If district leaders learned one thing this year about cybersecurity, it’s that no one is safe. Technology use in the education sector has exploded since the pandemic, creating even more points of entry for cybercriminals to attack. With the 2022-23 school year under wraps, district leaders and policymakers are using this time to reflect and react accordingly to improve cybersecurity.
One of the latest and most notable targets involved schools across New York City after tens of thousands of public school students and employees were notified that their personal data had been stolen after hackers breached the Department of Education’s MOVEit file transfer software. In an email sent to parents on Sunday, the agency explained that the breach impacted an estimated 45,000 students. In some cases, personal data including social security numbers and birthdates were compromised.
Security breaches like this occurred in several large school districts throughout the school year, including the Los Angeles Unified School District, Minneapolis Public Schools and the Tuscon Unified School District. As a result, other districts are using these cases as lessons to further bolster their own security tactics.
For instance, the Cedarburg School District in Wisconsin is working to implement a new firewall and upgrade internet services at one of its schools, in addition to other new IT solutions, Director of Technology Kirstin Collins explained during a webinar hosted by ManagedMethods last week.
One director of technology at the Cloquet School District in Minnesota recently shared with Government Technology how much of his time is spent handling cybersecurity. Such threats were a rarity when he started back in 2017, but now, he says 75% of his day revolves around the issue.
“It’s something that we’re experiencing in all districts,” he told Government Technology. “I know people that work in other facets of government service and the private sector, and we’re all seeing the same thing—it’s just that the cyber attacks are increasing in frequency and they’re increasing in complexity.”
One solution they recently embarked on was redesigning the district’s network topography to restrict lateral movement between networks.
“So essentially what that means is I’m making it a lot harder for a hacker to get on one computer and then go to another computer in a different building,” he said.
More from DA: Safety first: Schools must vet their edtech tools for privacy and protection
Additionally, when asked about possible solutions to this issue, he described how important it is to hire specialized IT staff, but funding continues to be an issue for many districts.
“Ultimately, the best thing that we can do is have additional funding for more personnel so we can hire somebody who has gone to college for cybersecurity,” he said.
In North Dakota, educators and IT directors are looking forward to a new federal grant of nearly $1.8 million designed to help entities, including school districts, improve their cybersecurity. The grant comes after districts like West Fargo Public Schools faced phishing attempts sourced outside the U.S., including Russia, the district’s IT Director Ed Mitchell told InForum.
“Oftentimes you would think, ‘Oh, a little district in North Dakota, no one would target that,'” he said. “But oftentimes it is.”
Although West Fargo may not qualify for the grants, leaders are hoping it will help other metro area schools receive the resources they need to protect student and staff data.
“I still feel it’s good news; it’s certainly affirming that the work being done in our district is doing well and is going to grow,” said Mitchell.
