I was profoundly shocked after reading the cybersecurity act of 2021. The action called for a 120-day study by the CISA on the various attack vectors impacting the K-12 school districts. Additional mandates include recommendations to deal with malware and ransomware. This act and similar educational security mandates are seen to lack the requirement for mandatory implementation and accountability.
An exception to any rule creates more issues by unminding the core principle. K-12 schools have been under cyberattacks, including ransomware, malware, and brute force attacks against passwords. Many schools have been short-sighted about cybersecurity for years. Finally, a cybersecurity act is in play for schools; however, implementing the recommendations is strictly volunteering.
In some shocking cases, hackers demanded ransoms from parents compromising targeted students’ records by deleting student work and locking the student out of online classes. A breach at Fairfax County Public Schools in Virginia saw their student and staff’s social security numbers posted publicly. The district agreed to pay for credit monitoring for those affected by the breach.
Protection…
