American K-12 school districts are vulnerable to cyber-attacks targeting data in cloud applications, according to new research.
A study conducted by the EdWeek Research Center and commissioned by cloud application security and student safety monitoring platform ManagedMethods asked district-level administrators about their cybersecurity strategies.
The online survey was completed between July 14 and September 15, 2021, by 214 administrators who said they had at least a medium level of influence on technology decisions. Respondents included 54 technology officers, 52 district superintendents, and 30 curriculum and instruction directors.
Researchers found that 30% of K-12 school districts do not have a cloud security platform in place to monitor and protect the data stored in cloud applications.
Half of the respondents said either that they did not have a platform in place or that they had no idea if a platform had been implemented in their district.
Nearly a third (31%) did not know if their cybersecurity platform consistently monitors the level of risk of files shared with users outside the district’s domain or monitors for potential violations of government regulations.
When asked if their cybersecurity platform monitors the level of risk of files shared within or uploaded into their domains, or reports who has access, 28% of respondents said they didn’t know.
Describing what data they store in the cloud, many respondents (69%) said they either have their human resources systems there already or plan to move them there.
Most respondents (86%) said they use cloud-based learning management systems (LMS) or plan to move these systems to the cloud.
The research revealed that the median budget district administrators have available for cybersecurity is $20,000 annually, of which 20% will go toward protecting cloud applications in 2022.
“School districts have long led the charge into cloud technology by embracing Google Workspace and Microsoft 365 cloud applications. This new research tells us that some district administrators are unaware of the cybersecurity, safety, and privacy risks that come with using them,” said Charlie Sander, CEO at ManagedMethods.
“Technology leaders need to know their cloud environments may be vulnerable, and that it’s their responsibility to secure them.”