SALT LAKE CITY — School databases hold personal, confidential information about teachers and students, such as addresses, names, Social Security numbers, birthdays, etc. Schools are viewed as soft targets by potential hackers due to their smaller security budgets and fewer security personnel as are typically seen in financial institutions and corporations.
Students are not shielded from losses in these kinds of attacks. According to a 2022 U.S. Government Accountability Office report, the loss of time spent learning after a cyberattack ranged from three days to three weeks. And recovery time can take anywhere from two to nine months.
Further, the monetary losses to school districts after a cyber incident ranged from $50,000 to $1 million, as reported by the Biden White House.
- So far in 2023, at least 120 schools have faced a ransomware attack, compared to 188 in all of 2022, according to figures compiled by Recorded Future’s Allan Liska.
- The Little Rock School District in Arkansas paid almost $692,000 to respond to a 2022 attack, according to records recently obtained by the Arkansas Democrat Gazette.
How do schools fight back?
Shawn Graff, regional director at Cybersecurity and Infrastructure Security Agency (CISA) partners with educational institutions, law enforcement, and communities nationwide. He told KSL NewsRadio they offer a variety of resources, programs and tools to make our schools safer for students, staff and parents.
Graff said hackers will break into a school or a district’s information system using ransomware, hold the data hostage, and demand payment or ransom to release it.
“Somebody takes their (kids’) data, so Social Security numbers, birthdays, names … They can either hold that for ransom or they can use that information to open up a line of credit in your child’s name. And now you have a 6-year-old with a mortgage and a car loan payment that you didn’t know was there,” he said.
Graff added any parent can use a credit-monitoring agency to track their child’s financial activity just as they would their own.
Protecting school data
He said cyber-security starts at an individual level. Choose a long and complex password. The next step is using multi-factor authentication to access a network, website, or application.
“We did just launch a K-12 webpage that’s got a lot of the specifics that schools can go through in terms of what they need to do to help protect the data,” Graff said.
Dave & Dujanovic can be heard weekdays from 9 a.m. to noon. on KSL NewsRadio. Users can find the show on the KSL NewsRadio website and app, as well as Apple Podcasts and Google Play.