Take your Chromebook security game to the next level
Managed Chromebooks are one of the most popular deployments in K-12 schools today, thanks to their built-in layers of security protection (hence the ‘hassle-free’ tag).
However, IT admins still need to configure the more granular Chromebook security bits to FULLY protect their data and users.
In this post we’ll show you which Chromebook security features are already built-in and which security bits you need to look after yourself for optimum protection.
|Already built-in Chromebook Security Features
Virus-free: Don’t fret over things like antivirus software.
Automatic updates: Chrome OS automatically updates in the background. Apps and security patches are automatically updated too.
Sandboxing: Each web page and app runs in a restricted environment. If an infected page is visited, other tabs or apps on the computer won’t be affected.
Verified Boot: Every time a Chromebook starts up, it completes a self-check called ‘Verified Boot’ to detect system issues and repair them automatically.
Data Encryption: Achieved via a tamper-resistant hardware security chip, making it difficult for others to access those sensitive files stored in the cloud.
Recovery Mode: Easily restore the operating system to a known good version if anything goes wrong with a Chromebook.
HOW TO MAKE K-12 CHROMEBOOKS MORE SECURE?
1. Set up Chromebook Geolocation Tracking
Tracking and managing the location of your Chromebooks and Chrome OS devices in real-time is pivotal.
This prepares you ahead for any Chromebook device loss and/or theft incidents and allows you to remotely disable compromised devices. That way you can protect your domain data and users before any further damage is caused.
Additionally, activating geolocation alerting helps you spot and respond to unusual logins on time — before incidents are even reported.
As this information is not available in the admin console, an accurate and reliable Chromebook management tool can help you cover this area.
2. Assess Chromebook Installed Extensions
Managing the extensions users install on their Chromebooks is another crucial Chromebook security area to add to your to-do list.
High risk extensions that request wide access to your environment can bring in a whole range of security hazards to your fleet.
These extensions use a permission system to request access to subsets of those features. Depending on the permissions they request, they can add icons to the toolbar or inside the address bar.
They can also open and close tabs and windows and gain full access to every page your users visit and all data sent to the web (even if users use HTTPS) and more…
A good example would be Adblock, which runs on every page you visit and monitors what resources the page loads and can block requests for advertisements.
3. Manage Domain-wide Downloads
Just like installed extensions, unsafe downloads can bring in similar hazards.
Ideally, you’ll also want to monitor and manage domain-wide download, with the ability to report on and remove unsafe downloads on your Chromebooks on any site at all times in real-time.
4. Automatically Block Risky Site URLs in Chromebooks
Now on to protecting users from visiting risky or malicious sites.
Thanks to their built-in sandboxing feature, Chromebooks are by far the most secure devices in the market today when it comes to safe browsing.
However, you’ll still want to add more control over which websites your users can visit to give that browsing security more of a customized boost.
This way, you’ll not only ‘minimise risks’ associated with visiting a malicious site, but also eliminate that risk from the root by blocking potentially harmful sites for your users altogether.
4. Apply Content Filtering for Chromebooks
This is particularly important for K-12 schools where admins need to protect students from harmful online content and/or practices and stay CIPA Compliant (Children’s Internet Protection Act).
Similarly, SysAdmins at organizations where remote workers use company Chromebooks may want to prevent users from viewing unsafe content using company devices.
In that case, a powerful Chromebook audit and content filtering tool will do the trick.
You can also get more granular and perform things like YouTube browsing audit if your users need to use online video platforms but you still want to control the content they view there.
5. Check Chromebook Device Access Management
Device access management allows you to detect secondary users on your Chromebook devices.
This helps you ensure that students are using their school accounts (rather than personal accounts) to sign into their Chrome OS devices.
In return, you’ll ensure that the security measures set across your domain are enforced.
You’ll also spot any unusual log-ins that may indicate suspicious activity on your Chrome OS devices.
6. Deploy Chromebook Managed Guest Sessions
Finally, if your school or organisation uses shared Chromebook devices, then deploying managed guest sessions to your fleet is one final Chromebook security step to check off your list.
Managed guest sessions give you IT control while allowing multiple users to securely share the same Chrome device (ex: at libraries or school lobbies) without the need to sign in.
According to Google, Chromebooks help you ‘Chromebooks let you breathe just a little bit easier’. However, as an Admin, you still need to look after some bits to fully secure your fleet.
The above Chromebook security controls will help you stay ahead of the game and meet your district’s IT requirements more easily.
To learn more about how GAT can help you boost your fleet’s Chromebook Security checkout our powerful capabilities here.
Audit. Manage. Protect.
Discover how Management & Security Services can help you with deeper insight and on-call, personalized assistance.