Schools and organizations that use many computers are getting a much-needed computing edge against cybersecurity threats with business-class Chromebooks
Consumer Chromebooks are equipped with what Google calls “defence in depth,” which provides multiple layers of protection. If attackers manage to get past one layer, the rest remain. Connected Chromebooks installed in school systems, healthcare facilities, and government agencies provide multi-layered security and add additional features. One of them is Zero Trust security, a framework that verifies every user and every device.
All Chromebooks run ChromeOS, an embedded operating system built on the Google Chrome web browser. They use the same Google-certified imaging engine. Enhanced security and automatic updates are built to provide Zero Trust security and require no user control.
Endpoint resilience and data protection are two key components of Zero Trust, along with robust data loss prevention (DLP) and granular access controls. Running corporate Chromebooks on an organization’s network is easily managed by an IT administrator through a console that is not accessible to users.
This feature works whether students or employees use Chromebooks locally or remotely, ensuring that screens are always on. For example, users can access their devices using QR codes and image-based sign-in options.
“Schools have become frequent targets for cyberattacks such as ransomware, phishing, and malware,” said Jeremy Burnett, vice president of technology at CTL, during a recent workshop where his company unveiled updated security features built into consumer and enterprise Chromebooks.
CTL is a Chromebook manufacturer and ChromeOS OEM that partners with Google to provide customized solutions for educators, students, and businesses. These solutions are designed to discuss the growing threat of cyberattacks that schools and organizations face.
ChromeOS Foundational Security
According to Andrew Luong, Google and ChromeOS Partner Success Engineer, the goal is to provide strong authentication through secondary factors or security keys. While there are other login options, students and others who are not tech-savvy prefer passwords.
“It’s hard for users to change their passwords frequently because every app you use today asks for long, complex passwords. It’s gotten harder,” he told the audience at a virtual workshop.
Google’s Password Manager is handy for creating strong passwords because the more you change, the less you’ll remember. Google’s various branding tools help users manage their passwords.
Another big concern is device health, he added. The device should be regularly updated with the latest security patches.
“Using ChromeOS is where we shine,” Luong said. “ChromeOS devices are automatically updated with significant advantages and differences while using the same Google-certified operating system.”
However, he added that school IT teams must ensure that these devices are connected to receive updates and remain on the version your district or school approved.
The IT management console makes it easy to maintain a specific version of ChromeOS so that students can access their assessments and teachers or staff can use their devices in the classroom.
“What we do in our console is bring Google AI to the surface and show you when you go into the cloud console that the device is up to date,” he said.
ChromeOS Security Behind the Scenes
The update is installed after the second version of the OS. The system does not interfere with the work of any user. After all updates are downloaded, a reboot button will appear to download the new variety of the OS.
Chromebooks include Verified Boot, a secure connection technology that verifies the integrity of the operating system during startup and ensures that the system has not been tampered with. If tampering or damage is detected, the system automatically attempts to repair itself, usually by restoring the OS to its original state. This ensures that the operating system remains safe and secure by eliminating failures in its integrity.
Chromebookbooks now have context-sensitive tags to ensure the integrity of the version of ChromeOS before allowing the devices to connect to school apps. According to Luong, this is an innovation in zero-trust architecture.
Another security feature recently added to the IT management tools is agentless threat detection and response. An administrative license allows administrators to configure and monitor ChromeOS device security event information in the Security Event Notification system.
“So centralized reporting and analytics make it easy to get that zero trust system and improve your cybersecurity,” he said. “ChromeOS has built-in malware protection. A ransomware incident has never been reported on [ChromeOS devices].”
Advanced enterprise cybersecurity features are available through the management console with a license plan from an authorized vendor, such as CTL, for enterprise-class devices. All Chrome client books have automatic update, malware, and virus protection features.
Insider Risks in School Cybersecurity Schools
Luong emphasized an important point: the robust cybersecurity protection built into all Chromebooks. They are not always immune to careless actions by workers.
“When it comes to phishing, about 90% of data breaches in K-12 schools are due to system employees clicking on links, and it’s not a hit to the school system employees,” he said.
If that click leads to a ransomware attack, the Chromebooks are not the problem. Educational institutions are among the most targeted sectors.
That’s where cybersecurity training comes into play. On average, U.S. schools and colleges lose about $500,000 a day due to downtime during ransomware attacks. So when something happens, the stakes are high, Luong noted.
CyberNut offers security awareness training. The company’s website is designed to be highly engaging and is based on bite-sized training sessions with short hands-on experiences.
“The real goal is to allow schools to measure behavioural change. Our success isn’t just about checking off a box for college staff after they watch a short video and ask questions. We’re laser-focused and continually deliver measurable behavioural change through training,” said Oliver Page, founder and CEO of CyberNut.
Offers a free trial to help organizations learn about cybersecurity training. This includes a free phishing assessment to see where a school district stands regarding security.
The High Cost of Cyberattacks on Schools
Over the past 10 to 20 years, the quality of phishing emails has become more sophisticated, and the number of ransomware attacks on K-12 schools has increased dramatically in the past year. Most of these attacks come in the form of malicious emails and phishing, according to Page.
“It’s scary because it depends on how you count that number. If you’re talking about schools that have been targeted somehow and something has happened, almost 100% of schools are getting malicious emails that could lead to a daily ransomware attack. So, it’s widespread,” Page said.
Some factors make crossroads schools more visible. One of the main motives is budget constraints, which lead to understaffing and a lack of expertise.
“It gets even worse when we connect thousands of devices to manage and protect them. We have a lot of valuable data,” Page warned.
The average ransom last year was $6.5 million. On top of that ransom, you’re looking at millions more in recovery costs.
One reality is that no one is teaching students about cybersecurity, he added. Parents spend an average of 46 minutes teaching their children about online safety throughout their lives.
“Because the average child over 13 spends seven hours a day online, it’s easy to see where they differ and are concerning,” he concluded.