School Cybersecurity: Hybrid-Cloud, Device Management Driving IT Challenges

Cybersecurity for schools blog banner

Coming into each new school year, school IT leaders are experiencing many of the same challenges that other industries have faced since transitioning to remote and hybrid models. Most notably, an ever-growing number of devices, SaaS applications, and hybrid- or multi-cloud environments has strained a largely decentralized approach to IT management that simply can’t keep up with the demands of a modern organization.

Last year, in NinjaOne’s Back to School Security report we found that the number of devices educators used for daily instruction was growing rapidly but a mixed approach to device security was a hurdle that many organizations hadn’t yet mastered. For example, many schools had implemented a bring-your-own-device (BYOD) policy and required little to no security software, such as anti-virus or authentication software, to be installed on devices. While the security posture at schools is changing, this kind of oversight can lead to data leakage, theft, or ransomware. This growth in devices sees no sign of slowing down either. A report from IDC found strong growth in the devices market, including tools used for daily instruction like desktops, netbooks, and tablets.

This year, as we surveyed the landscape and reviewed new reports and data from our recent Global Tech Debt report, we found some bright spots but lingering challenges on the horizon. In this post, we’ll examine the current challenges of IT in the education sector and how these leaders can improve the efficiency of their IT operations. Whether partnering with a managed services provider (MSP) or adopting a new unified IT management platform to manage things themselves, there are now options for creating a more secure and efficient organization.

Cybersecurity threats for schools

Just as last year had the highest number of cyber attacks on record against K-12 schools and higher education institutions, educators and students are still exposed to cybersecurity threats. Ransomware, phishing, denial of service, and data breaches are all on the rise as remote learning and an influx of new devices and virtual classrooms open new opportunities for would-be attackers. In 2020, some of the largest school districts and universities in the US fell victim to cyberattacks, including Clark County Public Schools in Nevada, the Baltimore School District, UC San Francisco and the University of Utah.

Ransomware is one of the most devastating cyber incidents that schools face. Not every school has widespread and up-to-date backups and for those that do, sometimes they still pay the ransom in hopes that the attackers won’t release the stolen data. 

In the case of one school district in Missouri that overcame a ransomware attack without paying the ransom, system backups were critical to their success in overcoming the incident. The district had more than 300 different systems used for their school system’s operations, which included everything from learning management software and video surveillance systems to classroom intercoms and wireless connectivity systems. This illustrates the growing technological footprint of modern schools and potential areas for exploitation by bad actors and the need for a unified platform for IT operations.

These attacks do more than just cost school districts time and resources, it also impacts students and their educational attainment. According to a recent study from McKinsey & Company, the interruption of the face-to-face social aspects of the classroom experience resulted in the students finishing the 2020-2021 school year four to five months behind in reading and math on average. When cyber incidents make it impossible for students to access their courses and learn, that can hold them back even further.

With things looking so grim, is there any hope at all? Yes, but there’s still plenty of work to do. Cyber insurance is helping drive security improvements in schools and businesses in general. Now, if a district wants a policy or lower premiums, they have to meet certain security standards, such as implementing multi-factor authentication or using antivirus software. The issue is also driving greater national attention as new federal programs and bills specifically geared towards the education sector are introduced. Another way schools are improving their IT and security posture despite budget and talent issues is by partnering with an MSP, who can provide more services to the district more efficiently and cost-effectively. 

Disparate devices and cybersecurity for schools

In NinjaOne’s report on school security, we found that nearly half of educators were using upwards of 5 devices for daily lesson management. This includes laptops and desktops, smartphones, tablets, webcams, and printers. With so many devices that have the potential to interact with student data, it’s imperative that these devices are properly managed and secured. 

Ideally, the school should provide all of the devices an educator or student needs to be successful so they can be more easily monitored and managed. When schools manage these things, it takes the burden off of teachers, students, and their parents from being IT experts and allows them to do what they do best – teach and learn. In the event that something were to go wrong, it’s much easier and less stressful on people when IT teams can quickly diagnose and remediate an issue all while being remote. With a unified platform that combines the power of an RMM with a ticketing solution, many routine issues students and educators are likely to encounter, such as trouble logging into their learning management system, can be automated to improve learning experiences.

