Back
The coronavirus pandemic’s upheaval of spring semester left no doubt that America’s schools are among the most vulnerable to hackers — both amateur and state-sponsored — and that the security nightmares threaten to be long lasting.
A Politico analysis [1] showed that the education sector is by far the biggest target for hackers, accounting for more than 5.7 million of a reported 9.3 million devices that had some kind of malware encounter in the past 30 days of the data compiled by Microsoft Security Intelligence.
Security failures that have come to light include ransomware targeting the Fairfax County, Va., school system just outside of Washington, D.C., as well as the nation’s fourth-largest school system — Miami-Dade County, Fla. — tracing cyberattack attempts to China, Iraq, Russia, Ukraine and elsewhere, according to the Politico assessment.
Another headline-grabbing incident involved a Miami-area teen who was arrested for masterminding cyberattacks. “The student admitted to orchestrating eight Distributed Denial-of-Service cyberattacks, designed to overwhelm district networks,” the district said in a prepared statement. The student was charged as a juvenile offender with computer use in an attempt to defraud, a felony, and interference with an educational institution, a misdemeanor, the authorities said. [2]
The K-12 Cyber Incident Map has compiled a visualization of cybersecurity-related incidents reported about U.S. K-12 public schools and districts from 2016 to the present. [3] The “Cyber” incidents include unauthorized disclosures, breaches or hacks resulting in the disclosure of personal data (purple pins); ransomware attacks (yellow pins); phishing attacks resulting in the disclosure of personal data (blue pins); denial-of-service attacks (green pins); and other cyber incidents resulting in school disruptions and unauthorized disclosures (red pins).
PRIVACY CONSIDERATIONS ARE ESSENTIAL
A related problem focuses on privacy concerns. One example: New Mexico is suing Google for allegedly invading children’s privacy through educational products it provides to the state’s schools. State officials claim the products track students’ activities on their personal devices outside the classroom. [4] The lawsuit calls into question what a major for-profit player in the nonprofit educational space — which counts millions of children among its users — is doing with data it collects from them, according to the news article.
Google counters that its educational products comply with COPPA and industry standards, that it does not own or sell G Suite data, and that it does not use any personal information to target ads in G Suite school products. It also says schools must obtain parental consent before allowing users under the age of 18 to use Google’s services.
Other threats arise from free apps that promise supplemental instructional resources, extra skills practice, or to individualize instruction for students. Many are built by tech start-ups with little background in children's privacy laws. [5] The apps gather data and track students’ activities so they can deliver targeted advertisements. Some of the apps collect personally identifiable device information and track precise location information, according to an eChalk article on the issue. The companies may sell the data to third-party companies that set up profiles for targeted ads. A loophole lets developers tag the apps as aimed at “families in general” rather than children in particular.
Because of such fears, however, the Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) introduced a Student Privacy Pledge to safeguard student privacy regarding the collection, maintenance, and use of student personal information. [6]
The commitments are intended to detail existing federal law and regulatory guidance regarding the collection and handling of student data, and to encourage service providers to more clearly articulate these practices.
HOW AMESITE’S SOLUTIONS CAN PREVENT WIDESPREAD PRIVACY AND SECURITY THREATS
The key to thwarting these seemingly intractable cyber-threats is to use cloud-based, high security and privacy-oriented tools. Since user identities are distributed among networks, web portals, cloud applications and virtual environments, vulnerabilities lurk seemingly everywhere.
Amesite, Inc., offers solutions that thwart the financial, privacy and security threats. After all, poorly handled security systems can cause IT administration overheads to jump; user productivity to drop; and regulatory compliance to droop due to a lack of visibility.
Amesite deploys learning without giving data to third parties, ever. And we optimize security with a solution that’s:
We convert customer content onto our proprietary platform, or generate content for our customers, and use the proprietary data we collect on learner behavior and responses with their consent, to deliver to learners engaging, effective college courses. We aim to reduce the cost of delivering outstanding online learning products, and improve learner experience and performance — all in compliance with the highest privacy, security and customer standards.
References:
[1] Politico, Weekly Education: Hacking the Classroom, 9/21/2020.
https://www.politico.com/newsletters/weekly-education-coronavirus-special-edition/2020/09/21/hacking-the-classroom-790495
[2] The New York Times, Sept. 3, 2020, “Student Charged in Cyberattacks.”
https://www.nytimes.com/2020/09/03/us/miami-dade-school-cyberattack.html
[3] K-12 Cybersecurity Resource Center’s Cyber Incident Map,
https://k12cybersecure.com/map/
[4] Vox, Feb. 21, 2020, “Google’s Education Tech has a Privacy Problem.”
https://www.vox.com/recode/2020/2/21/21146998/google-new-mexico-children-privacy-school-chromebook-lawsuit
[5] eChalk, Oct. 11, 2019. “Are Education Apps Putting Student Privacy At Risk?”
https://www.echalk.com/blog/2019/10/11/are-education-apps-putting-student-privacy-at-risk
[6] Student Privacy Pledge
https://studentprivacypledge.org/