Categories
Security

Most US schools fail to secure distance learners

Education in the United States faced a crisis this year. The looming threat of the coronavirus — which spreads easily in enclosed classrooms — forced schools across the country to develop new strategies for education, most involving some form of distance learning.

The dramatic stress of this transition on teachers, parents, and students is well-known. But the impact of long-term distance learning on the cybersecurity posture of schools and districts has not yet been studied — until now. Researchers at Malwarebytes surveyed IT decision-makers and students from K–12 and trade schools, as well as colleges, throughout the US to compile a report on how education security has fared in the wake of the pandemic.

The results paint a rather grim portrait; the education sector, having always struggled with lack of IT budget and personnel, was ill-equipped to move millions of students to a distance learning model. And despite Herculean efforts by IT teams to connect every student and teacher, cybersecurity often slipped through the cracks.

US distance learners remain vulnerable to cyberattack

US schools have been under tremendous pressure over the last 10 months. Forced to close their doors with little warning, teachers, administrators, and IT teams spent the first few months of the pandemic simply figuring out logistics, such as how to get students access to school resources, devices, and Internet service. Unlike most workplaces, schools have been slower to adopt new technologies, and they were not set up for an easy transition to a distance learning model.

Yet even now, halfway through the schoolyear, educational institutions are struggling with cybersecurity for distance learners. Nearly half of all schools did not change their cybersecurity protocols in response to the new distance learning model, which resulted in a number of issues that dramatically increased IT workload and put undue strain on teachers. Some schools even suffered cyberattacks that delayed their distance learning lesson plans for up to a week. Other key takeaways from the report include:

  • 51 percent of IT decision-makers said that no students, teachers, staff, or guests (including parents) were required to enroll in cybersecurity training before the new school year began
  • 47 percent said their schools developed no additional requirements — no distance learning read-throughs, no antivirus tool installations — for the students, faculty, or staff who connected to the school’s network
  • 46 percent of students said their schools suffered a cyberattack (though only 3 percent of IT professionals admitted to the same); On the flip side, of those who engaged in security best practices before the transition to distance learning, none experienced a breach or had to cancel a single day of learning due to a cyberattack

Clearly, security awareness makes a difference in the overall safety of an organization. In fact, of those who were well-studied in cybersecurity, fewer suffered sustained, excess IT workload or experienced Zoombombing attacks than those who were less prepared. However, knowledge is only half the battle. Many respondents were saddled with device and data shortages. Other schools fell flat on security budget. Additional IT challenges presented by distance learning include the following:

  • 40 percent of educational IT pros said their schools are still missing laptops, computers, or tablets for students
  • 28 percent are still missing these devices for teachers
  • 20 percent of IT decision-makers said they had trouble convincing their schools to invest in cybersecurity
  • 44 percent admitted to difficulties in managing the sudden increase of devices connected to the school network
  • 80 percent said there was a steep learning curve for teachers, students, and staff to adapt to online learning tools

But the report wasn’t all doom and gloom. IT professionals had a gargantuan task in front of them to keep teachers teaching and students learning, and for the most part, they were up to the task. About 72 percent of schools provided Chromebooks, tablets, and hotspots to students, and 59 percent distributed laptops, external microphones, and webcams to teachers. More than 70 percent deployed new software tools for distance learning, including Google Classroom and Zoom.

Unfortunately, despite super-human efforts by some educational IT teams, lack of resources, personnel, and budget have strained an already impacted security posture to nearly the breaking point. About 76 percent of respondents experienced connectivity issues, 30 percent suffered a Zoombombing attack, and 52 percent of teachers had to step in and solve an IT or security issue for students and parents. On the bright side, actual cyberattacks were relatively rare.

So, what can educational IT teams do to improve their school’s security posture in 2021 and beyond? Here’s what the report suggests:

  • Create and train teachers and staff on new cybersecurity policies relevant to distance learning (For other businesses, this can be an additional set of rules related to remote work/work from home)
  • Develop requirements that direct teachers and parents to the appropriate point person in IT or security, should issues arise that need solving quickly
  • Implement access rules, including whether students should use a VPN or password manager to access the school’s network and accounts
  • Host cybersecurity training events for teachers, staff, students, and parents

For more information on the state of education security in the US, read the full report from Malwarebytes Labs here: https://resources.malwarebytes.com/files/2020/12/Lessons-in-cybersecurity_How-education-coped-in-the-shift-to-distance-learning_Malwarebytes.pdf

Categories
Security

Why Malwarebytes for Mac

As some of you may have already seen, we released Malwarebytes Anti-Malware for Mac last week. Prior to the release of the new product, I was of the mindset that Macs were not vulnerable to malware. So what changed my mind?

Doug Swanson, my former CTO at Malwarebytes (and current board member!) e-mailed me about a cool product called AdwareMedic he had found over the weekend. Doug’s grandmother’s computer, a Macbook Pro, had fallen victim to a search hijacker that was redirecting any links she clicked to advertising content. He ran AdwareMedic and all was well in the world. Doug insisted I take a look at the software, and his story certainly left me intrigued.

Categories
Entrepreneurship

Location, location, location!

Sounds like something a real estate agent would shout at you while selling you a house, right? Well, sort of.

Just like a grocer may perform a location survey to determine the best place for their store, i.e. the corner versus in a back alley, as an entrepreneur starting a business it is absolutely critical to choose your location. And I don’t mean your office location, I mean your niche. I hate calling it a niche, because it implies something small. Uber certainly didn’t find anything small when it chose to redefine how calling a taxi works!

We faced this hurdle at Malwarebytes early on. When we built the product almost eight years ago, antivirus companies had already saturated the market. There was no room for another antivirus, not that we wanted to be one anyway. From the very beginning, we decided to position ourselves as another layer of protection, one that focuses on the most aggressive and unknown threats and we left the rest to antivirus. It was one of the best decisions we had ever made.

At the time, we had no idea the position (location!) was so important. The revelation came to me recently while reading The Granularity of Growth where the author’s research found that “a company’s choice of where to compete is almost four times more important than outperforming within its market.” Had we positioned ourselves as another antivirus, who knows what Malwarebytes would be today.

Categories
General

Malwarebytes makes appearance on The Office

I like to have background noise as I answer work e-mails. Typically, I leave Netflix streaming and every so often I glance at the television. While watching The Office, I noticed something very interesting.

Malwarebytes on The Office

If you look at the bottom right corner of the screen, on the monitor, you’ll see Malwarebytes installed on the computer of a customer that Michael, Dwight, and Jim go to see. Turns out this isn’t the first time we’ve “appeared” on the show. We’ve also shown up on Darryl Philbin’s computer — look at the top left of the screen.

Malwarebytes is so good, even Dunder Mifflin uses it!

Edit: the icon used to be red!

Categories
General

Malwarebytes launches enterprise edition

Forgive my absence, I’ve been chained to a headset on several press calls per day for the last few weeks. Now that the press tour is basically over, I’m able to happily announce the launch of an exciting new product, Malwarebytes Enterprise Edition. This thing is awesome. Seriously.

So much work has gone into this product and I’m excited to finally announce it.

I’m working on some really cool changes to the blog and content that I will hopefully post every week, so stay tuned!