Amid an increasingly challenging cybersecurity environment and a chaotic threat landscape, organizations across various industries are grappling with the need for big thinking to address cross-institutional cybersecurity challenges, including protecting children’s data. Schools, in particular, have become a prime target for cybercriminals due to the easy access they provide to data-rich environments, such as sensitive administrative records, payment card information, and children’s data.
Between 2021 and 2022, schools saw a staggering 300% increase in breaches, with the number of K–12 schools impacted by ransomware attacks against districts doubling to nearly 2,000. Children’s data is particularly valuable to fraudsters, who use personally identifiable information (PII) to fuel their schemes. The consequences of their data being compromised can be severe, with victims facing issues such as being denied a line of credit, inability to access government benefits, or problems getting a driver’s license.
Dismantling this threat requires focused resolve from a variety of stakeholders. K–12 schools and districts, despite facing significant resource constraints, must prioritize cybersecurity. This includes training staff on current threats, adopting best practices, and recognizing emerging opportunities for collaboration to improve security outcomes across the industry. The Biden administration has also recently launched initiatives to strengthen schools’ cyber defenses, proposing government actions and partnerships to enhance cybersecurity in education.
Additionally, to reduce the benefit derived from children’s data, enterprises must ensure they don’t inadvertently support identity theft and synthetic identity fraud schemes. This requires effective processes for sharing risk data and regularly evaluating customer verification systems and identity authentication processes. Broader awareness of K–12 security challenges among parents can also better prepare them to protect their children’s data.
Ultimately, it is essential for everyone to have a role in safeguarding children’s personal data from bad actors and shielding them from potential harm after a breach. With significant institutional challenges and the need for standardized breach notification and incident reporting requirements, collaboration and robust cybersecurity measures are critical to effectively address the cybersecurity threats faced by schools and districts. As we move forward, it is crucial for all stakeholders to step up and resolve to do better in protecting children’s data in the coming year.