Keeping K-12 Cybersecure–the newsletter of the K-12 Cybersecurity Resource Center–curates the best cybersecurity and privacy news for K-12 policymakers, administrators, IT professionals, vendors, and privacy advocates. The latest edition (“No Rest for the Weary“) provides information on recent updates to the K-12 Cyber Incident Map, other additions to the Resource Center, and curated news you can use.
Here’s your reading list for articles published since the last newsletter (December 18):
- Looking backward, looking forward: a number of roundups of news and reports attempt to paint a picture of the state of K-12 cybersecurity. Security Boulevard raises some questions (“2018 In Review: Schools Under Attack“); CoSN (via EdSurge) offers some new data (“Are School Districts Starting to Understand the Scope of Security Threats?” (although there are errors in CoSN’s report); and vendor SecurityScorecard weighs in rather melodramatically (“U.S. Education Industry’s Cybersecurity Lags Behind 16 Other Sectors“). Beyond education, here’s what to expect in cybersecurity writ large in 2019. Note: based on data assembled on the K-12 Cyber Incident Map, be on the lookout for a K-12 specific 2018 Year in Review soon!
- This story is a big deal (“Man pleads guilty to phishing scheme that victimized Connecticut school employees“), as W-2 phishing scams specifically targeted K-12 school districts and claimed about 40 victims in and beyond CT (and affecting tens of thousands of teachers and other school staff). Congrats to those involved in bringing at least some of those responsible to justice.
- What do criminals do with student data? Motherboard is here with the answer: “Children’s Personal Data and SSNs Are Being Sold on the Dark Web.”
- Looking to boost cybersecurity awareness in your school during 2019? Download and share a copy of the 2019 MS-ISAC Calendar (complete with student artwork illustrating key cybersecurity concepts)!
- According to Bob Sullivan, “EdTech Needs Stronger Defenses for Students’ Personal Data” (and he’s not wrong). Indeed, the FBI’s cybersecurity awareness building efforts in education continue to pay dividends.
- The NY State Education Department proposed regulations to strengthen the security of personally identifiable information (PII) for students and school personnel, including by adopting the NIST Cybersecurity Framework as an official standard for schools. Read more (and learn how to comment on the proposed regulations) here.
- Patch ’em if you got ’em: Vulnerabilities found in building access system used by schools and a new WiFi firmware bug has been found to affect certain brands of laptops, routers, and Chromebooks.
- Be sure to include parents and family members in part of any cybersecurity awareness training you may do (“Scammers requesting money using fake Hamilton County school email address“).
- Good news for those running Google Apps for Education in your district: “Google: G Suite Now Alerts Admins to Data Exfiltration.” Courtesy of Twitter, some advice on where to find it in your admin console.
- From the ‘cybersecurity is a global challenge’ file comes several interesting stories, including two from the UK (“Star Academies Trust which runs five Bradford schools conned out of £77,000 in cyber attack” and “Newcastle school targeted in fees phishing scam“) and one from Turkey (“Turkish high school student detained for hacking national school system“), underscoring the potential downside to centralizing education data and IT systems.
Be sure to check out the full newsletter and sign-up to ensure you get all the latest news direct to your inbox. And, as always, please contact us with any feedback, tips, or suggestions.