It is time for school trustees and administrators to embrace their leadership responsibility to safeguard their school communities from emerging digital threats
As published on DallasNews.com
By Doug Levin
12:00 AM on Feb 6, 2020
Texas schools face an immediate threat that few parents and educators have considered: computer malware and the scourge of cybercrime. According to data assembled by the K-12 Cybersecurity Resource Center, no state has experienced a greater number of publicly disclosed school cybersecurity incidents in recent years than Texas. These incidents have resulted in the theft of millions of taxpayer dollars, widespread destruction and outages of school IT systems, and large-scale identity theft.
Consider that Manor ISD lost $2.3 million in a targeted email phishing scam earlier this year. In similar attacks last year, nearly $2 million was stolen from Crowley ISD, while Henderson ISD lost more than $600,000. Malicious actors have employed other digital weapons, such as ransomware, to extort at least a half dozen Texas districts since 2017. One recent incident, experienced by Port Neches-Groves ISD, resulted in a $35,000 bitcoin payment to cybercriminals in exchange for the digital keys to restore access to their own IT systems. And school vendors such as Pearson have experienced large-scale breaches of student data at the same time that thousands of Texas educators and administrators have had their identities and personal bank accounts emptied by cyberthieves.
Given that schools’ reliance on technology for teaching, learning and school operations will continue to grow, it is time for school trustees and administrators to embrace their leadership responsibility to safeguard their school communities from emerging digital threats. Just as district leaders maintain the responsibility to manage risks to students’ physical safety and health in the context of natural and man-made disasters, they also need to take a lead role in ensuring that their school systems are appropriately managing the emerging risks to school communities introduced by the use of educational technology.
The passage of Senate Bill 820 by the Texas Legislature encourages school districts to put in place common-sense security controls, but the law falls short of guaranteeing that such controls will be implemented effectively or in proportion to the threats facing districts. If school trustees and administrators are to make real progress in managing the cybersecurity risks facing their schools, they will need to foster better information sharing and cooperation across districts; make the case in their communities for spending time and resources on building cybersecurity awareness, tooling and expertise; and embrace the legislative requirement to develop meaningful cybersecurity policies and plans.
While there is variability in how school districts use technology (and how much they rely on it), there is more that is similar about the security challenges they face than different. Coupled with the fact that cybercriminals repeatedly target school districts nationwide with the same scams, it is imperative that IT leaders in school districts collaborate to share information about the threats they are facing and how best to mitigate them. One of the biggest challenges in responding to these threats is the veil of secrecy surrounding school cybersecurity.
Any meaningful response to the issue will also require more money and more expertise. While state and even federal resources would undoubtedly help, school districts are likely to have to look for other sources for necessary funds and support. Students, parents and teachers should all be allies in this cause.
While educational technology offers exciting opportunities for students and teachers, its use in schools introduces new risks. While the passage of SB 820 is laudable, it is only one step in a much longer journey to keep Texas school districts secure online. In the end, we won’t see fewer successful phishing attacks, fewer ransomware incidents or fewer data breaches until every superintendent and trustee jointly embraces their cybersecurity governance responsibilities.
Doug Levin is president and founder of the K-12 Cybersecurity Resource Center and a former executive director of the State Educational Technology Directors Association. He wrote this column for The Dallas Morning News.
465 total views, 6 views today