ManagedMethods hosted a webinar to discuss ways that schools and ed-tech vendors can better protect student data amid a rise in cyber attacks against K-12 districts.
The K-12 cybersecurity company ManagedMethods hosted a webinar Thursday featuring Marlo Gaddis, chief technology officer at Wake County Public Schools in North Carolina, and Libbi Garrett, director of resource programs at the education cybersecurity organization California IT in Education (CITE), to explain the need for K-12 schools to emphasize student data privacy amid the rapid adoption of new ed-tech apps and programs.
The event’s host, ManagedMethod’s Chief Revenue Officer David Waugh, offered an unequivocal reason for the webinar: The education community has a data security problem.
“It’s no secret to anyone that’s out there that works in education, or even if you’re just a casual follower of the media, you’ve seen that we’ve had an enormous amount of headlines involving our community in the cybersecurity world,” Waugh said. “In fact, the education community has moved into the top five most-targeted industries, alongside financial services, health-care retail and more. It’s no longer isolated to the business community.”
Over the course of the COVID-19 pandemic, ransomware attacks like those that shut down classes last year in New York’s Buffalo schools, or caused a major data breach in Florida’s Broward County schools last year, have created headaches for IT personnel tasked with protecting student data.
Gaddis and Garrett said school districts adopting new educational apps and programs must do the work of properly vetting them, to learn whether they have protocols in place to secure student data or any other privacy safeguards to avoid creating new vectors for cyber attacks.
Gaddis noted that just because an app is free for teachers doesn’t mean it’s safe to use.
“With the pandemic, what happened was that everything had to be digital. … All of a sudden, everything was open free to our teachers,” she said. “The problem is when you have free [tools], you’re talking about manually uploading student information, (with) no privacy or security checks on the backside because you don’t know which teachers are using what resources.”
While some states like California and North Carolina have consumer data protection laws and guidelines for what kinds of data ed-tech apps can collect, as well as what they can do with it, Garrett and Gaddis said federal regulations to protect student data privacy leave much to be desired.
by Brandon Paykamian, Government Technology