When schools rely on technology for teaching, learning, and school operations, the impact of a cybersecurity incident can be significant.
Posts in category Security
Both FERPA and the COPPA Rule presume that schools have the resources and knowledge to assess their own data security practices, to say nothing of that of their vendors. Emerging evidence suggests that this presumption should be challenged. The FTC and ED can take affirmative action to improve the security with which schools and their vendors treat student data.
One interesting and potentially concerning trend that has emerged in compiling data for the K-12 Cyber Incident Map is that the number of schools and/or districts that have experienced multiple cyber incidents is increasing. This may be due to an increased reliance on technology for teaching, learning and school operations as compared to other districts and hence a greater exposure to cyber risks. It could be due to bad luck. Or, it could be a sign of a lack of expertise, resources, and/or attention to cyber security issues. To aid policymakers, researchers, administrators, and others in understanding this trend, I have decided to compile and begin to report more detailed information about these schools and districts.
If there is an Achilles’ heel to a future of robust personalized learning for all K-12 students, it is the uneven attention to the cybersecurity risks facing school information technology assets and data. In this post, I offer emerging lessons about real and perceived information security issues facing schools from the data underlying the K-12 Cyber Incident Map.
Earlier this week, an unknown person or persons launched a short-lived, but clever cyber attack against Google Docs’ users. While apparently not targeted toward schools, it very quickly found its way to K-12 classrooms nationwide, resulting in alarm and confusion. Based on my investigation of the exploit, here are the three lessons I believe those of us in K-12 education should take from this incident.