With the rise of online curriculums and virtual learning in both K-12 and higher ed institutions, there has been a notable increase in technology dependance. This dependency on digital tools has not only exposed children to challenges related to cyberbullying, plagiarism and online safety, but it has also made school districts incredibly vulnerable to increased cyberattacks.
Risk abounds year-round and according to hackers, student data is among the most valuable information in their sphere. They are aware that students are using personal and financial data for the first time, and find it easy to exploit their lack of awareness in safeguarding their digital identities.
Countering such attacks with the proper resources and tools can be especially difficult if there is little to no room in the IT budget for enhanced cybersecurity efforts. According to a recent report released by the Center for Internet Security, approximately one in five K-12 organizations dedicate less than 1% of their budget to cybersecurity.
While technology continues to create endless opportunities for learning, the seemingly alarming lack of cyber defenses compounds the allurement to sophisticated cybercriminals. As a result, the ever-growing data security challenge requires an effective approach to cybersecurity that first involves the development of responsible, appropriate and empowered use of technology through enhanced digital literacy.
Digital literacy starts with enhancing effective cyber skills through online awareness, (password safety, digital identity, phishing) and empowering students to protect their safety and privacy as much as possible. ISTE, the International Society for Technology in Education, defines digital literacy as including “the knowledge of and the ability to use digital technologies to locate, evaluate, synthesize, create, and communicate information. Being digitally literate includes having an understanding of the human and technological complexities of a digital media landscape. A student-friendly definition of digital literacy is using technology to explore, connect, create, and learn.”
In K-12 school districts, one of the most challenging technology conflicts is between productivity and security. Students and staff want quick, reliable access to online resources. They’d rather not be logged off the system every 20 minutes or have to call the IT department to reset passwords. During class especially, teachers don’t want to sacrifice instructional time to troubleshoot login issues.
However, school districts have suffered 1,180 publicly disclosed cybersecurity incidents since 2016 according to the K-12 Cybersecurity Resource Center. These have included denial of service attacks that interrupt learning, data leaks that result in identity theft, and ransomware attacks with extortion demands reaching seven figures. When my employer surveyed 100 K-12 technology leaders earlier in 2021, 92% said they had suffered a cyberattack.
To successfully balance productivity and security, K-12 districts need a strategy for access management: the practice of serving valid users while denying access to invalid users. These five pillars of access management work together to help your district achieve that balance.
Identity Management: instant access to digital resources
In many districts, IT departments manually provision accounts, meaning someone assigns digital resources, one user and one service at a time. The process is therefore time-consuming and prone to mistakes. Because deprovisioning is also manual, forgotten “ghost” accounts can become vulnerabilities. Instead, districts should use identity management for automatic account provisioning. Essentially, once a student or staff member is enrolled to a district, the identity management solution automatically provisions their account based on predetermined rules. This immediate, “zero-day access” is productive and secure. And if a student were to move or if a staff member were to quit, the identity management solution can automatically deprovision the account.
Digital Stewardship: cybersecurity awareness and fundamental skills
Students and staff who learn to be good stewards of their credentials can help protect their learning environment. That starts with passwords. An analysis of 15,212,645,925 publicly leaked passwords found that “123456” is the most popular one. K-12 users must learn how to create strong (i.e., complicated) passwords that aren’t reused on other sites. Ideally, they will use one such password to access all their resources (more on that in the next section). The second most important stewardship skill is how to recognize phishing attacks and vet links for telltale signs, like an unfamiliar domain. “Stay Safe from Phishing and Scams,” part of Google’s Digital Citizenship Course, is a great three-minute primer. Good stewardship, though important, can always use backup.