10 Cybersecurity Myths that Put K-12 Districts at Risk

by Katie Fritchen on February 27, 2020

Cybersecurity Myths Can Trap Unsuspecting K-12 District IT Leaders

Why are cybersecurity myths a problem? Cyberattacks can hurt students, parents, staff, teachers, and overall district operations. They can also cost your district thousands—sometimes millions of dollars. A large amount of information on the topic is cluttering the industry, but some of it is spreading K-12 cybersecurity myths that can put your district at risk. Here are 10 myths you need to debunk.

1. Cybersecurity is only for large businesses with big budgets

The 2019 K-12 cybersecurity year in review revealed a 256% increase in data breaches between December 2018 and December 2019. K-12 districts became the second most targeted industry segments, behind municipal governments.

2. Cybersecurity is only an IT issue

District IT departments are responsible for ensuring that their cybersecurity infrastructure is effective in spotting and stopping cyberattacks. But, research shows that human error causes 90% of data breaches.

These breaches happen when an unsuspecting person clicks on a malicious link in an email or downloads an innocent-looking document. Hackers know that they can take advantage of your users, and they target their attacks to trick people.

As a result, everyone needs to understand their role in avoiding attacks. They must be personally responsible for avoiding attacks. Incorporating staff training and cybersecurity educational programs for students is a great way to raise awareness of the issues and instruct people on how to spot a potential problem.

Sponsorships Available

3. Cybersecurity is expensive

The cybersecurity market is huge, and vendors selling to enterprise organizations have perpetuated the myth that cybersecurity has to be expensive. There are things that district IT teams can do to limit the cost and complexity of their cybersecurity infrastructure. Educating your staff, students, and anyone else who has access to your network or data doesn’t need to be expensive. Properly configuring native security settings and your existing cybersecurity tech stack is simply a matter of spending the time to make needed changes. Often, the time and knowledge it takes to make those changes are half the battle.

{FREE} BEYOND THE CONTENT FILTER: CYBER SAFETY & SECURITY FOR K-12 SCHOOLS. LEARN MORE & REGISTER >>

4. Cybersecurity begins and ends at the perimeter

Perimeter security tools such as firewalls, gateways, and access management protect the endpoints coming into your network. But, since so many districts are using G Suite, Office 365, and a variety of other cloud-based EdTech apps it’s critical to protect against attacks from within the perimeter.

You need a comprehensive and multi-layered cybersecurity infrastructure to protect your district’s data. Many district IT leaders find that the NIST cybersecurity framework provides an excellent template for developing and prioritizing a comprehensive plan.

5. Cybersecurity is something you can set and forget

Securing your district’s data is something that needs attention 24/7/365. Hackers don’t sleep and are continually adjusting their tactics. Your team must stay vigilant.

You can outsource or, with the right technology, automate some of the monitoring you need to do. However, your team still needs to run regular data security audits and risk assessments to identify potential gaps or leaks.

6. Cyber insurance is a good replacement for cybersecurity

Cyber insurance is useful to help you recover from an attack, although you need to educate yourself about what it will and will not cover. Insurance isn’t useful for avoiding an attack before it happens.

The cybersecurity myth that says insurance is a good replacement for cybersecurity simply doesn’t make sense. Like all other types of insurance, you should use it to recover from an attack that happened despite your best efforts to avoid it.

7. Cyberattacks always come from someone outside of your community

Hackers do cause many cyberattacks. But, don’t believe this cybersecurity myth that outsiders are the only source of cyber incidents. Insider attacks are also a problem.

In May 2018, a district in California was hacked by a student who gained access to his school’s grading system. The student said accessing his grades was a beginner-level challenge. In November 2018, an employee at the Chicago Public Schools left her job. She also left with the personal information for approximately 70,000 people from the district’s database.

8. Cybersecurity and physical security are two separate issues

Unauthorized access to buildings in your district can result in the theft of information stored there. This can be just as damaging as a cyberattack.

On the flip side, many school building systems now link to your network. A network disruption can affect telephones, classrooms, security cameras, locks, and more.

{FREE} BEYOND THE CONTENT FILTER: CYBER SAFETY & SECURITY FOR K-12 SCHOOLS. LEARN MORE & REGISTER >>

9. You will know when a cyberattack is occurring

If you believe this cybersecurity myth, you’ll be interested to learn more about the famous breach at Equifax. Equifax discovered the breach on July 29, 2019. The breach actually took place on March 10, 2017. The hackers had lots of time to sneak into the Equifax systems and create a clever plan to encrypt the data they were stealing to make it more difficult to spot.

For your district, the most difficult incidents to detect are in cloud apps like G Suite and Office 365. You need cloud app security tools and solid patching workflows to avoid a situation like Equifax’s.

10. Lightning never strikes twice

Weather experts have always known that lightning often strikes twice in the same place. The same truth applies to cybersecurity.

Once cybercriminals have identified a target, they often use a variety of methods to gain access to different systems and types of data. Once they are able to find one vulnerability, they can use that knowledge to find others and can carry out multiple attacks on one target.

Debunking these cybersecurity myths should give you a new perspective on some of the issues surrounding keeping your K-12 district data safe. More importantly, it will help you strengthen your district’s cybersecurity resilience.