Cyberwar on Children

According to several industry experts, including JSCM Group and The Wall Street Journal, children are the next target of cyber thieves.  Cyber criminals are targeting children because their credit reports are usually not monitored and the theft can continue for years until the minor turns adult and attempts to get credit for something.

I don’t want to be redundant regarding the great article written by the WSJ.  I do, however, want to bring up another concern of the security in our schools.  This is a topic we have spent a lot of the last six months on.  Schools often have all of the information on the child such as name, social security number, address, and medical records.  They also have information on the parents; some even retain credit card and bank accountinformation, as in a private school or tuition situation.

Security is not a practice in most schools.  Many schools are restricted by budget and under pressure to allow access to faculty and students without restrictions.  Most school IT initiatives are centered around more speed and more devices; very little effort is given to the security front. In this case, it is not ignorance at the IT level, but rather at the board level, where money for projects is allocated.

Two weeks ago I visited a school where teachers and students were on the same network segment.  What this means is that there is no division between staff, faculty, and students.  Further, everyone was on the same web policy, opening unnecessary access to the students and leaving holesopen for the attackers.  If malware made it into the network, the attacker would have access to a plethora of data as outlined above, truly scary stuff.

Schools should have to embrace the same security protocols as any medical organization.  I think this is an ideal benchmark and compliance obligation for them to reach.  Think about it: if your child has a medical disorder, the school will have records of that.  Further, the HIPAA privacy regulations will protect general student information as well as extending to the parents.

As it sits today, most schools don’t allow parents to see a full copy of their child’s file.  I could see a sub-industry pop up where records are stolen and the attackers try to blackmail or sell back the record.