If you care about data security in k-12, read this news report by Lisa Singleton-Rickman of TimesDaily concerning an Alabama school district. I think it serves as a useful example of what we’re up against.
Start with the fact that the state does not require any IT audits in k-12 districts. Don’t ask, don’t tell?
But Florence voluntarily arranged for an IT audit and the results were somewhat discussed publicly, which is certainly to their credit.
But then look at the basics that they reportedly do not have in place. And note that I am not suggesting that they are any worse than any other k-12 district. Districts need resources and skilled personnel. Without both, you wind up with “C” security, and that’s just too easy for hackers.
Is it any wonder that the education sector continues to be low-hanging fruit for hackers?