The attached article from Security magazine was published barely one month ago. The scope of the vulnerability it details within the e-Learning in K-12 schools is chilling for those of us who have school-age children. Why is there so little discussion either in the media or within school districts, and between school principals and their staff regarding this elephant in the schoolroom?
"Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data" from Security magazine: https://www.securitymagazine.com/articles/94140-cyber-actors-target-k-12-distance-learning-education-to-cause-disruptions-and-steal-data
The answer is undoubtedly complex, and I do not pretend to provide a comprehensive depiction, but only to chip at the tip of the iceberg.
Covid-19 and the political discord in the United States has left little air time for issues like cybersecurity at our children's at-home desk. Who has the energy, and in the hierarchy of concurrent threats, many shrug and say "don't we have bigger fish to fry?"
Secondly, most educators, whether they be administrators, teachers or paraprofessionals usually do not possess highly specialized knowledge in digital technologies and software design. For many principals, the digital realm is all but alien to them, and yet they are now placed in the position of overseeing an operating system of teachers and pedagogy that today, cannot survive without it.
Likewise, most K-12 schools do not have the funds to invest in expensive, in-house IT personnel acquainted with cutting edge cybersecurity practices; as a result, schools tend to still outsource the IT role to consultants or independent contractors who may be located across state or on the other side of the country. Many of these service providers also do not possess the level of expertise to remain one step ahead of the latest cyber hacking scheme. This obsolete approach to technical support might have sufficed before schools became distance learning hubs, but it cannot hope to survive the new virtual minefield in which school systems find themselves.
Great article.
I agree with Heather that many school districts do not have adequate resources to address security on their own. I believe that many parents do not understand the risks associated with their children using video conferencing platforms that were initially created for personal, non-scholastic audience. Cyber actors fully take advantage of the lack of understanding of the security risks and security protection by school districts.
It does seem that the schools don't have the resources they need to tend to security on their own, so they rely on built-in features of their software. I agree this is important and under-addressed. Thank you for bringing attention to this.