Schools Using Google Need a Security Lesson

The following was shared with DZone by David Waugh, VP Sales and Marketing at ManagedMethods.

I used Google Docs to write this post – the popular word processing app within Google G Suite. At ManagedMethods, Docs is an indispensable part of our workflow. Collaborating, sharing, and editing documents with a team through the cloud is easier than ever, leaving many of Microsoft’s Office apps in the dust.

Within the corporate world we’re still a minority, but moving forward, graduating students who become professionals will bring the software that they used in the classroom into the office, just like they did with Apple 20 years ago. G Suite popularity is surging in schools as the New York Times recently reported:

“Between the fall of 2012 and now, Google went from an interesting possibility to the dominant way that schools around the country teach students to find information, create documents, and turn them in,” said Hal Friedlander, former Chief Information Officer for the New York City Department of Education, the nation’s largest school district. “Google established itself as a fact in schools.”

Despite the swift takeover by Google within the classroom, its interfaces, administrative controls, and security are still lacking. For example, there’s a common misconception that if you convert to a cloud-based service, you no longer have to be concerned about security. The reality is not so simple. As institutions, school districts, and states migrate from desktop software to cloud apps, security becomes critical. Some administrative capabilities that are built into G Suite are incredibly powerful, but setting up the security protocols and processes that go along with G Suite can be complex and often fall short of expectations, leaving schools vulnerable.

Why Schools Should Care About Cloud Security

According to Verizon’s 2017 Data Breach Investigations Report, education is among the most vulnerable sectors due to the combination of black market treasure troves of private data and lax security measures.

Hackers target schools using phishing scams, ransomware, and malware which can be disguised in email links that look like an invitation to a shared document, known as an OAuth attack. The goal of an OAuth attack is to obtain credentials. The hackers then use login access to steal personal information for financial or competitive gain.

Cybersecurity is an issue that every industry is coping with, but schools face challenges from every angle, weighing pressure from hackers, employees, students, administrators, politicians, and taxpayers. With the nearly ubiquitous presence of Google in the classroom, it’s too important to ignore.