According to a recent study, Education institutions continue to struggle with application security, endpoint security and patching cadence, according to the “2018 Education Cybersecurity Report,” conducted by the information security company SecurityScorecard.

“The results show that although hackers have become increasingly deft at stealing school and student data, the education industry is no better prepared to deal with these malicious threats,” the report’s authors conclude. “There is a growing concern because schools collect an incredible, and vastly increasing amount of personal data about students, to varying degrees.”

3 Points of Security Vulnerabilities in the Education Sector

As universities and schools increase their use of data analytics for initiatives related to student behavior management and academic performance, the amount of data they collect is growing, which worries security experts. “The lack of resources and attention to cybersecurity in schools and universities should be a cause for serious concern among students, parents, school boards, and the education industry as a whole,” said Sam Kassoumeh, COO and cofounder of SecurityScorecard. “Schools collect an incredible and vastly increasing amount of personal data about students…Securing these networks and protecting this information is essential to protect the future of innovation and privacy.”

In order to protect student data, here are three insights to get education institutions started on a more reliable security plan:

  1. Application Security: Schools are relying more than ever on online applications for testing, data collection and analytics. Hackers will take advantage of application vulnerabilities, which means school districts and universities need to be aware of any in their networks and close them up. One way to do so is to build application security into system development. Incorporating vulnerability scans or penetration tests is another way to root out potential security flaws.


  1. Endpoint Security: The number of personal devices used by students and faculty across both K–12 and higher education is increasing, expanding the number of vulnerable endpoints. These devices can be especially vulnerable because many people use the same devices to connect to home networks, which may offer less protection than campus networks. Endpoint security software allow schools and universities to more easily detect vulnerabilities and unify network management. Cybersecurity education programs are also crucial to ensure users are responsible at all times. Additionally, integrating endpoint segmentation can help to limit any damage if a device is compromised.


  1. Patching Cadence:Updating software is essential. While patching can be a burden for education IT teams, especially those with fewer resources, there are programs that can help bear some of the weight. Security companies offer virtual patching programs that identify vulnerabilities and offer a quick fix until an IT member can complete the patch.

“A cybersecurity plan should reflect a holistic approach to student data protection. “By incorporating technology and people, a robust program mitigates risks, while also ensuring ongoing education instills good security habits into employees, students, and their parents.”


CromTec Cyber provides the Education institutions (K-12 and Higher ed) with a complete Managed Endpoint Security solution for desktop, laptop and mobile.  It includes a prevention application for malware detection and anti-keylogging protection.  If needed, CromTec will provide a patch management module for full end-to-end protection.

Your Commercial-Grade Weapon

Against Zero-Day Keylogging Malware

Studies now show that 98% of enterprise breaches begin with a successful phishing attack to an endpoint, followed by the installation of spyware, specifically a keylogger.

Keyloggers are one of the most common, yet dangerous components of malware and are used to gain access credentials needed to advance a breach. In fact, keyloggers were at the helm of some of the biggest breaches of our time including large retailers, banks and health organizations.

Endpoint Managed Security

What Are Keyloggers?

  • Keyloggers can record every keystroke made on a mobile device or desktop
  • Keyloggers are the single biggest threat leveraged in the first stages of almost all advanced threats
  • Today’s anti-virus solutions are unable to identify and stop keylogging
  • 98% of enterprise breaches include a phishing attack to install a keylogger
  • Keyloggers can change form and go undetected for months or years

How Keyloggers Hurt Businesses?

Keyloggers can steal your:

  • Privacy
  • Usernames and passwords
  • Personal identity
  • Credit card numbers
  • Proprietary corporate data
  • Email accounts
  • Corporate transactions
  • Banking data

Up until now, organizations have lacked the ability to fully protect their endpoints from a zero-day keylogger. Most keyloggers have the ability to change their form and go undetected as they quickly spread between the endpoints in your enterprise.

How do you fight back? With EndpointLock: Patented keystroke encryption for desktops and mobile devices.

EndpointLock and KTLS

Keystroke Transport Layer Security (“KTLS”) is a patented cryptographic protocol that provides for the encryption and transport of keystrokes, at the kernel level. It activates at the time of secure boot, or entry into any application or web browser. This proprietary technology is unique to CromTec Cyber Solutions.

KTLS can be utilized in both desktop and mobile environments as a critical component of endpoint security. The protocol provides strong cryptography at the time of keystroke entry, to protect the initial transmission of usernames and subsequent keystrokes entered in to any program or application.

EndpointLock is the commercial product name by which KTLS is implemented within an enterprise.

EndpointLock™ Key Features:

Continuous Protection

  • The only solution that protects against zero-day keyloggers.

  • Operates as an anti-subversive, detects untrusted drivers and displays a warning containing the name of any suspicious driver.

  • Automatically installs to your TPM (Trusted Platform Module) if available.

Visual Alerts

  • Anti-Screen Scraping blocks screen capture.

  • Anti-Clickjacking Warning visually alerts you with a red dotted outline of untrusted areas.

  • CryptoColor: Visual confirmation highlights verifies the text fields are safe to type into.


  • Can be installed in an enterprise and deployed via group policy.

  • Compatible with McAfee ePolicy Orchestrator

  • Can encrypt double-byte characters

  • Can encrypt all international keyboards

  • Works with PS2, USB, Wireless & Bluetooth keyboards


  • Built here in the USA, and more than 8 Million consumers and corporations have already downloaded our technology.

  • McAfee ePO (ePolicy Orchestrator) Compatible

EndpointLock™ for iOS and Android Devices

  • Supports: Apple iPhones & iPads, Android Phones & Tablets.


