Cyberthieves are Targeting Student Data, is Your District Prepared? Part 1



What is one of the biggest challenges facing K-12 schools today? It might surprise you, but the answer is “cybersecurity.” K-12 schools are a prime target for cyber attacks.

While they might not seem like the most obvious victims of a hack, K-12 schools are attractive for cyber criminals because they hold an enormous amount of student data—an increasingly attractive target for cyberthieves. Read on to learn more about the appeal of student information and why it’s at greater risk than ever for a data breach.

Why Is Student Data So Attractive to Hackers?

At the Consortium for School Networking (CoSN) sponsored panel on cybersecurity during this year’s DC CyberWeek , attendees learned some very frightening figures about the cybersecurity threats K-12 schools face.

Education has accounted for 2% of all data breaches so far in 2017. That number is higher than breaches of healthcare, social media, and retail data—all types of information that hackers find highly valuable.

This vulnerability isn’t new. In Verizon’s 2016 Data Breach Investigations Report, researchers ranked the education sector sixth overall in the US for total number of security incidents in 2015. That ranking is higher than two other sectors typically plagued by cybersecurity issues: healthcare (153% higher) and retail (160% higher).

During the CoSN cybersecurity panel, panelist Diane Doersch, chief technology and information officer for the Green Bay Area School District in Wisconsin, pointed out that data belonging to children is 51 times more likely to be the target of identity thieves than that of adults.

Although that statistic is terrifying for parents, it makes sense; “No credit history and virtually unused Social Security numbers are what make children the focus of identity thieves,” Doersch said. “Many times, young adults don’t realize they’ve had their identity stolen until they’re applying for a first loan and they’re rejected for poor credit and debt that they did not accumulate.”

Additionally, K-12 schools make especially easy marks. They often have limited financial and human resources as well as budget constraints that make it a challenge to implement cybersecurity measures.

The Increased Risk Children’s Data Face

As bad as the situation sounds, it gets even worse—the risk to K-12 students’ data continues to grow thanks to technological changes, widely accessible data policies, and cyberthreats.

Classroom resources are increasingly moving online and into the cloud. And while the cloud has many benefits, there are also some drawbacks—namely, public clouds are less secure than a school’s firewall. As student data and resources move into the cloud, they become more vulnerable to unauthorized users.

Another risk affecting student data is that even though school networks are large and contain a variety of sensitive data, they still must be highly accessible to the students, parents, staff, outside government agencies, and third-party vendors that require access. This makes it difficult for limited IT resources to pinpoint all potential vulnerabilities. It’s a challenge to secure such large networks, and it typically takes quite a while to figure out that you’ve been infiltrated.

While cyberthreats have been an issue since the advent of the Internet, in recent years, hackers have increasingly turned their attention to K-12 schools.

  • Distributed denial of service (DDoS) attacks shut down machines or even entire networks, making it impossible for anyone to access them.
  • Phishing attacks are also prevalent; these digital ambushes tend to be successful because they prey on individuals who aren’t likely to be familiar with this type of scam, such as students.
  • Ransomware has become another expensive problem for K-12 schools. These attacks shut down systems until a ransom is paid, costing schools exorbitant sums and bringing operations to a halt in the meantime.

If the situation sounds like a concerning one, it is—especially as schools oftentimes don’t have the resources needed to implement all necessary cybersecurity measures. However, there are steps your schools can take to minimize these risks and protect students and their data. Stay tuned for our next installment to learn more.

How to Minimize the IAM Risks Associated with Third-Party Relationships


Subscribe Here!