A data breach at a local school district back in February may have you asking how safe your child’s personal information is. This is a very sensitive subject for many school districts.
Sweetwater Union High School District back in February had to shut down everything when they were targeted by a data breach. A lawsuit has been filed against them. They refused NBC 7's request to comment.
Principal Estela Corrales, who runs Sunnyslope Elementary School in the South Bay Union School District, said right now is an unprecedented time for school systems.
“There is a greater use of technology now than ever before, especially in the past five years post-pandemic,” said Corrales.
Get San Diego local news, weather forecasts, sports and lifestyle stories to your inbox. Sign up for NBC San Diego newsletters.
The students seem to be ready-made for this type of individual learning that compliments their teacher’s lesson plan for the day.
“Yes, they already come in with the skill set, definitely, as they have their own experiences at home with technology,” said Corrales.
As teachers and districts integrate more technology into their schools, they're reminded of the risks when neighboring districts are hit with breaches, which happened to Sweetwater Union High School District a couple of months ago.
Local
“It forces us to revisit our procedures and our policies because we really try to take a proactive approach,” said Pamela Reichert-Montiel, Assistant Superintendent at South Bay Union School District.
Francisco Tamayo is the senior director of cybersecurity at the San Diego County Office of Education. They oversee cybersecurity for 38 of the 42 school districts in the county.
He says cyber attacks have gone up in the last six years, particularly ransomware data breaches.
“The attackers are attacking an entire network, encrypting all the computers and holding school districts hostage for ransom,” for no less than $250,000, according to Tamayo.
He says cyber attacks are constant and in a given week his team will detect and tackle two or three denials of service attacks, which is when a perpetrator renders a system unavailable to its intended users.
“They can last a few minutes, it can last hours. So that’s where we intervene and help the districts to mitigate those denials of services,” he added.
Tamayo said they helped Sweetwater Union regain control of their servers once they were compromised. Unfortunately, the district had not signed up for the free training they provide to prevent cyber attacks, Tamayo added. Cyber Catch is the company they hired to make sure their systems aren’t breached again.
Sai Huda, CEO of Cyber Catch, said schools are a treasure trove for identity thieves.
“The student data, in particular, is of real value to these bad guys because there are a lot of younger students that will not see the impact of stolen data for many years,” Huda explained.
A recent scan on 4,000 K-12 schools in California, including in San Diego county, showed that 8 of 10 were vulnerable to hackers, according to Cyber Catch.
“Who would attack kids? And who would attack data? But these guys don’t care. These are bad guys, they’re all about money, they’re all about causing harm and havoc, so educators have to change their mindset,” Huda added.
What you should ask your child’s school district:
- Who runs your data security and what are their qualifications?
- Do you have multi-factor authentication log-in procedures?
- What teaching protocols are in place should you need to shut down your servers?
- Will you let parents know the moment there is a breach?
- What training do teachers and administrators receive to prevent accidentally opening up the school to a cyberattack?
The South Bay School District said they are confident in the plan they have in place with the county office of education.
Principal Corrales assures parents that these strategies are fully adopted by the rank and file at her school.
“We have to make sure that every staff member understands the training, that they implement it, and that they stay vigilant,” she said.
A big part of that training focuses on malicious emails, which are the most common way cyber criminals gain access to a school’s system, according to the County Office of Education.
They say thanks to the training, the opening of malicious emails by staff throughout the county dropped from 40% to .6% in the span of six years.
