Article Read Time
The world has certainly changed since I was a child. I am willing to bet that if you are over 30, you likely have a similar opinion, and it is not about K-12 Cyber Security. It’s everything!
The idea of someone coming into our school with a gun would never have crossed our minds. If we were inside the building, we were safe.
But today, even if our school buildings are fortresses of safety with locks, cameras, and bullet-proof windows, our children are still at risk from cyber criminals.
As technology has rapidly expanded and infiltrated our daily lives and our mere existence, the educational environment has grown exponentially. Technology has become critical for teaching and learning due to the extreme impact of a global pandemic and the overnight transition to remote classes. With this dependence on our IT systems came cybersecurity vulnerabilities.
Before COVID-19, the two areas in which cyber criminals rarely attacked were schools and healthcare. However, that changed simply because of the dependence on IT. Cyber criminals know that a school must pay a ransom to continue teaching. Plus, the opportunities are exponentially more significant because so many more entry points are available.
FROM STATES SCOOP: Cyberattacks against K-12 schools continue to worsen, says analyst
FROM THE 74: It’s Back to School for Cyber Gangs, Too
FROM AP: Ransomware criminals are dumping kids’ private files online after school hacks
In addition to facilitating the education component for which schools are responsible, technology is also essential for physical protection (with cameras, door locks, and communications) and the administration of the business of operating the school (scheduling, communications with parents, record-keeping, staff salaries/insurance, etc.)
A cyber attack can impact learning and physical security and result in the loss of data (names, addresses, birth dates, social security numbers, and banking information).
With so much at stake, the importance of cyber security in schools has been elevated.
However, just because it is more important does not mean it receives the attention it deserves. Remote learning (i.e., more potential entry points), limited budgets, a small number of IT staff (or none), and the tremendous amount of student and staff data make school systems desirable targets for cyber attacks.
Recently, school systems have started looking at using third-party vendors (Managed Security Service Providers) to take on the role of virtual Chief Information Security Officer (vCISO). With the economies of scale, such an arrangement can provide to several schools within a district, and the risk can be mitigated. In addition, implementing the security controls that an MSSP can provide will improve the chance of being approved for a cyber insurance policy and a reduced rate.
Lastly, school superintendents and IT staff should not wait for guidance from state or federal agencies. In fact, a GAO report from 2021 found that the last-published version of the Education Facilities Sector-Specific Plan was in 2010 and was focused primarily on physical threats with very little emphasis on cyber threats.
I would say that the world has changed quite a bit in twelve years. Take the initiative and protect your schools now. And if you are a parent, ask your school what they’re doing to protect your children online.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.