- The convenience of the cloud is drawing more K-12 schools to Software as a Service (SaaS) applications for administration and the classroom, but concerns about security and privacy remain a primary concern, according to EdTech: Focus on K-12.
- In taking steps to protect student data on these platforms, administrators must ask vendors to address their concerns upfront, do the research on vendors' policies, and refrain from using common passwords.
- Additionally, they should treat that data the same way doctor's offices or banks treat their own data, in addition to getting better safeguards in place to protect against hackers.
The larger the presence of digital tools and resources in schools grows, the greater the risk of sensitive data being compromised. And there's no shortage of that data in schools. In fact, education is now among the most popular hacker targets, according to a September 2016 analysis of 20,000 organizations by security ratings firm BitSight that found malware attacks against the sector outpaced those against government, healthcare, energy, retail and finance.
Ransomware in particular has become especially problematic. In these attacks, hackers encrypt sensitive data from schools and districts, demanding a ransom in exchange for a return of control. And some districts have been left with little recourse but to pay.
Chief among strategies to protect data should be addressing the end user, often the No. 1 threat to a school or district's network. At the University of Dayton, CIO Thomas Skill set out to do this via a campus-wide initiative that implemented phishing tests; sent updates, warnings and the latest security news; and offered incentives and prizes to people completing certain actions. Increasing awareness among students, faculty and staff members is key to helping them avoid falling victim to suspicious links and other malicious attempts to compromise cybersecurity.