Hackers used to focus their cyberattacks primarily on taking money from corporations’ deep pockets, but they’ve recently been targeting schools and municipalities.
“Why is that so? Well, you possess an enormous amount of personal data – birthdates, social security numbers, direct deposit, banking information, credit card information – all of that you have about not only your employees, but your students and their parents,” said Rob Haws, a partner at Gust Rosenfeld PLC law firm, who specializes in education law and labor and employment.
Schools keep that data for a long time, their IT equipment and operators are not always state of the art and they “have budgetary constraints that impose some limits on correcting either of those concerns,” and that’s “why schools are becoming more and more of a target of cyberattacks in this area,” Haws said during a breakout session at the Arizona School Boards Association Law Conference in Phoenix on Thursday, Sept. 5, 2019.
Video shot by Brooke Razo/AZEdNews and edited by Angelica Miranda/AZEdNews: What schools should do if they’re the victim of a cyberattack
How do hackers access this information? Schools “have multiple access points that you need to be mindful of as we move to more and more online activity, whether it’s registering for classes or grading or payments,” Haws said. “All those online options create a convenience for sure, but also create risks of bad people being able to access this stuff.”
But school districts and their IT departments can build awareness among staff and increase their understanding of what to keep an eye on and what to look out for, said Brad Sandt, founder and president of K12itc, a company that focuses on managing technology for schools.
“We have people trying to attack us every day,” Sandt said at the law conference. “As we continue to put in additional layers of security, it’s going to impact users, but each additional layer – each key piece of security – will add that much additional defense and protection in reducing risk.”