Investigating the Security & Privacy Risks from Unsanctioned Technology Use by Educators

TL;DR

This paper investigates the security and privacy risks posed by educators using unsanctioned educational technology applications and devices, highlighting how such practices impact institutional data protection.

Contribution

It provides insights into why instructors use unsanctioned tools, their risk perceptions, and the implications for institutional security and privacy policies.

Findings

Instructors often use unsanctioned applications for convenience.

Perceived risks influence the use of unauthorized technology.

Use of unsanctioned tools can compromise institutional security.

Abstract

Educational technologies are revolutionizing how educational institutions operate. Consequently, it makes them a lucrative target for breach and abuse as they often serve as centralized hubs for diverse types of sensitive data, from academic records to health information. Existing studies looked into how existing stakeholders perceive the security and privacy risks of educational technologies and how those risks are affecting institutional policies for acquiring new technologies. However, outside of institutional vetting and approval, there is a pervasive practice of using applications and devices acquired personally. It is unclear how these applications and devices affect the dynamics of the overall institutional ecosystem. This study aims to address this gap by understanding why instructors use unsanctioned applications, how instructors perceive the associated risks, and how it affects institutional security and privacy postures. We designed and conducted an online survey-based study targeting instructors and administrators from K-12 and higher education institutions.