Is your District Prepared for the K-12 Data Security Emergency?

August 6, 2019

Cybersecurity criminals are using ransomware to target public sector networks at an alarming frequency, with over 22 breaches in 2019 so far. With this growing number of attacks, the Enboard team is concerned about hackers’ narrowing focus on the K-12 sphere. Late last month, several school systems in northern Louisiana fell victim to malware hackers, prompting an emergency declaration to reallocate state resources to investigating these security breaches. School districts, in particular, seem to be vulnerable for a variety of reasons: 

  • Devices with connections to district networks: 
    • Deployment of internet-enabled devices is continually increasing, with over 59% of high school scholars having daily 1:1 access to Chromebooks, iPads, or similar devices while at school.   
    • BYOD initiatives introduce mobile phones and their associated security risks into districts’ internal networks. 
    • Anywhere, anytime access to educational resources requires flexibility that can compromise security policies. 
  • Third-party applications: 
    • Each student and staff user account represents another opportunity for cybersecurity criminals to gain access to human resource and student information databases. 
    • Criminals can exploit unused accounts without anyone noticing until it’s too late. 
  • Large quantities of personally identifiable information (PII) 
    • The types of staff and student data districts collect are especially attractive to criminals, who can use that information for extortion or identity theft.

Bottom line: Schools are easy targets.  Too many districts lack comprehensive identity governance planning and identity management software, which makes them easy pickings for ransomware, phishing, and other security-breaching methods.    

Here are a few things your district should consider doing to discourage cybersecurity attackers: 

  1. Acknowledge that protecting personal data is missioncritical and an obligation your district has to both staff and students.  Making security a top priority from the beginning can help ensure enough of your technology budget is being funneled towards protecting users. 
  2. Adopt an identity access and management platform that’s fully customizable to your needs and integrates with your existing student and human resources databases, leaving no component of your ecosystem unprotected. 
  3. Ensure security policies and third-party application access are based on role, grade level, location, and other attributes. When user attributes change, access should be granted and revoked accordinglyso that staff and students only have access to the exact resources they need 
  4. Be adamant that your district remains the data custodian of your users’ data, even when the data is cloud-hosted.  Never agree to share complete data files with third-parties.  

We help thousands of schools securely safeguard the identities of millions of students and staff, as well as address their network and physical security needs. For more information, be sure to reach out to us.