Investigating the Security & Privacy Risks from Unsanctioned Technology Use by Educators

Educational technologies are revolutionizing how educational institutions operate. Consequently, it makes them a lucrative target for breach and abuse as they often serve as centralized hubs for diverse types of sensitive data, from academic records to health information. Existing studies looked into how existing stakeholders perceive the security and privacy risks of educational technologies and how those risks are affecting institutional policies for acquiring new technologies. However, outside of institutional vetting and approval, there is a pervasive practice of using applications and devices acquired personally. It is unclear how these applications and devices affect the dynamics of the overall institutional ecosystem. This study aims to address this gap by understanding why instructors use unsanctioned applications, how instructors perceive the associated risks, and how it affects institutional security and privacy postures. We designed and conducted an online survey-based study targeting instructors and administrators from K-12 and higher education institutions.