Technology has significantly changed the classroom experience over the last decade, with the ubiquity of the IoT, mobile apps, and teleconferencing ushering in a new era of instruction and learning. What’s more, this sea of change shows no sign of abating—case in point, late last year Roblox announced plans to reach 100 million students in the metaverse by the end of the decade. As K-12 institutions invest in emerging technologies and platforms, it’s critical that they not overlook cybersecurity concerns.
There are numerous cybersecurity challenges emerging in the connected education age, but following are some of the most pressing:
Increasingly Sophisticated Phishing Campaigns
Phishing has been a perennial security concern for the K-12 sector, but it’s become more pressing in recent years. With a plethora of free email services such as Gmail, Yahoo, and iCloud and access to personal information from social media and other online platforms, it’s incredibly easy for hackers to create fake accounts impersonating school personnel. These can then be used to target other district employees, students and families, or external companies with whom the school frequently works. While these are all bad scenarios, they can generally be addressed through education and, if they do occur, handled internally without requiring public disclosure.
However, hackers have become more sophisticated in their attacks on the K-12 sector and are increasingly launching “spear-phishing” campaigns, in which they can spoof the email domain of their intended victim. Bad actors first identify the district employees with financial authority and their contractors, and then use phishing emails to change contractors’ payment routing information, access sensitive data or additional user accounts, or activate malware in the network, to name just a few.
Josh Horwitz is the COO of Enzoic.