IT/Security By Ken Brown, Chief Information Security Officer, Frontline Education on 9/19/2017
Just this month, over 143 million American discovered their sensitive information was compromised by a massive security breach at Equifax.
Once again Americans find themselves scrambling to update passwords and
wondering when the scammer emails and phone calls will start rolling
For school districts, cyber security now more than ever needs
to be at the top of everyone’s mind. With the majority of district
information – including sensitive student information – moving online,
districts need to know how to protect themselves. The cyber security of
dozens of school districts has been compromised in the past few years,
sometimes by mischievous students and (more often) by intruders with more insidious motives.
How does a cyber security breach happen?
of the most startling implications of the cyber age is how easily
hackers can gain access to school district data. Occasionally, third-party vendors can be hacked, which can lead to a district’s own data being compromised.
however, it takes as little as one employee clicking on a single email,
or an unprotected file on a district computer. From there districts are
at risk of sensitive data – including student information – being
Students often know how to hack or “jailbreak” their school-issued devices, too – exposing them to potentially harmful content and scams.
What can we do to protect our online data?
school district employees need to understand how these cyber attacks
take place. Most attacks take place when an employee opens a phishing
email. From there, hackers can gain access to district employee
information or even gain control of district websites. And on average,
these attacks take months to detect, long after the damage is done.
staff need to be educated on identifying suspicious emails and the
tricks hackers employ, such as contacting them via email addresses
similar to, but ultimately different from their colleagues’ addresses.
Here’s some hand-picked content you may enjoy
district staff need to be educated on how to handle sensitive data.
Some student or staff information, such as social security numbers,
should never be handled without proper encryption.
One of the best resources for understanding student privacy and how you can develop your own program is at FERPA SHERPA. Another good overview of how to manage privacy risk with EdTech is at ikeepsafe.org.
How can I learn more about cyber security?
I recently gave a free webinar explaining the necessary steps K-12 districts need to take to improve their cyber security.
this webinar, I explain more about the state of the K-12 cyber
landscape and how the government has responded to it, the details of a
“cyber kill chain,” key success factors for districts seeking to improve
their cyber security, and tips on how districts can build their own
security protocol, based on NIST’s Cyber Security Framework. Watch the
free webinar for more information.