Virtual Schools: A Rich Target For Data Thieves
In the past five years, the marketplace of online K-12 schooling has increased dramatically and is expected to grow 15.4% by 2024. Forty-eight states and the District of Columbia have already implemented some type of online school platform.
Virtual schooling has changed many aspects of the education model, in obvious ways like location and timing of classes, as well as in the amount of information that is transmitted and stored online. This makes virtual schools extremely rich targets for criminals, a point that can be used to support user cyber awareness programs in the education sector. In fact, Florida Virtual Schools suffered a massive data breach last year that compromised over 368,000 students and 2,000 teachers. Following this data breach, parents were advised to monitor their children’s credit for identity theft.
Much of student data is protected by Federal laws such as FERPA and these laws apply to online schools just as they do in brick and mortar schools. This means that anytime a data breach occurs and protected information is involved, schools could face legal trouble. This is yet another point to consider in a user cyber awareness program–liability concerns when dealing with sensitive information.
Consider how these digital classrooms work: there are often working with third party applications to teach and engage students. Third party apps can be problematic because the school loses control over the security of the shared data. If the third party company experiences a data breach, the school will be held liable for the compromise of their students’ data. Additionally, students and teachers are logging into systems likely multiple times a day and communicating via email or chat. If a hacker phishes a teacher for their credentials through email or chat, it could open access to personal or sensitive information for thousands of students.
The truth is that virtual schools face the same challenges as any other organization with an online presence and network and should be protected through a combination of awareness and training and technology. However, the amount of data these schools house makes them a high value target. Users of virtual schools must stay vigilant.