After a record number of cyberattacks in 2020, there are concerns schools could see more of these attacks as kids return to class.
Remote learning is still happening in some cases and schools are relying more now on technology for learning and school operations.
Last year, there were more than 400 incidents, according to the K-12 Security Information Exchange. But the nonprofit's director says it's hard to know the actual frequency and severity of these attacks.
“What public reporting requirements exist for, say school data breaches or ransomware incidents or other sorts of attacks are quite weak and variable, so in many cases, particularly as a parent, it can be very difficult to have insight into, you know, the sort of cyber risk management practices of school districts and experiences they've had,” said Doug Levin, National Director of the K-12 Security Information Exchange.
The impacts of these attacks can vary, but they mostly hurt kids directly through what can happen to their personal information.
“The criminals actually prefer getting the identity information of very young people, because they have not established credit records and they're not monitoring their credit. And so on the dark forums, on the dark web, the price for a young person's identity information is more valuable than an adult, like yours or mine,” said Levin.
He says schools are a target because they tend to underfund IT support and security. They also run older IT systems and technology.
“Unfortunately, for all intents and purposes, there is not a minimum standard of practice that school districts are held to with respect to cybersecurity. That may be surprising to some because certainly, we have those sorts of standards for health care institutions and for, you know, the financial sector. You would think for things like public schools, there would be standards,” said Levin.
The K-12 Security Information Exchange is working on standards that districts could follow. It's also helping districts work together to share threat intelligence.
Some senators have encouraged the U.S. Department of Education to let school districts spend recent stimulus funding on new cybersecurity protections. Levin says it remains to be seen whether the money will be used for that.
Families can help protect against school cybersecurity threats by not sharing passwords and by separating passwords and accounts for school from personal use.