Educational technology improves classroom learning. This may also lead to 53 million K-12 students across the country to costly disruptions. As the Los Angeles Unified School District revealed last month, learning and essential school functions can be brought to a halt if systems are not properly secured.
As school districts continue to add technology, they increase the risk of ransomware attacks. Products such as Google laptops, assignment apps and writing tools, some of which have already been used in more than half of the classrooms as of 2017, have implemented a large amount of sensitive student information into the technology ecosystem of K-12 schools, in addition to data from employees and contractors. The pandemic has accelerated the use of virtual learning tools that increased vulnerability of schoolsand there has been a surge in the frequency and complexity of attacks.
Both rich and poor communities are targets. A 2020 report found that while large neighborhoods and neighborhoods serving more affluent communities are the most likely to experience a cybersecurity incident, neighborhoods with a higher proportion of poor students are also likely to be affected, possibly because hackers are aware that these areas receive federal funding to deal with the effects of cybersecurity. digital divide.
In a recent case in Los Angeles, hackers launched a ransomware attack over Labor Day weekend in line with the strategy “back to school” as well as holiday attacks that target stressful times when, against FBI adviceadministrators are more likely to pay a system and data recovery ransom.
Los Angeles schools refused to pay the ransom, and the hackers responded by posting county data on the dark web on October 1. While officials say a relatively small number of people received sensitive data from the attack, the information includes Social Security numbers for what the county said was a “limited” number of employees at the facilities. The attack also caused some disruptions in the early days of school.
These cybersecurity threats are not only caused by hackers: old hardware, reliance on third-party technical contractors, inexperienced staff, and failure to follow basic security protocols can lead to breaches. Legacy technology in many schools—outdated IT infrastructure, including hardware, other devices, and software—often fails to meet today’s security needs.
Unfortunately, the same IT professionals hired to protect computer systems end up calling at least 75% of data breaches in public places K-12 school districts, data for the last few years show. This is partly due to the lack of qualified staff who can effectively screen and monitor providers to ensure they adequately manage risk and reduce school vulnerability. According to Rotem Iram, chief executive officer and co-founder of At-Bay, a California-based cybersecurity insurance company, counties’ reliance on many different technology providers means something, somewhere, is always broken. And hackers know this happens in schools.
In the rush to install digital learning tools, most districts have not completed the more tedious task of installing robust cybersecurity systems and protocols. Few apply basic cybersecurity rules like two-factor authentication. In these information-rich environments, simple protocols can go a long way in protecting student privacy.
As far as district technology is concerned, several hurdles stand in the way of modernization: budget cuts and limited funding, a lack of vision on the part of school district leaders, and the need for approval by school boards and negotiations with unions. a brief description of the industry from Ultimate Kronos Group, a provider of HR software. When UKG tested mass hack in a December that affected thousands of employers, he showed the degree of risk K-12 counties face by relying on suppliers.
Efforts are being made to protect school data. President Biden signed into law this year State and local law to improve cybersecurityby providing $1 billion in grants to state, local and tribal governments, including school districts, to address cybersecurity threats and IT system risks. This step follows last year K-12 Cyber Security Act directing the Department of Homeland Security to study cybersecurity threats to schools and make recommendations.
In addition to these funds and guidance from the federal government, a stimulus program—particularly through insurance policies—can help. It is difficult for any institution to qualify for cyber insurance without strong security systems in place. According to Iram, the public education sector is considered to be a very high-risk industry for cyber insurance: “Security audits often show that the education sector has low resilience to cyber risks.” And the premiums are high.
But it’s worth the investment avoid or minimize debilitating business losses; many policies provide free or discounted risk-to-loss services and resources, including legal advice, public relations services, and IT forensics. The federal government can use this tool to offer financial support for cybersecurity insurance, but only to counties that align their systems with best practices.
The heavy toll from ransomware attacks on the finances, time, and privacy of our schools makes it clear that school districts being unprepared is a recipe for disaster. Fixing requires support from the government, the tech industry, and even the cybersecurity insurance sector.
Heidi Bogosian is an attorney and author of I Have Nothing to Hide and 20 Other Surveillance and Privacy Myths.