According to k12cybersecure.com, in 2018 a new cybersecurity incident struck K-12 schools nearly every three days.
Gone are the days when student information is kept on paper in a file and in a filing cabinet. Student and staff Personally Identifiable Information (PII) is kept online. Security systems, including cameras and doors, rely on technology. Business operations, such as payroll, bill payment, phone systems and email communication, are connected to the school's network - all of which is susceptible to cyber attacks if not secured.
Beyond keeping everyone in the school building safe with technology, like video surveillance and building access, leaders have a duty to provide an education - which means ensuring a productive environment for learning to happen. In a modern school system, districts must maintain curriculum resources, point-of-sale software, and telecommunications systems - all of which are increasingly moving online. In the classroom, educators need access to the internet or the school’s network for everything, from the content of their lessons to keeping attendance. Disruption to any of these systems or no access to the internet means loss of valuable teaching and learning time.
The K-12 school community is especially vulnerable because the PII kept on students and staff can be sold on the black markets. Buyers can use that information to apply for credit, open bank accounts, or transact other types of identity fraud. Exposing this information also puts children in harm's way if the information gets into the hands of a child predator.
Actual Accounts of Cybersecurity Attacks on Schools
| A data breach in an Iowa school district led to personal text messages and social media post threatening violence to students. |
In October 2017, families of Johnston Community School District woke up to anonymous text messages threatening violence to students following a data breach of the school's information systems. Information and threats went out on Twitter later that day saying the personal information was leaked onto a dump site exposing students to child predators. The data breach led to the closure of school for a day while officials investigated these threats.
|
| New York school district postpones opening of school due to cyber attack |
In September 2019, the Monroe-Woodbury Central School District in New York had to cancel the first day of school due to a ransomware attack that forced administrators to shut down the district's computer network.
|
| Imposters posing as contractors working on a new high school in North Carolina convinced school officials to pay them over $2.5 million |
Schools are also susceptible to financial scams. In August 2019, online scam artists posing as representatives from a general contractor were able to convince school officials to wire them over $2.5 million meant for a new high school. Several weeks passed before officials became aware of the scam when the real vendor contacted them inquiring about the missed payment. https://www.govtech.com/security/Social-Engineering-Attack-Nets-17M-in-Government-Funds.html |
