If there is an Achilles’ heel to a future of robust personalized learning for all K-12 students, it is the uneven attention to the cybersecurity risks facing school information technology assets and data. In this post, I offer emerging lessons about real and perceived information security issues facing schools from the data underlying the K-12 Cyber Incident Map.
Earlier this week, an unknown person or persons launched a short-lived, but clever cyber attack against Google Docs’ users. While apparently not targeted toward schools, it very quickly found its way to K-12 classrooms nationwide, resulting in alarm and confusion. Based on my investigation of the exploit, here are the three lessons I believe those of us in K-12 education should take from this incident.
Today, I am pleased to introduce and launch the “K-12 Cyber Incident Map.” It is a visualization of cybersecurity-related incidents reported about U.S. K-12 public schools and districts from 2016 to the present. Painstakingly assembled from public reports, it was created to begin to build a data-based awareness of the scope and variety of digital security and privacy threats facing K-12 public schools and districts, as well as to shed a light on the need for uniform standards for disclosing cyber incidents affecting schools, students, and educators.
There are a range of potential cybersecurity threats facing K-12 schools. Thanks to my invited participation in a National Governors Association cybersecurity summit, I’ve documented my current thinking on the cybersecurity in K-12 education, why it is an important issue, and what should be done about it. Ultimately, if we can’t generate the political will to address these issues head on, states and the federal government have no business pursuing school reform and improvement strategies dependent on technology.
Hackers will target anyone and anything, be that hospitals, the police, or other hackers. Even though the year is just getting started, schools have already faced a wave of phishing attacks designed to steal sensitive employee tax information. The IRS has called this “one of the most dangerous email phishing scams” they have seen.
It is inevitable that the education sector will experience data breaches and be subject to cyberattacks. One recent phishing attack has become so widespread and so damaging that the Internal Revenue Service (IRS) itself has issued public guidance for schools on how to respond. Please share this information widely, educate yourself, and work with your schools to mitigate the risks of handling personal data of school employees, students, and their families.