Dive Brief:

  • The shift to online learning presents cybercriminals with new opportunities to attack, as technology becomes more vulnerable when used in less-secure environments, according to EdTech: Focus on K-12.
  • Informational technology leaders cited cybersecurity as a top concern in a survey conducted by the Consortium for School Networking. However, it will be difficult for IT directors to design cybersecurity plans for the upcoming school year with so much uncertainty about learning configurations in the fall.
  • Schools are top targets for cyberattackers because districts often lack funds for robust security systems and schools are rich with personal data.

Dive Insight:

There have been 867 publicly disclosed cyberattacks on schools since 2016, according to The K-12 Cybersecurity Resource Center. After an incident, it’s often difficult to determine whether there has been a data breach. Planning for cybersecurity insurance policies and regular auditing are among strategies to mitigate these risks.

With the upcoming school year still uncertain, IT departments must plan for several scenarios, many of which include hybrid models of remote and in-person instruction. As technology is strengthened for remote learning, districts could benefit from strengthening cybersecurity as well.

The rapid transition to remote learning included technology that may not have been well-vetted. Free tools and online services may have been a deal too good to pass up in the spring, but some free services or software might include user tracking, poor privacy controls or even malware. These problems could put districts at risk of violating the Family Educational Rights and Privacy Act.

Many districts also quickly transitioned to the Zoom videoconferencing app, which is susceptible to “Zoombombing” — a term referring to unauthorized users entering Zoom calls through credentials found online and disrupting with inappropriate content or collecting sensitive information.

One of the most important steps to take in cybersecurity is training end users such as teachers and students on how to avoid cyberattacks. Even with the best systems in place, the end user is often the weakest link in the chain, as the likelihood of clicking a link in a suspicious email, for example, poses perhaps the greatest security threat. 

Source Article