More Tech Can Mean More Threats: Keeping Schools Secure

More Tech Can Mean More Threats: Keeping Schools Secure

The pandemic shed light on what many Americans already knew: internet access is a necessity for everyday life. The Digital Divide was perhaps the most pronounced within the country’s outdated education infrastructure. Digital learning proved particularly challenging for rural and lower-income neighborhoods as well as in communities of color.

To get students everywhere up to speed with internet access at the height of the pandemic, communities scrambled to allocate funds to pay for laptops, tablets, modems, Wi-Fi hotspots, routers, and other broadband devices. To date, New York State has been granted billions in general aid for elementary and secondary education administered by the State Education Department to support pandemic preparedness and response efforts, including maintaining operations, staff training and educational technology, and addressing learning loss related to the pandemic. Of the $14 billion in anticipated resources, $2 billion was spent from 2021-22, and the balance is expected to be spent in subsequent years through 2025.

Now as we head into the upcoming academic year, what happens with all the new technology school systems have invested in over the past few years?

Technology adopted out of necessity during statewide shutdowns is largely here to stay. According to two years’ worth of EdWeek Research Center Data, video conferencing tools remain in high demand even as the nation’s schools are largely back to full-time in-person instruction. Applications include parent-teacher conferences, guest-speaker programs, school board meetings, teacher professional development, telemedicine appointments, online tutoring programs, and full-time remote learning options that districts have created in record numbers. This becomes particularly important with a projected 20 percent of K-12 central-office employees expected to work remotely or both remotely and in person. Educators and administrators are also reportedly continuing to invest in social-emotional learning tools and digital math tools.

Of course, with new technology comes additional heightened security risks. In its annual State of K–12 Cybersecurity Year in Review report released early this year, national nonprofit K–12 Security Information Exchange revealed that ransomware has become the most common type of publicly disclosed cyber incident at U.S. schools. According to the Federal Bureau of Investigation (FBI) and the Department of Defense’s Defense Technical Information Center, some of the most common types of digital threats include:

  • Data Breaches: Leaks of sensitive, protected, or confidential data from a secure to an insecure environment that are then copied, transmitted, viewed, stolen, or used in an unauthorized manner.
  • Denial of Service: When a server is deliberately overloaded with requests such that the Website shuts down.
  • Spoofing/Phishing: Both spoofing and phishing involve the use of fake electronic documents.
  • Malware/Scareware: Malware is illicit software that damages or disables computers or computer systems. Like malware is scareware, which is malware that uses social engineering to cause fear or anxiety so that a user buys unwanted and unneeded software, such as antivirus software
  • Ransomware: A form of malware in which perpetrators encrypt users’ files, then demand the payment of a ransom—typically in virtual currency such as Bitcoin—for the users to regain access to their data. Ransomware can also include an element of extortion, in which the perpetrator threatens to publish data or images if the victim does not pay.

The U.S. Department of Education’s Office of Safe and Supportive Schools administered the REMS TA Center to help issue guidance to help schools stay protected from cyber threats that are inevitable with the integration of modern and emerging technologies. There are a lot of useful resources here but we will summarize some of the most effective ways to keep your school protected.

Preparing for Threats

Schools and school districts can take a variety of actions to prevent, protect from, mitigate the effects of, respond to, and recover from cyber threats. These can be conducted before, during, and after an incident. To protect networks and systems as part of an overall preparedness program, schools and school districts can do the following:

Develop and promote policies: Before students, teachers, or staff access the school’s or school district’s networks and systems, they should be aware of any policies, rules, or laws regarding their use. IT staff should also be aware of local, state, and Federal regulations regarding information security and privacy.

Proper Data Storage: Store data securely to ensure that the whole school community’s data are kept private and to comply with the Family Educational Rights and Privacy Act (FERPA). Ease of access to and use of cloud-based software makes this issue particularly important, as this technology allows teachers and staff members to easily store and share students’ personal information.

Have a Back-Up Plan: Schools and school districts also need to regularly back up their data in case of accidental or deliberate corruption or destruction of data. Create firewalls and an approved list of individuals who have access to the school’s or school district’s networks and systems. The list should be regularly reviewed to ensure that only those individuals who have permission to access the systems can do so.

With more emerging tech being integrated into schools every year, it’s more important than ever before to monitor networks continually to assess the risk from cyber threats. As always, your partners at RBT CPAs are available to help you chart your financial course so you can maximize funding opportunities and navigate the financial planning that comes with newly adopted technology. Find out how – contact us today.