Warning: Is your district at risk of a cyber security breach?

Just this month, over 143 million American discovered their sensitive information was compromised by a massive security breach at Equifax. Once again Americans find themselves scrambling to update passwords and wondering when the scammer emails and phone calls will start rolling in.

For school districts, cyber security now more than ever needs to be at the top of everyone’s mind. With the majority of district information – including sensitive student information – moving online, districts need to know how to protect themselves. The cyber security of dozens of school districts has been compromised in the past few years, sometimes by mischievous students and (more often) by intruders with more insidious motives.

How does a cyber security breach happen?

One of the most startling implications of the cyber age is how easily hackers can gain access to school district data. Occasionally, third-party vendors can be hacked, which can lead to a district’s own data being compromised.

Often, however, it takes as little as one employee clicking on a single email, or an unprotected file on a district computer. From there districts are at risk of sensitive data – including student information – being illegally accessed.

Students often know how to hack or “jailbreak” their school-issued devices, too – exposing them to potentially harmful content and scams.

What can we do to protect our online data?

First, school district employees need to understand how these cyber attacks take place. Most attacks take place when an employee opens a phishing email. From there, hackers can gain access to district employee information or even gain control of district websites. And on average, these attacks take months to detect, long after the damage is done.

District staff need to be educated on identifying suspicious emails and the tricks hackers employ, such as contacting them via email addresses similar to, but ultimately different from their colleagues’ addresses.

Consider doing a phishing simulation with training.  You can take advantage of some well-developed and free resources from EDUCAUSE.

Second, district staff need to be educated on how to handle sensitive data. Some student or staff information, such as social security numbers, should never be handled without proper encryption.

One of the best resources for understanding student privacy and how you can develop your own program is at FERPA SHERPA. Another good overview of how to manage privacy risk with EdTech is at ikeepsafe.org.

How can I learn more about cyber security?

Take steps towards greater employee and student information security with our free Cybersecurity Program Getting Started Guide. The guide includes a checklist and links to additional resources, so you can confidently evaluate your own district cybersecurity program.

Download now