that can and will go the extra distance; Absolute Home & Office, with features including device locate, remote content lock and delete, as well as a theft recovery team who works with local law enforcement to actually recover your stolen or missing device. Education pricing is $29.99 for a PREMIUM 1 year plan, or you can get the STANDARD product for just $1.99/month.
Stay safe out there.

Loading

Categories