IT/Security By Ken Brown, Chief Information Security Officer, Frontline Education on 9/19/2017
Just this month, over 143 million American discovered their sensitive information was compromised by a massive security breach at Equifax. Once again Americans find themselves scrambling to update passwords and wondering when the scammer emails and phone calls will start rolling in.
For school districts, cyber security now more than ever needs to be at the top of everyone’s mind. With the majority of district information – including sensitive student information – moving online, districts need to know how to protect themselves. The cyber security of dozens of school districts has been compromised in the past few years, sometimes by mischievous students and (more often) by intruders with more insidious motives.
How does a cyber security breach happen?
One of the most startling implications of the cyber age is how easily hackers can gain access to school district data. Occasionally, third-party vendors can be hacked, which can lead to a district’s own data being compromised.
Often, however, it takes as little as one employee clicking on a single email, or an unprotected file on a district computer. From there districts are at risk of sensitive data – including student information – being illegally accessed.
Students often know how to hack or “jailbreak” their school-issued devices, too – exposing them to potentially harmful content and scams.
What can we do to protect our online data?
First, school district employees need to understand how these cyber attacks take place. Most attacks take place when an employee opens a phishing email. From there, hackers can gain access to district employee information or even gain control of district websites. And on average, these attacks take months to detect, long after the damage is done.
District staff need to be educated on identifying suspicious emails and the tricks hackers employ, such as contacting them via email addresses similar to, but ultimately different from their colleagues’ addresses.
Here’s some hand-picked content you may enjoy
Second, district staff need to be educated on how to handle sensitive data. Some student or staff information, such as social security numbers, should never be handled without proper encryption.
One of the best resources for understanding student privacy and how you can develop your own program is at FERPA SHERPA. Another good overview of how to manage privacy risk with EdTech is at ikeepsafe.org.
How can I learn more about cyber security?
I recently gave a free webinar explaining the necessary steps K-12 districts need to take to improve their cyber security.
In this webinar, I explain more about the state of the K-12 cyber landscape and how the government has responded to it, the details of a “cyber kill chain,” key success factors for districts seeking to improve their cyber security, and tips on how districts can build their own security protocol, based on NIST’s Cyber Security Framework. Watch the free webinar for more information.