Although frequently omitted from conversations about cybersecurity, K-12 schools and institutions of higher education are under increasing pressure from cyberattacks. Educational institutions provide a perfect target: they hold huge troves of personal, health and financial information; they conduct sensitive research for the military; and they have powerful Internet connections that cyber criminals want to control.
Schools offer cyber criminals easy access to the personal data of children. This information is valuable because criminals can use or sell it for purposes of committing financial fraud or tax fraud. Victims or their parents often have no idea until years later, when they are denied for a loan due to a ruined credit score. This then may result in a serious financial disadvantage.
Several federal laws require institutions of higher education to implement minimum data protection standards. These include the Federal Information Security Management Act, Higher Education Act, Family Educational Rights and Privacy Act and the Gramm-Leach-Bliley Act. In some cases, some of these standards might also apply to K-12 schools.