How much responsibility should administrators shoulder for data breaches?
Thanks to ed tech and holes in cybersecurity measures, schools are dealing with a rising number of security breaches — many of which are by students, EdSurge reports.
Mass data collection and storage makes it easy for criminals to exploit students, and low thresholds lead to students breaking barriers and violating school technology rules — with one particular incident in Michigan seeing a 7th-grade student hacker access the district’s internal network and spend years exploring its IT systems without telling district officials, in addition to helping other students get past the school’s internet filters and disrupting a class activity with a bot.
These issues can put entire classrooms, schools, and even districts or beyond at risk, according to another EdSurge article, raising questions about how schools should respond to student violations, how to be more proactive in upping cybersecurity measures, and whether school leaders should also be held accountable for breaches.
If you type, "how to hack into school server" into Google’s search bar, dozens of articles give readers a step-by-step guide on how to get through what arguably should be an impenetrable IT system — at least for a teenage amateur. And thanks to a boost in ed tech, collecting and storing data on centralized platforms is more common than ever, giving people in and out of the school community the opportunity to hack into these files.
Put simply: Accessing these centralized files, which have students’ and families’ personal and sensitive information, isn’t all that difficult. It’s a big enough threat that even the FBI has warned parents and educators about the dangers it poses, EdSurge notes.
At the same time, school districts have hundreds of millions of dollars in their budgets, yet some argue they aren’t taking enough measures to up security measures and protect student data. As Doug Levin, founder and president of consultancy EdTech Strategies, argued in EdSurge: If a teen — or an even younger child — can break through the data wall, they’re expected to face the consequences for violating school policy. But what about the school leaders who haven’t done anything to address the actual problem? What consequences do they face?
Levin’s conclusion, as written in EdSurge, is that these issues will keep plaguing districts until more attention and resources are devoted to cybersecurity risk management, with administrators and vendors held accountable if a "minimum baseline" for security isn't met.
As part of a sector that’s one of hackers’ largest targets, schools should consider investing more time and resources into tools like penetration tests and vulnerability scans to prevent potential cybersecurity attacks, as well as spreading more awareness among the school community about malicious activity and how to avoid it.
K-12 districts should also learn from their higher education peers, who typically have more experience dealing with these types of issues. Regulation and guidance on universal cybersecurity standards for districts may also be necessary. It’s possible that at a federal level, establishing these rules could stand to benefit districts and, by extension, students — but at the end of the day, schools should push for these efforts on their own. It’s too big of a threat to take a reactive, rather than proactive, stance.