by Amy Rock, Campus Safety Magazine
Although 94% of K-12 districts use cloud platforms, 50% either don’t have a cloud security platform or don’t know whether or not one exists
While the vast majority of K-12 schools use cloud platforms, many don’t have a cloud security platform in place to protect themselves from cybersecurity incidents, a new survey found.
The survey, What You Don’t Know Can Hurt You: New Survey Identifies Gaps in K-12 Cloud Security, administered by EdWeek Research Center and commissioned by ManagedMethods, was taken by 214 district-level administrators who identify themselves as having at least a medium level of influence on technology decisions.
Overall, researchers found gaps in the cybersecurity strategies of district administrators when it comes to protecting their cloud collaboration and storage applications. Approximately 94% of leaders said they used cloud platforms but 50% of those schools either don’t have a cloud application security platform or don’t know whether or not one exists. Furthermore, 31% do not know if their cybersecurity platforms consistently monitor the level of risk of files shared with users outside the district’s domain, and 28% don’t know if the platforms monitor the level of risk of files shared within or uploaded into their domains.
Cybersecurity threats have been a significant concern for schools for years but those concerns have been significantly exacerbated by the COVID-19 pandemic.
“With the coronavirus pandemic, the cybersecurity threat potential increased exponentially as schools rushed to move operations and learning online and into the cloud in an effort to limit in-person contact that could spread the disease,” says the report. “For instance, between March 2020 and July 2021, 53 percent of district leaders reported that their school districts had implemented 1:1 programs (one computer per student) for the first time … Forty-three percent said they had introduced technology-based learning platforms such as Blackboard or Moodle. And 31 percent said their districts had started using adaptive learning software to personalize student instruction.”
The data is concerning to researchers since it also shows that some of the most sensitive information districts have is stored in the cloud or soon will be. The survey determined:
- 86% use cloud-based learning management systems (LMS) or plan to move these systems to the cloud
- 69% have their human resources systems in the cloud or have plans to move to the cloud
- 95% report students and/or staff collaborate using Zoom and/or Google Meet
According to the report, a “shocking” percentage of respondents also aren’t concerned about common cybersecurity threats, including malware and phishing (21%), data breaches/leaks (37%), financial theft/fraud (56%), and unapproved or “shadow” technology (44%).
In the 2020 calendar year, there was a record-breaking 408 publicly-disclosed cybersecurity incidents at K-12 schools, according to the K-12 Security Information Exchange. In the last year, there were 1,332 cybersecurity incidents at educational institutions, says Verizon’s 2021 Data Breach Investigations Report.
Despite the commonplace of cloud platforms, the average respondent said its district allocates only 20% of its total cybersecurity budget to monitor and secure them.
“Districts need to better allocate cloud security and privacy resources to protect students, staff, and district finances,” suggests the report. “Cybersecurity is more than just a technology department problem—district leaders and technology decision influencers need to take greater responsibility for reasonable data protection.”