By the Québec Ministry of Education
The image of the hacker is often used to represent the cyber threat we need to protect ourselves from. The hacker is usually described as a malicious being from the outside, sometimes even from another country, who wants to get into our networks to steal data, extort money or damage our systems. However, there are other types of threats, and some of them are within our organizations. Shadow IT is one example. It occurs when a staff member uses or deploys a technological system, application or software without the knowledge of the IT department.
Every institution or educational organization’s IT department works to support teachers in the educational success of their students. To help teachers carry out this mission, IT teams are constantly working on securing technological tools. Whether by applying security measures or supervising the use of technological tools, those responsible for information security have the expertise needed to reduce risk. However, if staff members are using methods other than those recommended by their organization, the IT department simply cannot protect what it does not know about.
You could be unintentionally putting your educational institution at risk
The risks associated with shadow IT can have serious consequences. For example, if a technological tool with security breaches ends up on your work computer, it can serve as a gateway for a hacker to gain access to the entire organization’s computer systems. A malicious person could then carry out a ransomware-type cyber attack.
Another example of risk relates to the data used by the tool. It can be difficult to determine the sensitivity of the information that we use. Assessing the sensitivity of data and its level of confidentiality requires special expertise. Consequently, this activity must be supervised by your chief organizational information security officer. By using an unsecured tool, unauthorized persons could gain access to student information, for example, and this information could be shared without your knowledge.
There are many other risks involved in shadow IT. Your IT team can provide you with more information if necessary.
Collaborating to improve security
As education professionals, we are all committed to our students’ educational success. Technological tools are evolving rapidly. It can be challenging to stay up to date with new trends and prepare students to navigate this world. It can be tempting to use technology to be more efficient at certain tasks, or to get to know a new tool. However, we must make sure it is done in a secure way.
Currently, public generative AI tools such as Copilot or ChatGPT are very easily accessible, but they do not guarantee the security of the information you give them. Refer to your IT department to understand this technology and its risks.
If you think you are using a technological tool without notifying your IT department, it is crucial that you inform them as soon as possible. The IT team will be able to analyze this solution and recommend the necessary security measures. You might even be surprised to learn about the existence of a recommended secure tool that does the job just as well.
It is through collaboration that we can maintain a secure technological environment. Your vigilance in your day-to-day work can have a major impact on the safety of your students, educational institution and even your school service centre or school board.