Although frequently omitted from conversations about cybersecurity, K-12 schools and institutions of higher education are under increasing pressure from cyberattacks. Educational institutions provide a perfect target: they hold huge troves of personal, health and financial information; they conduct sensitive research for the military; and they have powerful Internet connections that cyber criminals want to control.

What are the Challenges in the Education Sector?
  1. Many schools promote a culture of openness and free access to information (e.g., public WIFI) that can introduce security risks.
  2. Many universities and colleges are the size of small towns, with a decentralized system of tens of thousands of networked devices made by multiple manufacturers; such a complex system is hard to secure.

  1. Phishing—hacking that occurs via fraudulent email messages—is extremely effective against young students who have limited training or experience with cyber threats.
  2. Cybersecurity is not a priority for most educators and school leaders.
  3. Educational institutions cannot afford many private sector security solutions.

What Can Governors Do?
  • Ask state IT managers to evaluate the extent to which all public and private schools use state networks or data storage to determine state agencies’ role in cybersecurity for educational institutions;
  • Convene IT leaders from K-12 schools and in-state cybersecurity experts to generate an authoritative list of basic, low-cost security measures that all K-12 schools can take; share the list with every school district;
  • Initiate a statewide awareness campaign on child identity theft
  • Gather presidents and boards of in-state institutions of higher education to kickstart a cyber threat information sharing partnership;
  • Review violations of federal data security standards by institutions of higher education, identify commonalities, and generate recommendations; and
  • Either through indirect influence or executive authority, ensure that cybersecurity and privacy experts are involved in any new education technology initiative.

What are the Effects of Child Identity Theft?

Schools offer cyber criminals easy access to the personal data of children. This information is valuable because criminals can use or sell it for purposes of committing financial fraud or tax fraud. Victims or their parents often have no idea until years later, when they are denied for a loan due to a ruined credit score. This then may result in a serious financial disadvantage.

Are There Any Federal Regulations Impacting State Cybersecurity Education?

Several federal laws require institutions of higher education to implement minimum data protection standards. These include the Federal Information Security Management Act, Higher Education Act, Family Educational Rights and Privacy Act and the Gramm-Leach-Bliley Act. In some cases, some of these standards might also apply to K-12 schools.