ransomware and school data
Once it has targeted your server, the ransomware will seek and infect all onsite data storage, as depicted above.  From schoolbusinessservices.com

 

 

Data is king.  We need  to improve education via data.  Our district is data-driven!  We need data to provide equitable education.  These are just some of the lines non-governmental organizations (NGO) use when talking about the ESSA/Common Core requirements to gather cradle to grave information on students.  It’s provided to the workforce so your human capital can become an asset to the global workforce needs.

The cost of data retrieval is huge and taxpayers are paying for the NGO vision of education.  Via ESSA, data is necessary and the taxpayers have little to no vote in paying for these mandates.  The ‘every student deserves and needs an iPad’ experiment has become a financial debacle for many school districts and iPads are in danger of becoming obsolete in their alleged usefulness.  Before your district abandons its iPad buying/supplying decision and moves to spend more millions on ‘other’ technology (such as Chromebooks), districts must provided research/data to the taxpayers showing their effectiveness in raising academic achievement/outcome.  If you are indeed data-driven, then it should be incumbent on those institutions/organizations espousing this talking point to provide the data supporting the use of your tax dollars on this technology.  When new bond issues appear and the school board insists ‘it’s for the kids’, refuse to vote for the issue until the Board provides you how much the increase includes new technology and the data supporting its use.

A very real issue for taxpayers, parents and students in the increased need for data is the data hacking threat.  Not only is academic information sent to third parties, personally identifiable information can be accessed outside the school district and state educational agency.  Schools send data to Student Information Systems (SIS) and most administrators have little to no information for parents/taxpayers on what/where that data is sent.  Most administrators cannot tell parents/taxpayers who is accessing that data.  This personally identifiable information is sent with every keystroke via the technology the district needs to be data-driven.

Data mining creates the possibility of data hacking.  Corporations have been hacked for a number of years (TJ Maxx, Target, etc) and schools are also targets for student data and restricting school access to the computer system.  Here are the facts (no tin foil hat conspiracy theories)

margo mcneil 2

about school data being held for ransom:

  • Preparing Schools for Ransomware—the Next Big Threat to EducationSchools must brace themselves for an onslaught of new cyber attacks. Today’s most pervasive cyber threat is “crypto-ransomware”, a type of malware that encrypts and scrambles files (usually in the form of confidential data) to hold them for ransom. As a recent victim of ransomware, Horry County Schools, the third largest school district in South Carolina, was forced to shut down more than 100 servers to stop the malware from spreading.
  • Ransomware Attack Leads LA School to Fork Over $28K in RansomA school located in Los Angeles County, California has paid computer criminals 28,000 USD after it suffered a ransomware attack.Officials at Los Angeles Valley College (LAVC) came to the decision after a ransomware infection left them with no way to recover their organization’s encrypted data.
  •  Crypto-ransomware attack encrypts entire New Jersey school district network (In this hacking instance, no data was allegedly compromised but PARRC testing was delayed, lunch paying capabilities were disabled and internal/external communication was inoperable):  When Swedesboro-Woolwich school district, which has four elementary schools with a total of about 2,000 students, was hit with crypto-ransomware, big guns showed up to investigate. After the district’s network was locked up due to ransomware on March 22, the local Woolwich Police, the New Jersey State Police Cyber Crimes Unit, the FBI and Homeland Security are all investigating.
  • Spring Lake Park schools attacked by ‘ransomware’ computer virus: Leaders of Spring Lake Park Schools say the district was the victim of a “ransomware” computer virus attack designed to extort money in exchange for regaining access to its hacked computer system.

 

The increased need for data is causing increased need for technological security which necessitates the need for more taxpayer funding.  What this increased need for data is not causing is verifiable increased student outcomes.  If outcomes are being reached or improvement is noted from the use of technology, the supporters of increased technology usage, the ed reformers, state educational agencies, USDOEd, and technology companies need to provide the research/data to the taxpayers on why they should keep funding programs for data mining and delivery.

We have provided several reasons of our worst case scenario with the data gathering with facts:  Increased technology use has created a financial burden for taxpayers.  The amount of student personal data mined today creates a juicy target for hackers and ransomware threats.  The tech proponents should support their claims with data/research on the best case facts with data gathering and prove to the taxpayers that this increased technology and associated cost improves outcomes and is worth the risk of ransomware.  Until then, maybe those bond issues need to be voted down.

 

 

Gretchen Logue