The coronavirus (COVID-19) pandemic has become a big challenge for K-12 schools as they scramble to find ways to move their classroom-based training infrastructure to deliver distant learning and minimize disruptions. With entire communities in lockdown, the shift to delivering online learning has become a herculean task for IT administrators.
SysCloud created this page to help IT administrators in K-12 schools get the resources they need to navigate these challenges.
Google Workspace has made available all the apps K-12 schools will need to start delivering online learning. They are offering free access to key apps in addition to publishing online resources and guides to help schools make the shift to online learning. Please note that some of the apps don’t have a 'forever free plan' for schools and will require an upgrade to paid plans in the future.
Google Teach From Home Resource Center for Google Workspace - A hub of information and tools to help schools migrate to distance learning.
Google Meet Guide for K-12 IT Administrators - Google help center page to help setup Google Meet for distance learning.
Google Voice for Schools - A guide to using Google Voice by TCEA.
WebEx - Cisco WebEx page for teachers, parents, and IT admins to deliver teaching online.
Adobe Creative Cloud - Temporary at-home access to Creative Cloud available until May 31 for schools and colleges.
Bloomz - Parent communication app that helps teachers and school administrations engage with parents on student's growth and development.
Boclips - Online video platform that enables educational publishers and service providers to find, license, and use video from content producers.
Edmodo - An educational technology company offering a communication, collaboration, and coaching platform to K-12 schools.
As schools are rapidly moving to learn from home and work from home models, the biggest threat to the ongoing functioning of schools is keeping cloud data safe and making data available on-demand no matter where staff or students are located.
According to EducationWeek, fewer than 10% districts report that every student has access to non-shared devices at home while 54% of districts report that more than three-quarters of their students have access to shared devices at home.
The same publication reported that 47% of school districts rate phishing as a high risk threat for schools and 23% are bracing themselves for ransomware attacks.
Threats to cloud data security, student data privacy and safety are amplified by the fact that IT administrators have to now deal with provisioning devices and IT infrastructure for teachers, staff, and students and making sure shared devices don’t act as a gateway for data security threats.
"I would easily say that less than 50% of our students and families have access to either a consistent learning device and/or Internet access, I think that's our greatest challenge right now."
- Superintendent, Detroit Public Schools Community District. (source : NPR)
The last few years has seen a steady spike in the number of phishing sites detected by Google and this trend is picking up steam as scammers have started launching phishing scams to target people interested in learning about COVID-19.
Image source: Google Transparency Report
Teachers, non-teaching staff and students are now spending more time online as schools are supporting distance learning amid the lockdown and this could potentially open the floodgates for phishing scams and ransomware attacks.
An example of a phishing email. Image Source: Norton - Online Scams
Distance learning exposes most schools to sophisticated attacks that can overwrite Drive files or delete them. For example, malicious software can be uploaded to Google Drive and the link to the software can be embedded in Google Docs or chat messages to infect a domain.
According to Google, the risk of account takeover (for possible malicious data deletion or exfiltration) even with two-factor authentication and basic security features enabled in G Suite is about 33%.
The number of malicious sites using the 'Covid 19' and 'gov' in their URL, and adding links to authentic sites like WHO to make it look genuine, have been on the rise for the past few weeks.
Accidental deletions are just waiting to happen. With emails, chats, files becoming the primary means of communication among teachers, non-teaching staff and students, incidents of accidentally deleting or overwriting class assignments, scoring sheets, assessment blueprints and other critical data needed for day-to-day functioning of schools are bound to increase.
IT administrators are worried about the sudden spurt in shadow IT as teachers and school management shift to a distance learning program.
Videoconferencing and collaboration apps are making an aggressive bid to gain a toehold in the K-12 market by offering free or deeply discounted products. But schools are already paying a price as they are opening themselves to serious risks.
Some of these 3rd-party apps have questionable features that can compromise student/staff privacy or violate compliance requirements with respect to personally identifiable information (PII).
In addition to collaboration apps, malicious 3rd-party mobile apps that claim to track Coronavirus can lock down mobile devices provided to teachers and students.
