Digital technology presents an array of risks and rewards in the modern educational sphere. School districts now have the ability to collect and analyze demographic and other information, which is then used to better target district services and outreach. In the wrong hands, however, this data can cause a myriad of problems.
The scope of security problems is far greater than most K-12 employees suspect. Nonprofit consumer advocacy organization Privacy Rights Clearinghouse (PRC) reports that, since 2005, 788 data breaches have compromised 14,871,122 records at K-12 schools and institutions of higher learning. Below, we explore cyber security-related threats in K-12 education — and how these concerns can be addressed.
Student and Employee Hacking
The term “cyber security” typically evokes images of rogue hackers, but some of the greatest threats to school security come from within. Tech-savvy students may access sensitive information in hopes of changing their grades or snooping on their peers.
Student hacks are rarely sophisticated; they need only locate employee passwords or other login credentials to cause damage. Occasionally, however, these incidents have been met with severe repercussions — including the threat of felony charges. Recently, for example, a teenager who hacked into a school network was charged with 14 felonies.
Disgruntled employees can also pose a threat. In 2014, a fired cafeteria worker was sentenced to several years in prison for using stolen student information to commit tax fraud.
Phishing, Malware, DDoS Attacks and Other Threats
Not all academic security breaches involve mischievous students. School districts are also vulnerable to malware, phishing and a variety of other scams.
Phishing is of particular concern at many districts, where employees often receive minimal training in information security. For example, in 2017, the Texas-based Argyle Independent School District suffered a phishing scam in which an employee sent W-2 information in response to a fraudulent email supposedly sent by the superintendent. This exposed the birth dates, Social Security Numbers, and salaries of several district employees. This is just one of several districts targeted by phishing; even the New York City-based ed-tech company Amplify was impacted.
Distributed Denial of Service (DDoS) attacks represent another real but oft-ignored threat in the academic world. These attacks occur when a district is overwhelmed with traffic from numerous sources in an effort to disrupt internet access for students and to the school’s servers.
PS Lightwave has helped many school districts in Houston and the surrounding area with these types of attacks. “We have invested in solutions to monitor and alert for suspicious Internet traffic. Our solutions establish baselines as well as look for typical DDoS related traffic to alert our Network Operations Center in real-time. We can prevent extended outages for the school districts we service by using our tools, knowledge and expertise with DDoS attacks. We also subscribe to a nationwide, large capacity DDoS scrubbing service with one of our partners that we can engage on more sophisticated attacks” said Swen Wulf, Director of Network Operations at PS Lightwave.
Schools may be infiltrated, in part, in an effort to gain access to government organizations. In 2016, for example, hackers from the Moroccan group MoRo launched a DDoS attack on the Miami-Dade County Public Schools in hopes of infiltrating voting systems. These hackers disturbingly posted photos of ISIS fighters on district websites but mercifully were unable to access other government systems.
Opportunities for Addressing Cyber Security Concerns
Strong district security begins with a robust Responsible Use Policy that all staff members and students must read and agree to before accessing district technology. Regular training can alert staff to risks and help them develop responsible habits, such as creating better passwords and changing them regularly.
Data (especially oft-compromised cloud-based data) should be stored securely and in compliance with the Family Educational Rights and Privacy Act (FERPA). Access to district data should be restricted to prevent attacks from unhappy employees. Backup service providers can be employed to keep networks running during DDoS attacks.
Cyber Security for the Digital District ‘s Steven Miller admits that currently, school districts’ only real protection is that they aren’t as enticing a target as large corporations. Still, it’s never wise to underestimate the motives or ingenuity of potential hackers; in the wrong hands, information stored in district servers could cause lasting damage. It is imperative that school districts take aggressive steps to reduce the risk of security breaches — failure to do so could compromise both district employees and the communities they serve.
If you’re currently considering ways to protect your data or improve your cyber-security policies, work with a proven data expert for your sensitive information. We’re here to help the business community of Texas maintain its edge in technology with reliable service and knowledgeable professionals.
PS LIGHTWAVE is the consultative data-connectivity provider for public and private entities in the Greater Houston area. Through our high-quality infrastructure, innovative technology and superior level of support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. You’ll also appreciate that the PS in our name stands for “Pure Speed.” We fully understand that technology is a moving target, and we understand the people and infrastructure of the Greater Houston area. We are nimble, flexible and responsive, and we embrace leading-edge technologies that improve the customer experience. We invite you to learn more. Visit our website or contact us. Concerned about connectivity? Think PS LIGHTWAVE.