Beyond the Classroom: School Safety in the Face of Cyber Threats

When we talk about school safety, we usually talk about physically protecting students.

Bullying prevention programs. Campus security systems. Disaster drills. These are all hallmarks of traditional school safety strategies.

But as schools continue to rely more heavily on digital solutions, they’re finding that school safety planning must go beyond discussions of how many school resource officers to have on campus, whether to install metal detectors in school entrances, or drawing up the best evacuation routes.

A large-scale hack of school districts in three states last month has put both the cybersecurity and the education worlds on edge. The attack was a wake-up call to school districts, showing how important securing student data is in the new digital education landscape.

Cybersecurity isn’t a new concept for school districts, but as they continue to adopt new digital tools to enhance student learning, many are realizing just how vital it is to school safety planning.

The Dark Overlord targets schools

Last month, the U.S. Department of Education released an alert to school districts across the country:

“Schools have long been targets for cyber thieves and criminals. We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other education institutions on the threat of releasing sensitive data from student records. In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received.”

This new threat was the work of a group of hackers calling itself The Dark Overlord, CNBC reports. Nearly 40 school districts in three states were targeted in the attack.

One Montana school district was told to pay $150,000 in ransom or else have private student records released to the public. Students also received text messages referencing the Sandy Hook school shooting.

Want more on protecting student privacy? Sign up for the TrustED newsletter.

As law enforcement investigated the attacks, ED encouraged school districts to ramp up cybersecurity by conducting audits and training staff, students, and parents on best practices for keeping information safe.

New tools, new vulnerabilities

Across the country, teachers and school leaders are seeing the value of ed-tech in making learning more engaging and efficient for their students.

And tech companies are taking full advantage of this educational shift.

As The New York Times reports, over the past few years, Google has dominated the ed-tech market by offering free or low-cost tools to school districts. Google devices and apps are used in more than half of all K-12 schools.

This explosion of technology in America’s classrooms has put Google and other ed-tech providers under scrutiny. Educators, lawmakers, and advocates have questioned how and when students’ personal data will be used and how it will be protected.

Last year, after there were questions about whether Google was using private data to target students with advertising, Sen. Al Franken (D-Minn.) asked the company to outline how it is protecting student privacy, as The Washington Post reported.

Google said it does not use student data for advertising and has stringent rules for protecting data. But hacks like the ones in October, continue to raise concerns about how well ed-tech companies—not just Google—are protecting student data.

The bottom line? In the face of new threats, school districts need clear plans for cybersecurity—before they purchase new technology. And they need to engage students, staff members, and community members so they understand the latest threats and are able to recognize potential scams.

How is your school or district prioritizing cybersecurity? Do you engage your school community about potential online threats? Tell us in the comments.