Keeping K-12 Cybersecure–the newsletter of the K-12 Cybersecurity Resource Center–curates the best cybersecurity and privacy news for K-12 policymakers, administrators, IT professionals, and privacy advocates. The latest edition (“A Teachable Moment“) provides information on recent updates to the K-12 Cyber Incident Map, other additions to the Resource Center, and curated news you can use.
Here’s your reading list for articles published during the first two weeks of December 2018:
- With great promise, school technology also comes with great risk. The biggest concerns: data security and privacy (“For schools, technology offers great promise, great risks“).
- A new campaign, dubbed STOLEN PENCIL (potentially originating from North Korea), has been targeting academic institutions since at least May 2018 (“STOLEN PENCIL Targets Academic Institutions“). Details and technical write-up here.
- I see your 5 reasons and raise you. I’ve got 395 reasons and counting (“Five reasons schools need to address cybersecurity now“).
- Sometimes distinguishing a new phishing attack from a more serious threat is hard (“Bitcoin scammers send bomb threats worldwide, causing evacuations” / “Nationwide Bomb Threats Look Like a New Spin on an Old Bitcoin Scam“). Targeted schools reacted with caution (“Belle Fourche School District gets bomb threat Thursday morning” / “Hoax Email Received by Colonial School District Staff Members“).
- In addition to customer data, employee data is at risk also, including in K-12 education. A large proportion of school cybersecurity incidents on the K-12 Cyber Incident Map involve unauthorized access to school staff data, identity theft, and tax fraud.
- From the world of edtech vendors, we have good security news (“Grammarly Takes Bug Bounty Program Public“) and bad (“Kids’ VTech tablets vulnerable to eavesdropping hackers“). Note: VTech’s track record on child privacy and security issues is weak (“Vtech settles FTC lawsuit over children’s data privacy“). Will regulators take an even firmer stand with the company? We can only hope.
- From Canada, we have two stories raising concerns about school security practices: one detailing a school cybersecurity incident (“Father says teen, other students had info hacked at GTA school“) and another on weak enforcement of existing policy (“Not all Ontario schools follow this cyber security rule“).
- Not to be outdone, from the UK we also have two stories, including one detailing a school cybersecurity incident (“Former headteacher fined £700 after dumping old pupil data on server at new school“) and another on the rise in the reporting of incidents post-GDPR (“School data security incidents rise in wake of GDPR“). Note: We should not confound the rise in the reported number of school cybersecurity incidents with an actual rise in incidents. While there is some evidence to suggest schools are facing greater risks, lax reporting requirements are more likely the reason that public awareness is only now beginning to grow.
Be sure to check out the full newsletter and sign-up to ensure you get all the latest news direct to your inbox. And, as always, please contact us with any feedback, tips, or suggestions.