Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity NewsEducation: K-12

Protecting school devices in the age of digital learning

By Dr. Torsten George
college-student-studying-together.jpg
December 7, 2021

Despite many school districts now fully reopening to in-person learning, the days of school-owned laptops and other devices remaining safely plugged in at the end of each day are long gone. Fueled by much-needed, multibillion-dollar emergency funding from the federal government’s quickly enacted CARES Act, CRRSA and the American Rescue Plan, the number of school-issued devices being used by students has grown to the point where almost every student now has access to either a laptop or tablet.

 

One student, one device

A 2021 survey conducted by Education Week Research Center found that 42% of districts across the U.S. had purchased and issued devices for every student, with another 55% of districts purchasing them for at least some students. In the same survey, district leaders reported that they had rolled out 1:1 programs — in which each student has a school-issued device — covering 90% of middle and high schoolers and 84% of elementary students. This represents a remarkable increase from 66% and 42% respectively, when compared to the period immediately before the pandemic. 

Data from Absolute Software’s latest Endpoint Risk Report on education revealed that 47% of K-12 devices in the spring of this year were located more than 25 miles from their school or district, compared to just 27% just one year earlier — a 20% increase. In addition, a considerable number of devices — 21% — were located more than 500 miles away. 

 

A picture containing chart

Description automatically generated

 

 Image courtesy of Absolute Software

Although the increased mobility and the ‘learn-from-anywhere’ environment are both positive outcomes, the IT teams who support these districts are faced with the very real challenge of being able to track and manage much larger volumes of valuable assets that are now well outside the security of a school’s network. A prime example can be seen in these statistics: year-over-year movement increased by 48%, contributing to a very significant 45% increase in the number of devices being reported as missing or stolen in spring 2021 versus the same period one year earlier.

This all points to the fact that IT teams face a tough balancing act. On the one hand, the swift actions taken by school districts over the past two years undoubtedly helped students stay engaged in their academics during a very unpredictable time. However, from a purely IT perspective, there are some immediate challenges that school districts need to recognize and address.

 

Lack of visibility

One of the most obvious pitfalls that school districts fell into with their accelerated device rollout was that they sometimes — out of necessity — had to overlook their own standard procedures. For many, this created a lack of visibility that has resulted in new management and security challenges for IT teams that were already stretched thin. In addition to knowing where the devices were being used, the need to report and account for federal funding means that school districts are also expected to know how these devices are being used, as well as ensuring that students are adequately protected while online.

On top of these factors, the addition of untested applications on devices, delays in patching, and failing security controls have brought complexity and even more vulnerabilities to environments where security has often been an afterthought. It’s not surprising, then, that the education sector as a whole has become one of the largest targets for ransomware, placing both students and the schools themselves at heightened risk. 

According to the Federal Bureau of Investigation (FBI), schools are now the top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning. Fifty seven percent of all reported ransomware attacks in August and September of 2020 targeted K-12 institutions, up from 28% over the first six months of the same year.

 

Balancing learn-from-anywhere with security and end user privacy

This is not to say that we should turn back the clock. Devices today are often seen as the new classroom, meaning that device portability is an absolute must for most schools and the success of their educational roadmaps. Without trying to sound like a broken record, what’s important here is that IT teams have tools that help them maintain visibility and control over the entire device fleet, no matter where those devices are, or what network they are using. Normally this would be a huge undertaking even for a well-funded private organization, but for most school district IT teams, it is often an issue of budget as well as manpower.

One thing that should be a pre-requisite for this kind of device portability is proper tracking and asset management. Solutions like asset tagging allow IT teams to keep devices within view and up to date, regardless of their type or location. They often have capabilities that ensure that students are able to connect easily and safely, giving them proper access to class materials and assignments.

 

From cradle to grave

The learn-from-anywhere environment underscores the need for IT teams to scale their processes for device management. It starts with deployment, of course, but extends through each device’s entire life cycle, including collection, configuration and end-of-life.

As mentioned above, the location of school devices is also an important consideration. In addition to the health of critical security applications and the deployment of OS and other software patches, one of the basic indicators of device status that should be monitored is the device’s geolocation. Is the laptop or tablet located where it should be? If not, what are the associated risks? Has the device changed location regularly over the last few weeks or months, and are these changes both explainable and acceptable? With any highly mobile device, there will naturally be heightened risk due to the potential use of insecure Wi-Fi networks and the greater chance that devices will be left unattended, get lost, and possibly stolen.

 

Chart

Description automatically generated

 Image courtesy of Absolute Software

One of the most surprising findings from the education report was the amount of personal information that was found on school-issued devices. Almost a third of education devices in the study group contained some form of sensitive data. Of those, social security data was stored on 45%, and 39% contained protected health information.

With asset tracking in place, device losses and data risks can be greatly minimized. In addition, an extended feature set allowing IT teams to locate, freeze, or even remotely wipe the data from any device can be incredibly useful. A lot of these features can and should be automated, making it easier for IT administrators to implement granular policy controls that assist not only the management of the devices but also the reporting process.

As the world continues to figure out how best to deal with work-from-anywhere and learn-from-anywhere environments, organizations of all shapes and sizes will continue to grapple with the need for better security that doesn’t hinder productivity and usability. Balancing all of this with end -user privacy and device integrity is undoubtedly one of the biggest challenges for IT teams, who are now facing the ultimate test.

KEYWORDS: information security k-12 security risk management school security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Torsten george

Dr. Torsten George is currently a cyber security evangelist at Absolute Software, which enables a reliable, resilient work from anywhere experience by ensuring maximum security and uncompromised productivity while enforcing Zero Trust principles. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID Global, an ASSA ABLOY Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • implement these easy hack into your organization's cyber security checklist to mitigate risk while remote

    Simple 'back-to-virtual-school' must-haves to implement in your organization

    See More
  • Frank Figliuzzi talks on security insider risk and brand reputation

    Spend 60 minutes learning to protect your corporate brand & reputation in the digital age

    See More
  • schools remote learning

    Schools, here’s how to stay cyber-safe in the age of remote learning

    See More

Events

View AllSubmit An Event
  • May 22, 2025

    Proactive Crisis Communication

    Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing