School system hack highlights need for cybersecurity training in K-12
- Earlier this month, hackers breached the PowerSchool student information system at Orchard Views Schools in Michigan, changing grades and attendance records for some of the district's high school students, EdScoop reports.
- After administrators became aware of the breach on March 8, Superintendent Jim Nielsen shared the information in a letter to parents, as well as on Facebook and the district’s website on March 13.
- Parents of the students affected were notified, but the investigation is still ongoing and it remains unclear if the perpetrators were the same students whose grades and attendance records were altered.
Though the Michigan security breach may have potentially been committed by students seeking to change their own grades, it demonstrates just how vulnerable school networks and the systems connected to them can be. Hackers aiming to steal the personal information of students or staff may see these networks as easy targets, given that many schools and districts are still catching up on cybersecurity as classrooms increasingly go digital.
Among the most vulnerable data: birth dates; addresses; academic progress; behavioral, disciplinary and medical information; web browsing history; students’ geolocations and classroom activities.
Last September, the FBI warned of increasing cybersecurity risks at schools in a public service announcement. The announcement noted that, in late 2017, numerous school systems were targeted and hackers gained information that was used to “contact, extort and threaten students with physical violence and release of their personal information.”
The security breaches were traced back to two large education technology companies and resulted in millions of students’ data being jeopardized, highlighting the need for districts to also be vigilant when it comes to ensuring that vendors are doing everything in their power to keep data secure. In one case, student information gained during a breach was sold on the dark web.
School districts have become a target for hackers because of the massive amounts of information saved and the lack of security protection.
The K-12 education system could follow the lead of colleges and universities, which began going digital earlier and has long since grappled with these issues. To start, campus administrators urge districts to train students on how to protect themselves against security risks.
A University of Dayton study indicated that Gen Z students considers their own device invaluable to their connection to school and their own social lives. Therefore, it’s imperative that students are taught early how to protect themselves, since they will likely be using such individual devices for years to come. But while security systems will need to evolve, ongoing community-based training for both students and staff, teaching them to be suspicious of every email link and attachment, and to utilize safeguards like two-factor authentication, should also be prioritized.
Since this age group has little reason to watch their credit at this point in their lives, it could be years before they realize a breach has occurred. Schools, which store massive amounts of student data, must take all available steps to proactively protect it.