Of course, this tight level of control over devices might not be possible for all schools. Some schools facing financial constraints or lack of access to reliable internet may have to employ some degree of a BYOD policy where the school provides a limited number of devices to students and educators. When deciding what to provide, school IT leaders should identify the greatest areas of risk for potential attacks and weigh that against what their budget allows. For example, the school may be able to provide a laptop and mobile hotspot, but not a smartphone or tablet. In any case, a cloud-based unified platform for IT operations can also help here as it enables students and educators to download and install the agent on their own devices, so the school’s IT team can still provide support and management. 

But new devices aren’t the only ones that schools need to worry about. Many of the devices and hardware schools rely on are aging quickly. In NinjaOne’s Global Tech Debt report, 20% of school IT leaders surveyed said their school’s hardware was more than 10 years old. Outdated IT infrastructure may not seem menacing, but these devices are more likely to be left unpatched and insecure. In fact, the report found that 38% of school IT leaders said their organization had suffered a cybersecurity incident due to insecure legacy tech. Respondents also noted that replacing outdated or aging IT infrastructure was their second-highest priority, with transitioning from on-prem to cloud software as their top priority.

Outdated, insecure, and improperly managed devices can severely impact the student experience and should therefore be a major consideration when evaluating a school’s IT needs. MSPs hoping to work with clients in the education space should keep this in mind and consider ways to highlight how improved IT services translate into better student experiences. Further, proactive maintenance and management of their devices with a unified platform can prevent many issues from coming up in the first place.

Education moves to hybrid- and multi-cloud future

The increasing cybersecurity demands of modern classrooms require software suited to their specific needs, much the same as IT solutions for state and local government.

Because some new software deals with sensitive data, like students’ names, addresses, and other PII, schools are employing a hybrid approach to the tools they use. Student data has remained very cloud-resistant and many schools elect to have a unique on-prem or privately managed cloud to manage this data, but some cloud-based solutions, like Google’s popular Workspace for Education have caught on in the remote learning era. The data it holds includes grades, rosters, registration, demographics, and other sensitive student information. Beyond needing to securely store student data, schools have additional cloud storage needs, such as documents, presentations, and recorded lectures, to name a few.

A multi-cloud or hybrid approach is becoming increasingly the norm for more practical reasons, too. It’s much more cost-effective to anticipate and manage surges in demand for network access services as well as deliver IT services. This kind of approach allows schools to meet students wherever they are and deliver a high-quality end-user experience. A combination of public, private, and edge computing also gives schools a framework for dealing effectively with disruption and crises.

Hybrid cloud environments are complex and require specialized tools to effectively manage. Thankfully, MSPs have helped clients in industries like healthcare, finance, or professional services move on from legacy technology and chart digital transformation journeys. In many ways, education is experiencing its own transformation and there are many resources available to them that a trusted advisor can provide guidance on.

How schools can improve cybersecurity and IT operations

Like most organizations trying to rapidly adapt to a new and changing world, education institutions are no different. According to recent reports, school IT leaders have stabilized their school’s networking environments and protocols for supporting students and teachers, but the new challenge is centered around efficient management of all the new devices, software, and cloud environments powering digital learning.

Facing tight budgets, aging technology, and a host of security challenges, school IT leaders need new options for efficient and secure device, application, and cloud management. Core to their needs is a unified platform for IT operations. Schools, universities, and other higher education institutions can be managing thousands of unique devices and a decentralized approach to device management is a sure way to end up with unpatched software and OS’s, outdated technology, and inefficient use of resources.

As schools prepare for the upcoming year, they should chart a path towards IT modernization that offers a transformative experience for students, teachers, and administrators. NinjaOne’s unified IT management platform can help deliver that experience through a single source for total endpoint management. Best yet, Ninja is easy to use and is equipped with features that make co-managed IT services more effective. Whether school IT leaders decide to manage their organizations themselves or with support from an MSP partner, Ninja is designed to make it easy.


Sign up for a free trial of NinjaOne today to see how a unified IT management platform can support your organization.

rmm free trial

Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).