Are you concerned about cybersecurity? Most K-12 leaders are. You’re gathering an incredible amount of sensitive data about students, and you need to protect your district’s business systems. But, are you doing enough?
It was widely reported that K-12 wasn’t doing enough in 2018. For example, according to a 2018 analysis from SecurityScorecard, an IT security company in New York City, the education industry ranked last in cybersecurity as compared to 17 major industries.
Today, the question is whether 2019 K-12 cybersecurity has improved.
A review of the information gathered by the K-12 Cybersecurity Resource Center for 2018 will provide a frame of reference for understanding how things changed in 2019 K-12 cybersecurity.
In 2018, statistics proved that K-12 schools continued an increased reliance on technology for teaching, learning, and school operations. Here are just some examples.
2018 saw an alarming number of cybersecurity attacks. The K-12 Cybersecurity Resource Center ranked the Top 10 K-12 Cybersecurity Incidents:
The 2018 incidents cover a range of attacks including data breaches (46.34%), phishing emails (15.45%), ransomware (9.76%), and denial of service (9.76%). These incidents closed down schools, cost school districts millions of dollars, and put sensitive student and employee data at risk. They affected district operations and the personal lives of students, parents, and employees.
In 2018, Doug Levin at the K-12 Cybersecurity Resource Center had advice for the K-12 industry to consider for 2019. He urged K-12 stakeholders to set a goal to reduce and manage the cybersecurity risks technology-dependent schools face and to take significant steps to reach that goal.
He also recognized that reaching that goal will require money and new policies and regulations. However, Levin also urged school leaders to share information and to develop and communicate best practices for combatting today’s cybersecurity attacks.
According to the K-12 Cybersecurity Resource Center, school districts reported a 62% increase in cybersecurity incidents as of December 1, 2019 over 2018. This increase is likely due to a number of factors.
Another problem is that providing IT for the K-12 sector is becoming more complex, which is straining school districts’ cybersecurity infrastructure and expertise.
K-12 IT teams are responsible for securing 11 different types of devices. Those devices use 258 different operating system versions, and over 6,400 different Chrome extensions. The increase in device usage, known as Bring Your Own Device (BYOD), is increasing the number of endpoints that IT staff must monitor astronomically. While managing access to school systems on school PCs is a challenge, it’s much more complicated when a large number of mobile and other devices are in use.
Schools are using more cloud computing. As a result, sensitive information such as student social security numbers and employee W-2 forms are more at risk now than ever before.
Schools are also using a growing number of classroom management and other EdTech applications, which increase the type of EdTech risks schools must address. In addition, OAuth risks rise with the increase in EdTech usage.
As you probably know, an understanding that there is a K-12 cybersecurity crisis exploded in 2019. School districts and state governments are working hard to make their systems more resistant, and to manage cybersecurity attacks more effectively when they happen.
But, more needs to be done. The challenges faced by K-12 IT staff are unique and evolving. K-12 stakeholders must get serious about prevention by focusing on technology such as cloud security, and by sharing strategies and tactics that work within the K-12 community.