Ever since Ferris Bueller hacked into his school’s computers and changed his number of sick days, in the 1980’s classic teenage day of hooky film, “Ferris Bueller’s Day Off,” students have broadly known about school security breaches.
But few students actually have the hacking skills necessary to pull off a cyber attack. It does happen, occasionally, changing grades or messing with school systems. The greater threat to schools, however, comes from outside cyber security threats.
Here’s what you need to know about the cyber attacks lurking in the classroom.
Massive Quantities of Personal Data
Personal data is worth money on the cyber black market. That’s why healthcare, utility companies, government offices, and schools are all targeted by cyber criminals. It’s not just about credit card numbers (which retailers might have, but many other targets do not). Some of the data that sells in the cyberverse includes:
- Social security numbers
- Dates of birth
- Names and addresses
- Driver’s license numbers
- Email addresses
- Health records
- Login information, such as access codes to school computers
When you look at it that way, you can see that schools actually have massive quantities of personal data about students and their parents.
The Extent of the Threat
Not only do school systems retain lots of data about students and families, but they also tend to have an astronomical number of devices connected to their systems. Classrooms have computers. Buildings have computer labs. Students have laptops, tablets, phones, and other devices all connected via wi-fi. Few businesses have anywhere near the number of connected devices in such a contained space as the average middle or high school.
Think of each of those points of connectivity as a potential weakness in the event of a cyber attack, and you get a sense of the scope of the risk.
In fact, because of cyber security breaches and also questions of content, some schools have considered limiting students’ online access. But students and even parents push back, recognizing that their students live in a digital world they want schools to be a preparation space.
Beyond the possibility of limiting access, schools could require all devices to be checked by trained IT staff. They could not offer wi-fi and treat school computers as simple word processors, to limit Internet-based risks. They could just require that all devices be updated daily so that systems and software have the latest security patches.
But then, just updating all of the devices in a large high school could take hundreds of personnel hours.
Additionally, all of those solutions require resources: human and technology resources beyond the scope of most school districts. In an era where art departments get slashed for budgetary reasons, technology departments aren’t likely to get bigger funds.
Occasionally, private resources come through to support technology. Such funds can be sporadic, at best, and often lack the personnel training to ensure the usability and cyber security of such devices.
So what’s a school to do?
For one, data could be collected with an eye to cyber security. That means, if isn’t required to be asked or digitally stored, don’t do it. Years ago schools did forms by hand, and in an era where people are rediscovering the joys of analog, schools might consider taking a page from that book.
Secondly, schools need to train both staff and students on basic cyber security. It’s excellent preparation for the future workplace, anyway! Students are digitally savvy and catch on quickly.
Lastly, consider the “expense” of getting an outside professional cyber security assessment. The cost, in the long run, could be much less than a data breach.