| Executives September 15, 2020
September 15, 2020
Here at Lookout, we spend a lot of time talking about how best to secure tablets and smartphones. That’s because they dominate our lives. But as some of our daily routines continue to stay virtual and our kids return to school, the importance of securing Chromebooks has become top of mind.
Chromebooks have become an essential tool for schools that transitioned to distance learning in the spring. These devices are a cost-effective way for students to connect to cloud resources, receive instruction and perform their homework. Because Chromebooks are so affordable, this gives educators an opportunity to issue devices to help with productivity, implement proper security and still save money.
Whether you’re a school district trying to help students keep up with schoolwork or an organization looking to enable productivity for your remote workers, security has to be top of mind. Chrome OS is a modern endpoint device, so it faces the same security challenges as mobile devices.
It’s true that Chrome OS, much like Android and iOS, are more secure than legacy OSs in two ways.
First, Chrome OS doesn’t allow anyone access to its kernel – the core part of an operating system – unlike Windows. This means under regular circumstances, it's very difficult to compromise Chrome OS. In addition, Chromebooks automatically receive regular updates to ensure vulnerabilities are patched.
Second, the apps are sandboxed. This means a problem with one can’t affect any others.
While these two Chrome OS features make it more secure than an operating system like Windows, it doesn’t address all the important security requirements like anti-phishing and antivirus. According to data from our install base, these are two of the most common threats facing Chromebook users.
Desktop security cannot secure Chrome OS devices. Traditionally, the way security tools work on desktops and laptops is that they require kernel access and elevated privilege to scan the apps on the device. That’s not possible in Chrome OS.
Much like phones and tablets, there are now countless ways for malicious phishing links to be delivered. You could receive phishing messages on any apps from Google Hangout, WhatsApp to Facebook Messenger. Once you click on the link, attackers can steal your credentials or trick you into installing malicious Android or Chrome apps.
It is important to use an anti-phishing solution that will protect you from clicking on a malicious link regardless of which app you received it.
In addition, user education on phishing attacks and social engineering is a big part of securing Chromebooks. Your users need to understand that one of the most common ways they can get compromised is by phishing attacks, which has evolved beyond being an email-based scam.
Apps for Chrome OS, as well as Android apps that work on Chromebooks, are just as susceptible to malware as apps for any other operating systems. Without elevated privilege to scan apps, antivirus for Chromebooks must look for the behaviors of a threat. By analyzing a large dataset of Chrome OS devices and apps, modern antivirus solutions can detect threats in new versions of apps to protect you from brand new viruses.
The last thing I would recommend is to set appropriate policies. There are malicious Chrome extensions out there. There was recently a proof of concept called the Cursed Chrome, which can take full control of your browser. To protect against these threats, I suggest putting together a list of pre-approved extensions that you allow your Chromebooks to install. This way, your users are much less likely to accidentally install malware.
It’s that time of the year again when students are going back to school and many of us continue to work away from the office. Chrome OS devices are great options to help students and working professionals stay on top of their work and their lives. It’s also a great way to save money so you can afford to also deploy security.
As you think about providing Chromebooks to your students or your workers, you need to understand that they are not the same as laptops or desktops. They are modern endpoint devices that require a modern security solution, much like your smartphone or tablet.
Check out this one pager to learn more about how you can secure your organization’s Chromebooks. We also have a document outlining how Lookout can help educators protect their students. For parents looking to secure their children’s devices, check out Lookout Personal.
David Richardson Vice President, Product