Understanding the Cybersecurity Risks of the Modern K-12 Classroom

The modern classroom is designed around technology, but left unsecured, these tools may place districts, schools, and students at risk.

Today’s students have never experienced life without technological devices like tablets and smartphones, a reality that many K-12 classrooms are starting to reflect. Generally speaking, technology is an important — and largely positive — addition to today’s schools, as it allows teachers to personalize learning experiences and make the most of limited class time.

The right learning management system can serve as an online portal to learning opportunities tailored to each student’s individual interests and unique learning style and speed. Similarly, data management systems give educators a comprehensive view of student, school, and district progress toward key educational goals. Finally, with more and more jobs requiring technological fluency, introducing technology at the grade school level has become a critical part of equipping students for success in whatever career they may choose.

That said, the proliferation of web-based applications and mobile and IoT devices exposes schools to an increased risk of cyberattacks and other costly security breaches.

Why Schools Are at Risk of Cybersecurity Breaches

According to a Verizon Insights Lab report, the education sector recorded 455 cybersecurity incidents in 2016, placing it second only to healthcare in terms of stolen records. Organizations in these two industries are perfect targets for hackers because, despite the fact that their records contain sensitive and valuable data, cybersecurity is neither their forté nor their top priority.

Educational records are particularly valuable to hackers because children don’t yet have a credit history, making them prime targets for identity theft. A child (or their parents) likely won’t check their credit score until they’re applying for their first credit card or first apartment years down the line, at which point it will be nearly impossible to track down the culprit.

Further, unlike private corporations, schools usually make their WiFi relatively easy to connect to so that teachers and students can access the networks from their own devices, leaving the schools vulnerable to cybercrime. It’s also more difficult to train an entire district of young students than it is to train an adult workforce; while an adult can be taught to steer clear of phishing links and pop-ups, a child realistically cannot.

These unfavorable conditions make schools easy targets for cybercrime, but many districts make themselves even more vulnerable by partnering with edtech providers who fail to prioritize cybersecurity. An analysis by Common Sense Media examined over 100 of the most popular edtech apps and found that only 10 percent met the minimum criteria for transparency and quality in their policies, especially regarding security. Half of the apps even allow for children’s information to be viewed publicly online!

When cybercriminals manage to gain access to a school’s or district’s networks, the consequences can be dire. For example, in 2017, hackers infiltrated a Montana public school network and sent texts and emails threatening a mass killing if they weren’t paid a ransom of $150,000 in Bitcoin. As a result, school was canceled for nearly a week, affecting almost 16,000 students. Even less dramatic cyberattacks are still incredibly costly, with the average data breach costing schools up to $300 — not to mention hours of educational time — per compromised record.

Steps Schools Can Take

To defend against costly breaches, schools should strive to provide network security at every level — not just external firewalls. At the user level, schools can use profiles to ensure that anyone connected to the network is authenticated and authorized, while at the device level, schools can install agents that scan devices prior to authorizing a new network connection.

At the larger network level, schools can take measures to remove vulnerabilities in their physical equipment, including network devices, switches, routers, and access points. It’s also important that schools choose IT partners that take cybersecurity seriously.

At Epiphany, cybersecurity is a priority in everything we do. With years of experience training schools in security best practices, we are equipped to help you secure your network from the ground up.
Print This Article
© 2020. Epiphany Management Group. All Rights Reserved.
View text-based website