Educational institutions serving students from kindergarten through grade 12 are charged with physically protecting children while they’re on the school’s premises but what about the information they have stored on these students? Educators share equal responsibility for maintaining a student’s digital privacy and ensuring the integrity of school networks. With the increasing risk of stolen data, K-12 institutions must take steps to protect student privacy and other sensitive data in order to meet their duty of care obligations.
In fact, acquiring cybersecurity and data security tools ranks as the 7th most important concerns in a list of 10 priorities for K-12 IT departments. Other priorities include implementing online testing, creating personalized learning systems and developing digital curriculum to improve how young people learn. The full list of K-12 IT priorities for 2014 - 2015 according to the Center for Digital Education are as follows:
Digital Content and Curriculum
Professional Development / Skills Training for Integrating Technology in the Classroom
Mobility; and Common Core/ State Standards
Networking Infrastructure Upgrades
Cybersecurity and Data Security Tools and their application
Student Data Privacy including Policies
Data Management / Analytics
Cybersecurity policy including acceptable use of technology
School administrators that fail to secure their data centers and networks run the risk of exposing private and potentially harmful data about faculty, students and their families. This underscores the need for IT departments to implement more robust protocols to safeguard the confidential information of each pupil. In many cases, the best approach is to form a partnership with security and networking professionals who have the expertise that many educational institutions do not have inhouse.
Malware puts schools at risk
Once hackers get someone at your school, student or faculty, to click on a link in an email or on a visit a suspect web site, they can load malware onto the computer and infiltrate the network. What they do once in the network can range from causing a nuisance or stealing sensitive data to shutting down the network. Just this March, a criminal hacker took over the computer system of the Swedesboro-Woolwich School District in New Jersey, using ransomware to keep kids from taking an online test.
Attacks such as this demonstrate how disruptive a cyber event can be. This type of interruption degrades the ability of schools to properly test and educate their students and will cost the district time and money to investigate the incident. High on the list to prevent a malware intrusion, along with installing a firewall and anti-malware software, is to educate all staff as to the dangers of clicking on links from unknown sources.
Protecting Medical Records
K-12 schools collect and store personal medical data about each pupil which is subject to government regulations to safeguard privacy according to the Health Insurance Privacy and Portability Act or HIPAA. HIPPA does not go far enough for most institutions to protect student data against cyber attacks and schools need to consider how their data is stored and how it is protected to prevent information loss.
Personal Data Exposure
The personal data for students, faculty and other employees, such as social security numbers, that schools typically maintain in their database present a tempting target for cybercriminals. These educational records and details about students and their families (including parental contact information) can be used in identity theft and other extortion schemes.
POS-style systems used to manage the line in the cafeteria are another vulnerable site that hackers will try to penetrate. Students scan in their ID card or touch a fingerprint scanner when picking up lunch. When this network is compromised, the stolen information gives hackers more data to commit fraud.
Work with Experts
K-12 schools need to take a hard look at the policies that are in place to safeguard student digital privacy as well as upgrade cybersecurity technology. IT departments in K-12 institutions clearly have their work cut out for them when it comes to protecting private and sensitive student information against determined cybercriminals bent on stealing data to commit fraud and identity theft. Controls, such as next generation firewalls, are also needed to prevent attacks that can infiltrate the system to cause problems. It’s best to work with experts who are focused on providing comprehensive networking solutions and data security in schools. Resilient Intelligent Networks works with best in class technologies, such as those from Fortinet, to guide you through the process. Resilient Intelligent Networks understands the unique challenges faced by K-12 cybersecurity teams to meet technology requirements and budgetary constraints.