Article Read Time
The world has certainly changed since I was a child. I am willing to bet that if you are over 30, you likely have a similar opinion, and it is not about K-12 Cyber Security. It’s everything!
The idea of someone coming into our school with a gun would never have crossed our minds. If we were inside the building, we would be safe.
But today, even if our school buildings are fortresses of safety with locks, cameras, and bulletproof windows, our children are still at risk from cyber criminals.
As technology has rapidly expanded and infiltrated our daily lives and our mere existence, the educational environment has grown exponentially. Technology has become critical for teaching and learning due to the severe impact of the global pandemic and the abrupt transition to remote learning. With this dependence on our IT systems came cybersecurity vulnerabilities.
Before COVID-19, the two areas in which cyber criminals rarely attacked were K-12 Cyber Security and healthcare. However, that changed simply because of the dependence on IT. Cyber criminals know that a school must pay a ransom to continue teaching. Plus, the opportunities are exponentially greater because there are so many more entry points.
FROM STATES SCOOP: Cyberattacks against K-12 schools continue to worsen, says analyst
FROM THE 74: It’s Back to School for Cyber Gangs, Too
FROM AP: Ransomware criminals are dumping kids’ private files online after school hacks
In addition to facilitating the education component for which schools are responsible, technology is also essential for physical protection (with cameras, door locks, and communications) and for the administration of the school’s operations (scheduling, communications with parents, record-keeping, staff salaries/insurance, etc.).
A cyber attack can impact learning and physical security and result in the loss of data (names, addresses, birth dates, social security numbers, and banking information).
With so much at stake, the importance of K-12 Cyber Security has been elevated.
However, just because it is more important does not mean it receives the attention it deserves. Remote learning (i.e., more potential entry points), limited budgets, a small number of IT staff (or none), and the tremendous volume of student and staff data make school systems attractive targets for cyberattacks.
Recently, school systems have begun considering using third-party vendors (Managed Security Service Providers) to serve as virtual Chief Information Security Officers (vCISOs). With economies of scale, such an arrangement can serve several schools within a district and mitigate the risk. In addition, implementing the security controls that an MSSP can provide will improve the chance of being approved for a cyber insurance policy at a reduced rate.
Lastly, school superintendents and IT staff should not wait for guidance from state or federal agencies. In fact, a GAO report from 2021 found that the last-published version of the Education Facilities Sector-Specific Plan was in 2010 and was focused primarily on physical threats, with very little emphasis on cyber threats.
I would say that the world has changed quite a bit in twelve years. Take the initiative and protect your schools now. And if you are a parent, ask your school what they’re doing to protect your children online.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.