Education & Government
Jill Holtz Image
Jill Holtz
Content Strategy Manager

How schools can use governance technology to protect board members against cyberattacks

March 31, 2023
0 min read
How schools can use governance technology to protect board members against cyberattacks

Cyberattacks are here to stay and ransomware demands to educational organizations are unfortunately skyrocketing. School boards need to know the essentials of how to protect school data and their board members against cyberattacks.

Here’s how governance technology can help tackle this key risk area for your organization.

School-related cyberattacks are on the rise

School-related cybersecurity incidents have risen dramatically over the last few years. Sadly, the truth is that schools are among the most targeted groups for cyberattacks, because defenses can be easily breached allowing access to sensitive data.

If you are wondering why hackers are interested in students’ grades, they’re not. They are interested in using minors’ identity information for fraud. Any personal information stored that can be accessed is vulnerable.

Hackers also make a lot of money from ransoms paid after data breaches. In addition to the cost of paying for ransoms, the huge amount of time spent dealing with the breach and aftermath can have a heavy impact on the board and school management. All that time has a cost and also takes away from the day-to-day business of running the school, as well as from progressing other much needed projects.

The facts are stark

In 2021 56% of K-12 schools and 64% of higher education organizations reported being hit by ransomware. There was also a notably big jump in the later part of the year - 57% of ransomware incidents reported to the FBI involved K-12 schools in August/September, compared to 28% January through July.

According to Emsisoft’s report, school districts hit by ransomware in 2022 were almost double the amount compared to 2021. Most prominent was an attack on the Los Angeles Unified School District, the second largest district in the U.S. which serves 1,300 schools and 500,000 students, which took place in September 2022.

The costs of the ransomware attacks are astounding: in 2021, 67 ransomware attacks across 1,000 schools cost them over $3.5 billion. The cost of paying a ransom was on average US$375,311 in 2021, that has now increased significantly to an average of US$887,360 in 2022, according to a survey by security company Kaspersky.

Other issues from cyber incidents affecting schools

Ransomware isn’t the only issue. A range of cyber incidents from data breaches to takeover of school websites can plague schools. Consequences are significant and costly, including:

  • Having to close schools
  • Disruption in learning and teaching
  • Taxpayer funds being used to recover data
  • Identity theft

A U.S. Government Accountability Office report on the impact of cybersecurity incidents affecting schools found that loss of learning following a cyberattack ranged from 3 days to 3 weeks, and recovery time ranged from 2 to 9 months.

Choosing a modern digital solution to support school board activities starts with a buying process designed to deliver optimal results. This buyer’s guide will help you make the best decision for improving the process of agenda and meeting management, accessibility, increasing transparency and boosting community engagement for public education boards.

Why school boards are vulnerable

If schools’ attractiveness to cybercriminals weren’t enough, school boards are also among the least prepared groups when it comes to cybersecurity.

A nationwide 2017 survey of 482 school board members found that 67% of boards had no required cybersecurity-related training whatsoever. Only 12% of respondents reported receiving mandatory cybersecurity training. This highlights a large gap in infrastructure and operation of school boards.

The 2022 Ponemon Institute Report “The State of Cybersecurity and Third-Party Remote Access Risk” found that many cyberattacks occur due to unchecked access to third parties. In addition, school boards often don’t have appropriate security resources, practices, or knowledge to ward off cyberattacks.

Using governance technology helps school boards establish a sound cybersecurity framework

Using governance technology helps boards protect sensitive student and school data, as well as prevent, mitigate, and respond to cybersecurity threats.

Governance technology brings in a sound cybersecurity framework that provides:

  • Controls to limit third-party access
  • User-based permissions to protect sensitive information
  • Robust data encryption to secure board communication
  • Features that allow new board members to get up to speed quickly on cybersecurity policies

Alongside using governance technology, school boards should conduct regular security audits and training on cybersecurity, follow good practice in data management, and have an emergency preparedness plan. Communities look to school boards for leadership in the event of a cyber-emergency. The board needs to have a clear vision of who-does-what after a breach.

As Doug Levin, co-founder of K12 Security Information eXchange, interviewed recently for Forbes says, “Just as schools deal with physical security risks on their campuses, they need to develop plans to prioritize and manage cybersecurity risks, resource these plans appropriately, and practice them.”

The investment in software that effectively and efficiently secures sensitive data pays for itself in protecting from damages suffered from cyberattacks.

With a fully secure board portal like Diligent Community, school boards can reduce their cyber risk with a rigorous framework of measurements and corrections. It doesn't take a rocket scientist, but it does take a bold plan, consultation with experts and strong leadership.


Your Data Matters

At our core, transparency is key. We prioritize your privacy by providing clear information about your rights and facilitating their exercise. You're in control, with the option to manage your preferences and the extent of information shared with us and our partners.

© 2024 Diligent Corporation. All rights reserved.