Skip to main content
close search
site logo
Sponsored

Safeguarding the future: Importance of protecting student data in K-12 education

Published Oct. 2, 2023
Young woman pointing at computer monitor and discussing new software together with her colleague during teamwork at office

Adobe Stock/AnnaStills

Cyberattacks threaten every K-12 school and district, no matter the size or potential gain by cyberattackers. Between 2016 and 2022, there were 1,619 school incidents—from data breaches, hacks and distributed denial of service (DDoS) attacks to ransomware and phishing attacks—all of which impact student data and privacy.

In the last year, cyberattacks have increased by 84% in education, and 80% of U.S. K-12 schools suffered ransomware attacks in 2022.

It’s become such a critical topic that First Lady Jill Biden spearheaded the Back to School Safely: Cybersecurity Summit for K-12 Schools in late August. The event was attended by K-12 edtech software organizations and developed by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the U.S. Dept. of Education.  

In observing October’s Cybersecurity Awareness Month, it’s important to understand why it’s a topic that continues to impact K-12 education.

Why cybersecurity risks and attacks continue

Cyberattacks were already a growing issue. But during and coming out of the COVID-19 pandemic, more users shifted to online teaching, learning and operations. Many were not adequately trained on digital citizenship and cybersecurity to protect data and systems, leaving organizations vulnerable to attacks.

Schools and districts typically don’t have robust staff or budgets dedicated to cybersecurity. With teaching, learning, staffing and other core operations at the top of priority lists, extra resources for IT staff, training, cybersecurity technology and insurance have often held lower importance.

Attacks also offer high rewards for bad actors. A student’s personally identifiable information (PII) is valuable to cyber criminals; the price of a student record on the black market is between $250 and $300, according to the U.S. Dept. of Education. Ransomware attacks can hold a district’s data hostage until paying exorbitant sums (the average is $268,000).

Cybercriminals are sophisticated and continually advancing to find new and better ways to access your systems. Think of how many odd emails we get daily from our bank or home improvement center asking us to clear up discrepancies by clicking on a disguised link.

The state of cybersecurity in schools

Ransomware attacks are sharply rising. Compared to 80% of schools suffering attacks in 2022, only 56% registered attacks just one year earlier

Both schools and students pay the price with a single cyberattack, creating a loss of learning of up to three weeks. The overall recovery time is nine months, and the average cost of a data breach is $4.24 million across all industries.

In 2022, a cyberattack on a provider of student-tracking software impacted the personal information of over one million current and former students in dozens of districts across the U.S. Attacks have disrupted daily operations in every state, according to a Government Technology report.

What can we do to prevent cyberattacks?

While no one can completely eliminate cyberattacks and threats, we can always take successful measures to improve our data security. These efforts include a combination of planning, preparation, IT security and software vendor partnerships. Here are some critical actions to better protect your systems and student, staff and school data.

Planning and training

  • Create a cybersecurity plan that includes mitigation efforts to reduce the severity of threats and attacks

  • Develop a backup, disaster recovery and incident response plan to minimize impacts

  • Perform third-party security audits and assessments to gain a holistic view of how your technology is laid out and to take appropriate actions when needed.

  • Offer continuous training for all users (including students, parents, guardians and staff—as your human firewall) for all types of attacks.

  • Use email phishing campaigns to increase awareness

Technology

  • Deploy multifactor authentication (MFA)

  • Mitigate known exploited vulnerabilities

  • Have tested firewalls and antivirus software in place

  • Share information only on secure systems and connect users to the district network through secure VPNs

  • Stay current on:

    • Access control

    • Network security

    • Data encryption

    • User authentication

Third-party vendors

  • Adhere to strict criteria when selecting edtech vendors—use this 20-point cybersecurity vendor checklist as a guide.

  • Ensure your edtech vendors hold security standards and certifications, and perform cybersecurity best practices, such as:

    • ISO 27001

    • Use of a Security Operations Center (SOC) examination.  

    • Industry-leading security protocols

    • Security by design

    • End-to-end encryption

    • Third-party penetration testing

    • Intrusion detection

    • Auditing

    • Mandatory training  

    • Static and dynamic code scanning 

    • Best-of-breed web application firewalls 

    • Extensive annual penetration tests

Filed Under: Technology, K-12

Editors' picks

Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell