A Struggle For All Parties
A few days ago, it was announced that school districts in San Diego and Los Angeles would be going completely online in the fall as a response to increasing COVID-19 concerns. This decision stands to impact not only the parents and students involved but also the schools themselves. While this is all done for the safety of the students it certainly does not come without any drawbacks. For parents and students, they must now adjust to online learning which may potentially set them further back in their education. Studies have shown that the average student could fall seven months back academically and minority students up to nine months or more. For schools, they are also potentially opening up their systems to more risk. Many schools have outdated and underfunded security programs which make them an easy target for hackers.
How School’s Cybersecurity Defenses Will Be Tested
The combined school districts hold up to 825,000 students’ personal data including names, addresses, and phone numbers. Given the large amount of sensitive information, the FBI has recently warned schools about the potential for cyber security threats stating that, “K-12 institutions have limited resources to dedicate to network defense, leaving them vulnerable to cyber attacks”. With an public FBI warning in place there is no doubt that bad actors will be even more aware of this. The question is how will schools respond to this threat?
Even for schools who have the budget to protect their data, it still might not be enough. In 2018, it was revealed that Polk County which educates roughly 100,000 students had basic security flaws in their system despite having millions of dollars spent on it. These vulnerabilities were thankfully found by a 17 year old student rather than a bad actor, although who knows what had happened in between the system going live and the them coming to light.
So what can schools do, certainly encourage your students to test your systems before they go live.I know of plenty of students that enjoy a good capture of flag or bug bounty so I imagine getting your hands on your school system would be fun. If you have got the budget to get a professional company to take a look then do that, a lot of vulnerabilities are easy and cheap to fix if you catch them early enough.