One interesting and potentially concerning trend that has emerged in compiling data for the K-12 Cyber Incident Map is that the number of schools and/or districts that have experienced multiple cyber incidents is increasing. This may be due to an increased reliance on technology for teaching, learning and school operations as compared to other districts and hence a greater exposure to cyber risks. It could be due to bad luck. Or, it could be a sign of a lack of expertise, resources, and/or attention to cyber security issues. To aid policymakers, researchers, administrators, and others in understanding this trend, I have decided to compile and begin to report more detailed information about these schools and districts.
Posts tagged cyber-security
If there is an Achilles’ heel to a future of robust personalized learning for all K-12 students, it is the uneven attention to the cybersecurity risks facing school information technology assets and data. In this post, I offer emerging lessons about real and perceived information security issues facing schools from the data underlying the K-12 Cyber Incident Map.
Today, I am pleased to introduce and launch the “K-12 Cyber Incident Map.” It is a visualization of cybersecurity-related incidents reported about U.S. K-12 public schools and districts from 2016 to the present. Painstakingly assembled from public reports, it was created to begin to build a data-based awareness of the scope and variety of digital security and privacy threats facing K-12 public schools and districts, as well as to shed a light on the need for uniform standards for disclosing cyber incidents affecting schools, students, and educators.
It is inevitable that the education sector will experience data breaches and be subject to cyberattacks. One recent phishing attack has become so widespread and so damaging that the Internal Revenue Service (IRS) itself has issued public guidance for schools on how to respond. Please share this information widely, educate yourself, and work with your schools to mitigate the risks of handling personal data of school employees, students, and their families.