Today, I am pleased to introduce and launch the “K-12 Cyber Incident Map.” It is a visualization of cybersecurity-related incidents reported about U.S. K-12 public schools and districts from 2016 to the present. Painstakingly assembled from public reports, it was created to begin to build a data-based awareness of the scope and variety of digital security and privacy threats facing K-12 public schools and districts, as well as to shed a light on the need for uniform standards for disclosing cyber incidents affecting schools, students, and educators.
There are a range of potential cybersecurity threats facing K-12 schools. Thanks to my invited participation in a National Governors Association cybersecurity summit, I’ve documented my current thinking on the cybersecurity in K-12 education, why it is an important issue, and what should be done about it. Ultimately, if we can’t generate the political will to address these issues head on, states and the federal government have no business pursuing school reform and improvement strategies dependent on technology.
Hackers will target anyone and anything, be that hospitals, the police, or other hackers. Even though the year is just getting started, schools have already faced a wave of phishing attacks designed to steal sensitive employee tax information. The IRS has called this “one of the most dangerous email phishing scams” they have seen.
It is inevitable that the education sector will experience data breaches and be subject to cyberattacks. One recent phishing attack has become so widespread and so damaging that the Internal Revenue Service (IRS) itself has issued public guidance for schools on how to respond. Please share this information widely, educate yourself, and work with your schools to mitigate the risks of handling personal data of school employees, students, and their families.