Back to School: EdTech Compliance and Security

By August 31, 2017BDR, Data Security, EdTech

School administrators are challenged by the pressures associated with protecting student data, meeting compliance regulations, and delivering sophisticated technologies to classrooms, all while staying within budget. It’s a tough balancing act, made even tougher by budget cuts and internal IT teams being spread far too thin to manage it all.

Schools Are a Big Target

Schools, like other local, state, and federal government agencies, are held to a higher standard when it comes to protecting constituent data and providing timely services. Yet schools have become a big target, in part because they not only contain copious amounts of personal data on students and families, but also because hackers have the potential to tap into other, connected government systems through the school networks. Some experts believe that schools are more vulnerable than businesses.

A New Jersey school district was the victim of ransomware in 2015 by a foreign hacker who demanded $128,000 in bitcoin to return control of their network. Also in 2015, internal hackers at a New York State high school managed to change their grades in the system. As well, a school district in Washington State fell victim to a phishing scheme that delivered the personal information of nearly 100 students into the hands of hackers.

Common Forms of Attack

DDoS (Distributed Denial of Service). A DDoS attack causes a server to go offline after being overwhelmed by network traffic deliberately funneled to the server by a hacker. More than 250,000 DDoS attacks occur each year, including in schools.

Ransomware. Ransomware is the fastest-growing type of cyberattack targeting schools. It relies on human error – an administrator who clicks on a link, or a school professional who downloads a file – which initiates the isolation of the school’s computer system until a ransom is paid. The cost of ransomware can be in the millions.

Phishing. It’s easy to fool just about anyone with the right knowledge – and hackers are adept at creating emails that look legitimate, causing an employee to divulge information or grant access and unwittingly aiding the hacker in obtaining data.

Every School Must Do More

Schools must take cybersecurity seriously. It requires a combination of tactics that include layers of security, controlling access to the network, training employees, and detecting threats as early as possible.

thinkCSC works closely with many Ohio School Districts to help keep their data safe and available. We deploy innovative, affordable technology to help your schools maximize network efficiencies and minimize external threats. With a specific focus on the needs of educational institutions of every size, we offer unique solutions, dedicated technical support and expertise, and state-of-the-art security solutions specifically designed to meet the unique demands that apply in an educational setting.  Contact us to learn more.