Skip to main content

Protecting a Student’s Digital Identity

COVID-19 has dramatically altered the educational landscape. At the height of the pandemic, over 1.2 billion students around the world were unable to attend in-person classes. School systems around the world were forced to adopt virtual education out of necessity to support students and provide some level of educational normalcy.

At amazing speed, schools around the nation rose to the challenge and deployed millions of digital online learning tools to students. Edtech tools such as Google Classroom, Google Docs, Schoology, Canvas, Zoom, and others quickly became part of the online schooling toolset and part of the “new norm.” But what was the tradeoff in making this happen so quickly? In the effort to get all students online and not fall behind in their studies, were some steps overlooked?

Protecting Against Digital Footprints

When any individual posts on a school’s learning management solution or personal social media platforms such as Snapchat, Instagram, or TikTok, a digital footprint is left behind. This is considered an active digital footprint that lives forever on the internet; a “digital tattoo” of sorts. Yet, what many don’t realize is that there is another less often talked about digital footprint – the passive digital footprint. The passive digital footprint is the data trail that is unintentionally left online. Examples of a passive digital footprint include websites that install cookies on devices, apps, and websites that use geolocation, and social media platforms that use an individual’s likes, shares, and comments.

Whether we want to call it digital breadcrumbs or digital exhaust, it shouldn’t be news to anyone that one leaves a trail when working online. It should also not be a surprise that everyone from big business to cyber criminals utilize these digital footprints for their gain. Corporations are using this information for targeted, remarketing ads. One might think it was a sign from the heavens that the trip they were researching miraculously shows up in online ads the following day, but it’s direct marketing to one’s digital identity. It’s a lucrative business.

Over the past few years, there has been a wave of legislation to help stem the tide of data collection. However, we know that no amount of legislation or regulation will dissuade cybercriminals as long as there is money to be made from mining one’s personal data. School systems and students are prime targets for cybercriminals. Students are the perfect targets because they are generally more naive in their approach to the world and are more likely to overshare information or click suspicious links in a phishing attack.

Students and Schools: Surprisingly Lucrative Targets for Cybercriminals

Students are lucrative targets for cybercriminals in two ways. The first is stolen identities, especially those without a credit history, which garner a high price – as high as $1,100 per identity on the dark web. The reason is that the stolen student’s identity might go unnoticed for years until it’s too late. Imagine the kind of damage that could be done to a stolen identity without a credit history.

The second huge bounty for cybercriminals is access to a school’s network, which is full of personal information about their students such as home addresses, birthdays, and full legal names. A cybercriminal can often gain access to a school’s system through a student’s compromised email account. A student’s school email account is a prized asset because the account is often left unchecked for long periods of time. With access to the school’s network, a criminal can install malware for a larger sustained attack or hijack the system until a ransom is paid. For example, this past summer, LAUSD, one of the nation’s largest school districts fell victim to a ransomware attack, and in refusing to pay, criminals publicly released sensitive student information. So, what can school systems do to protect their student confidential information and online footprint?

School CIOs and CISOs must go beyond the standard content filtering practices to ensure the safety of students while operating on the internet. Technologies such as network obfuscation, varying network pathways through the internet, eliminating IP address and mis-attributing identity and locations of users have been used for a number of years to protect critical assets and cybersecurity specialists in military and intelligence operations. These technologies are now being commercialized to bring these critical cyber protection capabilities to the public. Implementing this next-generation cybersecurity technology will not only protect the privacy and security of students, but will ensure the learning organization’s critical enterprise network resources cannot be seen on the public internet by those who mean to do harm. 

Vince Scheivert is the former Assistant Superintendent of Digital Innovation in Loudoun County Schools (VA) and Future Ready Technology Leaders Advisors. He is currently the VP of Technical Sales at Telos Corporation. Connect with Vince on twitter @vscheivert or LinkedIn.

To learn more about how Telos Ghost can help protect your learning organization’s critical network resources with capabilities like these, visit