Keeping K-12 Cybersecure–the newsletter of the K-12 Cybersecurity Resource Center–curates the best cybersecurity and privacy news for K-12 policymakers, administrators, IT professionals, vendors, and privacy advocates. The latest edition (“Like Playing Football without a Helmet“) provides information on recent updates to the K-12 Cyber Incident Map, other additions to the Resource Center, and curated news you can use.
Here’s your reading list for articles published during the first weeks of March 2019:
- Folks, even if it is easy for teachers to remember, it is not a good idea to use the last four digits of their social security numbers as their default password for school applications (“Release of employees’ partial Social Security numbers troubles Worcester teachers, School Committee members“).
- Definitely worth the read on how Idaho schools are managing cybersecurity risks: “Local school districts continue to bolster software, combat viruses.”
- Per The Atlantic, the hottest chat app for teens Is…Google Docs.
- She seemed like a normal Web-savvy teen. She was actually waging ‘e-jihad’ with ISIS hackers.
- It was not a great couple of weeks for education technology (and related) vendors. Not great at all. From Common Sense Media, we learn that the encryption practices of edtech vendors are insufficient and not improving. We learned of data breaches from Elsevier (“Education and Science Giant Elsevier Left Users’ Passwords Exposed Online“) and ACT (“Testing data for more than 8,000 Montana high-schoolers inappropriately released“). Despite Duolingo’s protestations to the contrary (“Thousands of Android Mobile Apps Improperly Track Children, Study Says“), it turns out they share user data for advertising purposes with none other than Facebook (whomp, whomp). When confronted with evidence, the Duolingo response: “Duolingo thanks Privacy International for their important work raising awareness of this issue. As part of our ongoing commitment to privacy, we are removing the Facebook SDK App Events component from both the Android and iOS apps in the next version releases.” The Mississippi Attorney General also has recently reached a settlement with state testing vendor Questar regarding their culpability for a breach of student data. Related: Senators Markey and Hawley introduced bipartisan legislation to update federal children’s online privacy (COPPA) rules. This should be no surprise: new regulation is the response we should expect when stories such as these are growing more commonplace.
- Family tracking/child monitoring/spyware apps are bad news: Exhibits A (“This Spyware Data Leak Is So Bad We Can’t Even Tell You About It“) and B (“A family tracking app was leaking real-time location data“). Don’t recommend them to parents.
Be sure to check out the full newsletter and sign-up to ensure you get all the latest news direct to your inbox. And, as always, please contact us with any feedback, tips, or suggestions.