In the age of information, a data breach is one of the worst things that can happen. At best, it is a violation of privacy, and at worse, it leads to identity theft. This is why schools need to do better when it comes to managing student data.
Schools keep tons of data on their students. Everything from grades, to addresses, to phone numbers, to even social security numbers. If I were to look hard enough at my school, I could find just about any information I want on a student … past or present. The problem is the fact that I don’t have to look that hard. My school is better than the majority, but at almost any school, student data is not kept under lock and key the way it should be.
There is no way around providing some access to student data. Teachers have good reason to need to know parent contact information. But in many schools, anyone with access to the network has access to everything. The obvious problem: If everyone can access everything then everyone now becomes a potential entry point for a hacker. This is not some sci-fi plotline either. Close to thirty schools have been victims of ransomware attacks recently. Including large well-equipped districts like Chicago Public Schools and Los Angeles Unified School District. In the latter case, the hackers actually released the stolen student information on the dark web.
Hackers can penetrate a system many different ways. Opening emails and downloading infected files are two of the most common. School staff need to be trained on digital safety and not just the older members on staff who have trouble opening their emails. Plenty of “digital natives” fall victim to phishing and other online hacker tricks, too. Some schools have also started to prevent their devices from downloading files altogether without admin approval which is best practice.
During remote learning, teachers experimented with all kinds of cool sites and platforms for student engagement. Many of these ed-tech programs themselves take data from the users, especially the free ones. As the old saying goes, “If something is free then you are the product.” Additionally, due to the digital divide many students are using their school devices for much more than schoolwork. This means that a hacked Chromebook might reveal much more personal information than just mid-term grades.
Data is increasingly being stolen in high-tech ways, but we shouldn’t forget about old-fashion vulnerabilities either. We have all had the experience as a teacher of walking into the printer room and seeing an IEP or some other sensitive information left out in the open, often times even in places where students can see them.
The federal government is actually taking steps to remedy some of these situations, particularly around use of data. The AI Bill of Rights aims to fix some of the problems that hackers exploit like users being unaware of their data being harvested in the first place. That is a good first step, but it will not fix the problem if schools don’t take the threat seriously and not all of them are.
Schools getting hacked via ransomware has been in the headlines for months and the hackers are still exploiting the same vulnerabilities. Los Angeles Unified School District was actually warned about their vulnerabilities and didn’t act effectively.
Learn from other school’s mistakes. Don’t let your student data fall into the wrong hands.