About half of IT decision makers in a new survey say they have not added any cybersecurity training for teachers and students since remote learning started.
Teachers are filling in as tech support, connectivity is a problem for 76% of teachers and students, and IT teams report a sustained, excess workload, according to a new survey from Malwarebytes.
The new report, “How education coped in the shift to distance learning,” found that IT decision makers and students are struggling with the basics as remote education becomes the norm. Also, half of the IT teams surveyed have not rolled out any new policies, procedures, or antivirus software. Among IT decision makers, the survey found that:
- 83% said they are using the same antivirus software as before the pandemic
- 51% said that no one was required to take cybersecurity training
- 47% said that there were no additional training to support distance learning
The focus has been on devices and software tools to make remote learning possible. Seventy-one percent of IT decision makers said they deployed new software tools to support distance learning and 59% said they deployed new devices.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Malwarebytes conducted two surveys to gather data for the report: One with decision makers and one with students ranging from K-12 through post-graduate programs. Seventy-five decision makers responded to the survey and 500 students participated.
Malwarebytes identified three groups among the IT decision makers:
- The unprepared: 47% of all respondents
- The well-trained: 35% of all respondents
- The best practiced: 15% of all respondents
Overall, 29% of respondents reported a Zoombomb attack during online learning, compared to 35% of the unprepared group and an even higher rate for the well-trained group at 46%. One IT decision maker in the unprepared group had a cyberattack that delayed classes for a week, according to the report.
The best practiced group had zero Zoombombing incidents. Malwarebytes credits this to a multipronged cybersecurity plan that the best practiced group had in place. The best defense seemed to be installing a new antivirus tool, but this combined with new policies or training increased overall security as well.
As kids and teachers reach the halfway point in the school year, IT teams still have many unaddressed or ongoing issues:
- 80% say teachers and students are having repeated connectivity issues
- 49% are worried about Zoombombing and other video conferencing attacks
- 43% worry teachers won’t have time to manage cybersecurity on top of new daily responsibilities
- 40% say teachers and students lack the devices and software they need for remote learning
Some of this is likely due to funding issues, as 20% of survey respondents said they had trouble convincing administrators to invest in cybersecurity protections such as new software, training, and up-to-date devices.
Malwarebytes recommends that school IT teams take these steps to boost cybersecurity:
- Require teachers to use a VPN when accessing school resources
- Require teachers to use a password manager and strong, non-repeated passwords
- Host cybersecurity training for teachers, administrators, students, and parents
- Ask teachers, parents and students what their biggest IT issues are
- Install antivirus software on school-issued devices
The survey also found a disconnect between the understanding of a cyberattack. Only 2.7% of decision makers said their schools suffered a cyberattack but 465 of students said that their school had been attacked. The report authors note that IT decision makers could be considering DDoS attacks—one of the most common—as disruptions, rather than actual attacks.