In May of 2018, a 16-year-old student hacked into his school district’s computer system via a phishing email to change the grades of several students, including his own. The student, who was later charged with 14 felonies, told reporters that “It was like stealing candy from a baby.”
Schools and school districts possess a treasure trove of data that can be very valuable to hackers. Cybersecurity breaches of any kind or scale can create disastrous situations for administrators and protracted legal problems for districts.
Common examples of data and records at risk at school districts and other educational institutions include:
Like most organizations, cyber threats to schools and school districts include outsider threats as well as insider threats originating from students and faculty members. Failure to provide safeguards that result in a breach could lead to serious fines and penalties. For example, a breach of student or faculty health records would most likely invoke a claim under HIPAA, the Health Insurance Portability and Accountability Act. FERPA, the Family Educational Rights and Privacy Act, is another regulation that governs the inappropriate disclosure of personally identifiable information derived from educational records.
Simply put, cybersecurity in the schools and other educational settings cannot be ignored. A lack of cybersecurity diligence can be disastrous in the school setting. However, it is equally important to note the potential upside to implementing conscientious and effective cybersecurity safeguards. Applying sound cybersecurity protection can be immensely positive and transformative for a district and its students as it supports the uninterrupted use of innovative technology to allow for new learning experiences with greater efficiency and effectiveness than ever before.
*Source: New York Post, May 14, 2018, “Teen hacks school to change grades, charged with 14 felonies”