  • Encrypts all user keystrokes
  • Creates a secure keyboard with your branding
  • Supports all iOS and Android mobile devices
  • Supports all 5G iOS and Android IOT devices
  • Routes encrypted data around the vulnerability
  • Protects against infected apps and phishing emails/messages

An estimated 16 million mobile devices are infected with mobile malware, with threats constantly on the rise. Traditional keystroke data flows from your mobile keyboard through your operating system before it appears in your apps. Hidden along the way are areas of vulnerability where cyber criminals can plant keylogging spyware. With (BYOD) Bring your own device and mobile cyber attacks both increasing, enterprises must address security with tools to thwart the massive vulnerabilities that exist when using infected apps and phishing emails and messages, which download keylogging spyware.

EndpointLock™ for Mobile protects your keystroke data by installing a secure encrypted keyboard that creates an alternate pathway to your apps, routing your encrypted data around the areas of vulnerability. For added security, the EndpointLock™ pathway is protected by a complex 256-bit encryption code

EndpointLock™ Mobile SDK (Software Developer’s Kit)

Secure your Desktop and/or Mobile Apps

Get keystroke encryption embedded right into your desktop and mobile app. Users will feel confident as they provision and use the app and add their credentials including typing in their credit card numbers.

EndpointLock for Desktop Other Security Features

TPM (Trusted Platform Module) Support:

EndpointLock will automatically detect if a PC has an Intel TMP (Trusted Platform Module) chip, which is designed to secure hardware and software integrity by integrating cryptographic keys into devices, and will install directly to the TPM on the PC.

Kernel Compromise Warning Feature:

Warns the user of a kernel breach by detecting the presence any unsigned software or if a driver has been altered since it was released. EndpointLock indicator will turn yellow to indicate warning and log details of the breach including identity of the breached computer and its file location within that system.

Self-Monitoring Capability

Anti-subversion technology prevents EndpointLock from being
by-passed by other software by reinstalling itself in the first position in the kernel level.

Anti-Screen Scraping Feature

Hides the screen from screen loggers and sends them a black screen.

Anti-Clickjacking Feature:

Makes the invisible, visible. Hackers can embed invisible objects into
iFrames, EndpointLock can detect this type of attack and unhide the invisible object, and paint a border around the object, alerting the user not to click on this object.

How EndpointLock™ and KTLS Work

EndpointLock proactively stops keyloggers by encrypting each keystroke at the point of data entry, and rerouting the encrypted keystrokes directly to the browser or desktop application.

With EndpointLock, instead of capturing your actual data, keyloggers see only a random string of meaningless numbers.

EndpointLock is designed as a secure keyboard, available whenever a browser or desktop application is launched. This keyboard can be branded with your logo and hyperlink.

KTLS uses the AES encryption with a key size of 256 bits to encrypt keystrokes. The same key is used to encrypt and decrypt.

The KTLS protocol secures connections between the keystroke and applications:

  • Symmetric cryptography encrypts the transmitted data to ensure privacy
  • The keys for this symmetric encryption are generated uniquely for each connection
  • The encryption is based on a shared secret generated from the Trusted Platform Module, or else by a built-in Random Number Generator
  • Keyloggers can’t obtain the negotiated secret, even if they place themselves in the middle of the connection
  • No attacker can modify the keystroke transmission during the negotiation without detection, which generates kernel-layer alerts
  • The encrypted session key is stored in secure memory, shared by all KTLS system components
  • KTLS proactively reroutes the encrypted keystrokes directly to the browser or desktop application

Trending for Business: BYOD

Bring Your Own Device

  • 80% of businesses support a BYOD policy
  • 60% of workers use a smartphone for business purposes
  • BYOD market: $30 billion in 2014  à  $367 billion by 2022
  • Companies encouraging BYOD save $350 per year, per employee

67% of business data breaches are due to employee mobile device use

*Source: Forbes, January 2019

EndpointLock Features:

  • A toolbar turns on automatically when browser or application is launched
  • Advanced, 256-bit encryption
  • Early-warning kernel and ID theft monitoring
  • User-friendly, comprehensive reporting dashboard
  • Screen-capture protection
  • Clickjacking protection
  • Protection against Dark Web email attacks*
  • ID theft protection insurance*
  • Crypto-color visual verification technology

*Add-on, enhanced services, for licensed EndpointLock solutions

EndpointLock Benefits:

  • Enterprise-grade
  • Certified by Windows, Mac, Linux, Android and iOS operating systems
  • Supports keyboard-enabled iOS and Android 5G IOT devices
  • Deployed directly into Layer 0, within the kernel itself
  • Encryption and decryption occur directly within the application, without any modification to the app required
  • Compatible with Intel’s TPM (Trusted Platform Module)
  • Easily scalable: deployed through MS GPO, PowerShell, SCCM and 3rd-party apps
  • Works with PS2, USB, wireless, Bluetooth and international keyboards
  • Small memory footprint
  • Requires no spyware database updates

EndpointLock is CromTec Cyber’s unique flagship product, and is a crucial component of a comprehensive Managed Endpoint Security strategy, which we can craft for your business.




  • Identity
  • Passwords
  • Online purchases
  • Credit cards
  • Banking data
  • Health data
  • Email and texts


  • Logins and passwords
  • Employee keystrokes
  • Enterprise risk
  • Corporate IP
  • Transactions
  • Financial data
  • HR data

CEMS – CromTec Endpoint Managed Security

The CEMS Product Suite:

Establish a layered security strategy, with a customized program:

  • Assess your risk and threat vulnerabilities
  • Manage your endpoints
  • Detect and respond to threats
  • Provide back-up and disaster recovery solutions
  • Implement effective policies
  • Monitor your cyber health status