Majority of District Leaders Concerned About Cyber Threats, Project Tomorrow Report Finds
An overwhelming majority—71 percent—of district administrators are concerned about the security of their network against malicious attacks, according to a Project Tomorrow and iboss report.
The report, "The State of K-12 IT," released this week, surveyed more than 3,000 administrators in 2017 about data privacy concerns and the use of cloud computing in schools. The report was conducted by education nonprofit Project Tomorrow, in collaboration with iboss, a company provides network security services.
The survey findings show that district leaders seem to be more concerned about cyber threats than they have been in the past.
Among Project Tomorrow's survey results are:
- 58 percent of technology leaders say their top concern with cloud applications is ensuring data privacy
- 33 percent of technololgy leaders are concerned about teachers' lack of understanding about how to protect student data
- 61 percent of district administrators say teacher professional development on student data privacy is a top priority
- 8 percent of teachers recognize they need that type of professional development
According to the report, 70 percent of survey respondents said their school district has hardware and software in place to protect student data, while 45 percent said their district has a staff person assigned for data privacy and security.
However, the report doesn't touch on whether schools have experienced a cybersecurity breach, or if schools have the resources to manage their own cybersecurity issues, said Doug Levin, CEO of consulting firm EdTech Strategies.
Last year, a survey by the Education Week Research Center and the Consortium for School Networking found that most of the country's K-12 information-technology leaders don't see cybersecurity threats such as ransomware attacks, phishing schemes, and data breaches as a significant problem.
As schools increasingly turn to education technology and cloud computing, they become more vulnerable to hackings. There have been more than 380 cybersecurity-related incidents involving U.S. public schools since 2016, according to Levin.
The Project Tomorrow report shows that cybersecurity is an issue that still hasn't been solved, Levin said.
Schools need more resources, including money devoted to solving the issue as well as expertise. Levin said schools have very few experienced IT staff members and often have difficulty retaining those who are in the educational system. Schools also tend to have older equipment, which are more vulnerable to attacks.
Marie Bjerede, principal of leadership initiatives for the Consortium for School Networking, said in an emailed statement that a good practice for protecting against malware or other cyber threats is "keeping current with software patches for all appliances and devices."
While cybersecurity attacks aren't only happening in K-12 schools, an increasing number of organizations and federal agencies are voicing concerns about student data privacy. The FBI warned in September that the proliferation of ed-tech tools, platforms and strategies in schools and poses privacy and safety risks.
To combat the problem, however, there are resources, including toolkits on how to protect student and teacher data.
Perhaps just as important as hardware and software that guards against malicious attacks is raising awareness about them and providing training to staff, students, and parents, Levin said.
Bjerede agreed that "the biggest challenges in cybersecurity are people, not technology."
"The big hitter in protecting your systems and data is to train all staff on detecting and not clicking on fraudulent phishing e-mails, and on exercising good password hygiene," she said.
"All it takes is one person to click on a link to bring the whole place down," Levin said.