School districts have become major targets for cyber hackers throughout the United States. Ransom demands, districts being scammed out of millions, school computer systems compromised, or student information stolen and then sold to identity thieves are a few of the threats districts are facing.

In Louisiana, Governor John Bel Edwards has declared a state of emergency after a virus disabled computers at three school districts. This is the first time that a state of emergency has been declared over cyberattacks in the state of Louisiana.

The seriousness of this issue still evades many school boards. Cyber hackers can infiltrate systems through e-mails that look like they are from an administrator or staff member or through software that offers little protection from skilled hackers.

Louisiana is just the latest in a growing number of cases where cyber hackers have targeted state, city, or local governments. The districts that have been affected (Sabine, Morehouse, and Ouachita schools) are not the first and they will not be the last if district leaders do not take action to protect and secure their school systems.

Local school districts are prime targets for cyber hackers for two main reasons:

  1. School districts have access to sensitive data and finances that appeals to hackers for identity theft or other malicious intentions.
  2. School district leaders do not prioritize cybersecurity, making school districts ideal and easy targets.

School boards have a responsibility to care for, protect, and secure the sensitive information related to their school district. Student information leaked and identities stolen or auctioned off, not only affects the school district but the future of students, as well. Young and innocent individuals will now have stress related to their stolen identity, which could have been prevented had school boards prioritized district cybersecurity. Take K12.com for example, where 7 million student records and identifying information has been compromised.

However, some cyber attacks are not through viruses used to destroy school networks or identity theft of student information, but simple e-mails that turn out to be scams. This access to large amounts of money is another factor in why school districts are particularly attractive to cyber hackers.

School districts can lose millions to ransomware or scams that could have easily been prevented had appropriate measures been in place protect schools, like software to protect district information and trainings on cybersecurity standards. A Kentucky school district fell victim to a scam in which $3.7 million dollars was lost. That financial burden cost the district and school board members, not only financially, but a loss of trust with the public should the community feel like the school board is not fulfilling their responsibility to protect sensitive district information.

Appropriate measures must be taken to ensure that sensitive district data is secure and that district staff are trained in appropriately responding to attacks or scams.

Why do district leaders overlook the need for cybersecurity to ward off cyber hackers?

Sometimes the cost that comes with information protection can be steep, but the cost of losing sensitive data and putting the identities of innocent students is also high and irreversible. This lack of preparedness is a key factor in why cyber hackers seek out and target school districts.

The investment in software that effectively and efficiently secures sensitive data related to the district and its students pays for itself in protecting from damages suffered from cyberattacks. When it comes to sensitive data the information should be stored on a private secure server and on sites with high-level encryption (256-bit encryption is the strongest level of security currently available).

Staff, administrators, and board members should have a plan to know how to respond to cybersecurity incidents. Who do these attacks get reported to? What are next steps?

The district’s IT manager or team, district technological and leadership teams, and certain law enforcement agencies may need to be notified. Create a flow chart of the individuals or agencies that need to be notified based upon the scam or incident that occurs to include in the districts cybersecurity standards.

Be sure that this information is available to all district staff and board members. The faster that individuals are able to report these incidents, the more likely the issue can be mitigated.

Implement these plans and procedures as district policies and cybersecurity standards. Implementing policies and standards related to cybersecurity is another step toward protecting sensitive district information from cyberattacks.

How can school districts utilize technology partners to help protect sensitive data from cyber hackers?

School districts largely lack the technology and infrastructures that secure and protect sensitive information.

When school boards are utilizing board management software, it is imperative that they look at the features and capabilities of the software in terms of securing sensitive data. The software should promote and support strong cybersecurity practices to protect sensitive data related to the public school district and its students.

BoardDocs, a Diligent brand, is a cloud-based school board management software. Unlike many cloud-based services, BoardDocs boasts physically secure servers (that are video monitored) and 256-bit encryption, the strongest level of encryption currently available. These elements ensure privacy and security for your board’s most confidential and sensitive data.

Leveraging a board management software like BoardDocs, school boards can better mitigate the risks for data exposure or loss related to cyberattacks. BoardDocs’ security and features support and promote cybersecurity procedures that protect the sensitive information of your district and your students.

Maintaining secure and encrypted digital records, strong recovery methods, and a secure cloud network all encourage a culture of solid cybersecurity practices that are necessary in preventing a damaging cyberattack.