Schools and organizations that deploy vast numbers of computers have a much-needed computing edge against cybersecurity risks with enterprise-grade Chromebooks.
Consumer-grade Chromebooks come with what Google calls “defense in depth,” which provides multiple layers of protection. If attackers succeed in bypassing one layer, others remain in effect. The networked Chromebooks deployed in school systems, medical facilities, and government offices take multi-layer security and boost it with additional features. One of them is Zero Trust security, a framework that verifies every user and device.
All Chromebook devices run ChromeOS, an embedded operating system built around Google’s Chrome web browser. They run the same Google-certified operating image system. This built-in heightened security and automatic updates are designed for Zero Trust security and require no monitoring by users.
Endpoint resilience and data protection are two critical components of Zero Trust, augmented by robust data loss prevention (DLP) and granular access controls. Running enterprise-level Chromebooks on an organization’s network is easily maintained by the IT system administrator through a console inaccessible to users.
The approach works whether students or employees use the Chromebook devices internally or remotely, ensuring that security shields are always engaged. For example, users can access their devices using QR codes and picture-based login options.
“Schools have become frequent targets for cyberattacks like ransomware, phishing, and malware,” said Jeremy Burnett, vice president of technology at CTL, during a recent seminar where his company presented on the updated security features built into both consumer and enterprise Chromebooks.
CTL is a Chromebook manufacturer and ChromeOS OEM service provider that partners with Google to deliver tailored solutions for educators, learners, and businesses. These solutions address the growing threats of cyberattacks faced by schools and organizations.
ChromeOS Foundational Security
According to Andrew Luong, partner success engineer for Google and ChromeOS, the goal is to have strong authentication with second factors or security keys. Despite the other login options, students and others less familiar with technology prefer passwords.
“Making users change passwords frequently is complex because every app you use today asks for longer and more complex passwords. It’s become quite a hassle,” he told the virtual seminar audience.
Google’s password manager has been super helpful in generating stronger passwords because the more you have to change them, the less likely you will remember them. Google’s various logon tools help users handle better passwords.
Another major challenge is device health, he added. Devices must be updated regularly with the latest security patches.
“Using ChromeOS is where we really shine,” noted Luong. “ChromeOS devices update automatically, a key benefit and differentiator, with all running the same Google-certified operating image.”
However, he added that school IT teams must ensure that these devices are connected to get those updates and remain on the version you approve in compliance with your district or your school.
Using the IT administration console makes it easy to keep them on a particular version of ChromeOS so that the students can take their tests or the teachers or staff can use their classroom tools.
“What we are doing in our console is having Google AI surface and show you, as you log into the Cloud Console, that devices are all up to date,” he said.
ChromeOS Security Behind the Scenes
Updates are installed in the background on the second copy of the OS. The process does not interfere with any user’s work. When all the updates are downloaded, a reboot button appears to load the new OS version.
Chromebooks include Verified Boot, a trust connector technology that verifies the integrity of the operating system during startup and ensures the system has not been tampered with. If tampering or corruption is detected, the system automatically attempts to repair itself, often by restoring the OS to its original state. This ensures that the operating system remains secure and intact, addressing any failures in its integrity.
Enterprise Chromebooks now have context-aware signals to check the integrity of the running ChromeOS version before it allows the devices to connect to school applications. That is an innovation in the zero-trust architecture framework, explained Luong.
Another recent security feature added to the IT management console is threat detection and response, which does not use any agents. The management license enables admins to configure and monitor information flowing from ChromeOS device security events into the security event notification system.
“So centralized reporting and insights make it easy to have that zero-trust framework and enhance your cybersecurity,” he said. “ChromeOS has built-in malware protection. No ransomware has ever been reported [on ChromeOS devices].”
These enhanced enterprise cybersecurity features are available through the admin console under a licensed plan from an authorized provider like CTL to enterprise-grade devices. Consumer-grade Chromebooks all have the other features mentioned regarding automatic updates and built-in malware and antivirus protection.
Insider Risks in School Cybersecurity
Luong stressed an essential point about the rigorous cybersecurity protections inherent in all Chromebook devices. They cannot always survive careless employee actions.
“When it comes to phishing, about 90% of data breaches in K-12 schools result from a system employee who is clicking on a link — and that is not a knock on school system employees,” he said.
If that clicking results in a ransomware attack, the fault is not with Chromebooks. Education institutions are among the most targeted sectors.
That is where cybersecurity training comes into play. On average, U.S. schools and colleges lose about $500,000 a day to downtime during ransomware attacks. So, the stakes are high when something happens, Luong observed.
CyberNut offers security awareness training. The company’s platform is designed to be extremely gamified and engaging, based on micro training sessions with short, gamified experiences.
“The real objective is to allow schools to measure behavior change. Our success is not just based on checking a box for faculty staff after they watch a short video and take a quiz. We are laser-focused and deliver measurable behavior change through an ongoing, perpetual training experience,” said Oliver Page, co-founder and CEO of CyberNut.
He offers a free trial, allowing organizations to learn about cybersecurity training. That includes a free phishing assessment to see how a school district is positioned from a security posture perspective.
The High Cost of Cyberattacks on Schools
The quality of phishing emails has become more sophisticated over the past 10 or 20 years, with ransomware attacks on K-12 schools have increasing substantially in the last year. According to Page, most of those attacks come through malicious email and phishing.
“That is scary because depending on how you calculate that number. If you are talking about schools that were targeted in some way and something happened, it is closer to 100% of schools receiving malicious emails that could lead to a ransomware attack every day. So, it is prevalent,” said Page.
Several factors put schools in the crosshairs so prominently. Among the primary causes is a lack of budget, which leads to a lack of staffing and expertise.
“That gets bad when we couple it with thousands of devices to manage and secure. We have tons of extremely valuable data,” Page warned.
The median ransomware payment last year was $6.5 million. In addition to that ransom, you are looking at additional millions in recovery costs.
One of the realities of that is that nobody teaches students about cyber safety, he added. Parents spend an average of 46 minutes educating their children on cybersecurity in their entire lifetime.
“Couple that with the fact that the average child above the age of 13 spends seven hours a day online, it is easy to see where the disparity and the concern lies,” he concluded.
Loading ...
