Districts around the country are being targeted by sophisticated cybercrime operations that are using personally identifiable information (PII) to target schools. Threats coming from Russia and from within our own country have compromised schools and districts throughout the U.S.
The Threat Landscape Has Grown Since the Pandemic
Districts were already well under way in digitizing records, but the pandemic accelerated the digitalization process, often in haphazard ways that did not account for the increased threat. Now that the biggest wave of the pandemic has subsided, schools must prioritize data security in order to thwart these attackers who have been taking advantage of the growing number of access points – student devices, teachers working on home computers, digitized records not properly secured behind firewalls.
“As schools fast-tracked the shift to remote learning, some computers handed to, and owned by, students lacked adequate security, said Nir Kshetri, a University of North Carolina-Greensboro management professor in an interview with Newsday.
How Cyber Criminals Use PII
There are many ways PII can be used to target schools as well as victimize students and compromise student data privacy.
- If a student device is not properly secured, hackers can access the device directly. From accessing private data to activating the webcam, this poses a serious threat to students.
- Information accessed from the device could be used to help the criminal introduce malware that not only compromises the student’s device but the school’s or family’s entire network.
- Because of the number of devices, a sophisticated hacker could conceivably use the devices to execute denial of service attacks at a district level.
What Schools Should Do Now to Protect Their Districts
Schools must act. The threat is real and measurable. These steps can help secure PII and protect your student data:
NIST-Based Controls
Schools should employ a standard framework, such as NIST, to ensure they have adequate layers of protection, including detection monitoring, firewalls, email security, and anti-virus software.
24/7 Monitoring and Patch Management
For most districts, partnering with a managed service provider is the best way to accomplish this, as most schools do not have the budget to have a full IT staff.
Incident Response
Even with the best security, errors can occur. Having a comprehensive incident response – shutting down the network, having offsite data and recovery solutions in place, and mechanisms to notify the appropriate parties of a breach as quickly as possible can mitigate risk.
Ongoing Staff Training
Ongoing training to ensure staff is aware of and on the lookout for threats can help prevent unnecessary breaches.
GG4L’s Trusted Digital Solution
GG4L offers additional guidance on how to protect your school, as well as a school-centric trusted digital engagement hub for schools. School Passport allows schools to empowers schools to centrally:
- Govern the exchange of student, staff, and parent PII data with SaaS vendors.
- Approve and publish apps to a district or school branded on-demand AppStore.
- Delegate to school staff and teachers the ability to activate apps within their managed groups on-demand.
GG4L’s School Passport improves safety, privacy and security with advanced governance and privacy tools that monitor and regulate the sharing of PII data, including email accounts. Learn more.
