Cybersecurity in k-12 education schools face increased risk of cyber attacks electricity joules


But the 20-year administration veteran was forced into action in March when a savvy foreign hacker held the Swedesboro-Woolwich School District’s computer system for a ransom — making it impossible for kids at four elementary schools to take their online statewide tests as scheduled.

Government agencies, businesses, hospitals and universities are the frequent targets of staggering data breaches that can affect millions of people (in the recent Office of Personnel Management case, 21.5 million workers were impacted). Their personal information is scattered to unknown reaches of the globe and is as secure as a treasured item stored in an unlocked chest.

But experts say K-12 schools are also at risk — from outside threats and students who want to stir up trouble — as they rely more on technology for day-to-day operations and incorporate more software, apps, online programs and Web-based testing into classes.

In 2013, about 15,000 students at Sachem School District in Long Island, New York, had personal data, including school ID numbers and the names of those receiving free or reduced lunches, posted to an online forum. Cops later arrested a 17-year-old high school student in the district who pleaded not guilty, according to Newsday.

In Jersey City, New Jersey, a charter school last June was able to obtain names, addresses, phone numbers, dates of birth and possibly Social Security numbers of students attending traditional public schools to mail them registration forms, according to the Jersey Journal.

And teachers’ data, including Social Security numbers, was compromised during an attack at Prince George’s County public schools in Maryland — affecting 10,000 of the district’s nearly 24,000 employees, the Washington Post reported last November.

“I don’t think there’s a school district in America that doesn’t have important digital assets sitting on a computer somewhere that needs to be protected,” said Michael Kaiser, executive director of the National Cybersecurity Alliance. “We know schools sometimes don’t like to report incidents. Responding right away and bringing in law enforcement should be encouraged.”

While the Federal Trade Commission goes after bad actors that violate customers’ privacy, they are limited to pursuing corporations — not tech mavens behind school breaches. The agency brought cases against Fandango and Credit Karma for deceiving customers about the security of their information on the companies’ mobile apps.

But he reassured worried parents that none of their children’s personal information was compromised — the hacker’s intent, instead, was to extort the district for 500 bitcoins, which translates to about $128,000. Van Zoeren still does not know the identity of the attacker or group of hackers.

The rebuilding process took about two weeks, which meant teachers, administrators and students were barred from using computers. A cadre of workers from the Educational Information and Resource Center, an education nonprofit group based in New Jersey, was dispatched to help the district reconstruct its system. They completed the work for free.

“K-12 communities have been slow to adopt the strict kinds of security standards that a retail or banking customer has had for many years," said Maggie Hallbach, vice president of government and education for Verizon. "The unique challenge is that increased attention be paid and increased funding set aside by counties, towns and boards of trustees to support programs to secure this information."

"Do you need to secure school lunch menus? Probably not," she said. "You need to secure your staff payrolls, records that may have Social Security numbers. It’s very difficult to protect something if you don’t know where and what your critical data is."