"As a result of the recent COVID19 outbreak, we have seen an increase in third party application installations to G Suite. Recently, we have run into problems with online meeting apps like Zoom and needed to get visibility into users who are installing this app to G Suite"
- Chief Technology Officer, Canyon Independent School District
One of the trends IT administrators should watch for is the growing use of Drive and emails as a means for teachers to share Individualized Education Program (IEP) information with parents of students who are now taking the classes online.
As schools rely on online collaboration and sharing of information via email, Drive, and chat becomes the norm, compliance issues can creep up as the teacher or staff may accidentally disclose private information.
While FERPA allows disclosure of student PII to tackle health issues pertaining to COVID-19, this is not a blanket approval to disclose PII or stop monitoring who gets access to PII.
That’s not all. Third-party collaboration products may share data about teachers and students who sign up using social media credentials (Example: Facebook) with advertisers or marketers.
Having a robust backup and security solution for Google Workspace is one of the best ways for K-12 IT administrators to safeguard their schools from data loss and security threats that’s beginning to spike due to the COVID-19 pandemic.
The following tables show how SysCloud can help schools secure Google Workspace.
|Backup Features||Google Workspace with Vault||SysCloud|
Trash backup/Junk backup
Shared Folder backup / Shared with me backup
|(Only for 55 days)||(Unlimited)|
|Shared Drive backup/Teams backup||(Only for 55 days)||(Unlimited)|
|My Drive backup||(Unlimited)|
|Contacts||Groups Backup||(Only for 55 days)||(Unlimited)|
|Calendar||Backup of Shared Calendar events||(Only for 55 days)||(Unlimited)|
|Sites||Backup Sites||(Only for 55 days)||(Unlimited)|
|Restore Features||Google Workspace with Vault||SysCloud|
|Gmail||Point in time restore|
|Granular search for restore|
|Restore with attachments||(Only for 55 days)||(Unlimited)|
|Restore to source folder||(Only for 55 days)||(Unlimited)|
|Cross user restore||(Unlimited)|
|Drive (Includes My Drive, Shared Drive and Shared Folder)||Point in time restore||(Unlimited)|
|Restore with folder structure||(Only for 55 days)||(Unlimited)|
|Restore with sharing permissions||(Only for 55 days)||(Unlimited)|
|Granular search for restore||(Unlimited)|
|Custom folder restore||(Unlimited)|
|Revision history with option to restore a past version||(Unlimited)|
|Calendar||Restore to user accounts||(Unlimited)|
|Restore events with the shared invitee||(Only for 30 days)||(Unlimited)|
|Sites||Multiple sites restore||(Unlimited)|
|Contacts||Restore to user accounts||(Only for 30 days)||(Unlimited)|
|Backup Admin Features||Google Workspace with Vault||SysCloud|
|Backup||Automatic incremental backup|
|Backup retention post account deletion|
|Real-time backup dashboards|
|Selective users/apps backup|
|Granular retention settings|
|Drill-down view of backup data|
|User activities||Audit logs|
|Restore & Export||End-user self-service restore||(Only for 30 days)|
|Restore data with exact time stamp|
|Advanced search option for restore|
|Export email in .pst or .xml format|
|Preview of backed up data|
|Features||Google Workspace with Vault||SyCloud|
|Sharing controls and permissions|
|Flags sensitive content||(Only SSN and Credit card data)|
|Block malicious third-party apps|
|Blocks unauthorized app installation|
|Blacklist unauthorized apps||(Only from chrome webstore)||(all apps)|
|Block malicious sites|
|Blocks harmful content online|
|Blocks access to unauthorized/unmonitored websites|
|Creating & editing pre-existing or new policies||(Create new)|
|Granular control on defining policy applicability||(Only domains, Sub-domains, and Groups level)||(Include org units and users)|
|Custom triggers for policy violations|
|Policy exception request and overrule workflow|
|Violation remediation rules definition|
|Mechanism of threat detection|
|Checks words or phrases match|
|Identify the context of the word|
|Filter references and quotes from the text|
|Keyword search in the subject and body|
|Check for frequency of the word|
|Use Machine learning algorithm|
|Flag the incident with risk threshold|
|Actions taken when identified a threat|
|Revert sharing permission|
|Transfer file ownership|
|Remove access to the file and quarantine it|
|Auto-encrypt Drive files|