What schools can do to protect against rising cybersecurity threats
Scammers have been taking advantage of districts with school phishing attacks as they transition to and maintain online learning. In addition to school cybersecurity threats, more solutions continue to flood the market, so K-12 leaders need to ensure faculty and staff are adhering to school data privacy policies to keep information secure.
At the beginning of 2020, the number of breached records globally across industries surged by 273% with more than 8.4 billion documents getting leaked, according to Atlas VPN, a virtual private network provider.
In Massachusetts, Boston Public Schools received more than 750 school phishing emails at one time during the migration to distance learning. “We have many low-income students, so our faculty and staff were purchasing grocery gift cards to help their families with certain necessities during school closures, and that’s when we started receiving numerous gift card scams,” says CIO Mark Racine, who spoke on the topics of practical cybersecurity and assessing cybersecurity maturity at FETC 2020.
Luckily, no one opened these emails, though one came close. “Prior to COVID-19, we would send alerts to our principal’s inboxes, but since the pandemic, the number of emails and memos our principals receive have gone through the roof, and communications get buried,” says Racine.
Schools therefore need to streamline their communications with their IT department to ensure critical messages are received. In Boston, IT officials have weekly meetings with principals rather than relying on emails. “If your existing communication channels are tapped, identify other avenues that do work and how to make sure these messages get through,” says Racine.
Free apps can break school data privacy policies
Schools should create a review panel to process the overabundance of free apps and subscriptions that teachers can easily download from solution providers during the pandemic. “From a data security prospective, this is very alarming since you have information going into these free apps,” says Racine.
Three departments now review all free and paid subscriptions at Boston schools. A technical team uses a release form usually given to vendors as a checklist to ensure school data sharing and rostering specifications will be met, an academic team checks that the tools align with state standards and school curricula, and an accountability team reviews privacy agreements to make sure they meet school data privacy standards. “Much of this process had already existed, but we expanded the usage for this occasion,” says Racine.
Having numerous apps can be difficult, not just for teachers to keep track of, but parents who are homeschooling their children during school closures. “That’s when mistakes are made,” says Racine. “We need to slim down and focus our attention on a smaller landscape rather than having hundreds and maybe even thousands of apps across a district.”
He adds, “Interoperability will be the most important conversation that districts can have moving forward to ease, not lift, these burdens for administrators, faculty, staff and students.”
Fore more coronavirus coverage, click here.
Interested in edtech? Keep up with DA's Future of Education Technology Conference®.