Educational institutions have gradually been integrating digital learning capabilities over the past decade but the pandemic accelerated this process. To illustrate, in 2018, an estimated 35% of college students reported taking at least one online class. At the same time, K-12 teachers incorporated computers into their lessons. While this move seemed inevitable as society and commerce moved online, security and privacy concerns remain a hurdle for innovators within EdTech and the schools that utilized their products.
2020: A Record Year for Student Data Breaches
Student data privacy concerns became a central focus at the onset of the pandemic. When quarantine measures dominoed across the country, nearly 93% of people in households with school-age children reported their children engaged in some form of online learning from home. Teachers utilized conference platforms, digital curriculum and virtual messaging platforms to replicate the classroom setting. At the same time, cybercriminals used the opportunity to increase their attacks by exploiting remote learning vulnerabilities, with 2020 serving as a record-breaking year in U.S. school hacks. And in the event of a cybersecurity breach, schools’ cyber capabilities aren’t the only things under a microscope – the technology used, its processes and the school’s leadership are under scrutiny, too.
Are you ready for a potential cybersecurity crisis?
EdTech crisis communication situations require more special attention than a traditional crisis plan. Key points in a crisis comms plan remain, such as 1) determining the level of severity, 2) identifying key stakeholders within the company, 3) internal and external workflows, and 4) weighing out the pros and cons of proactive vs. reactive communications. However, cybersecurity planning within a school environment requires marketing and PR teams need to customize their response protocols for the school environment, like:
- Creating a response team: Create a team in advance of a student data breach or any other type of cybersecurity incident. This team should include your security, legal, marketing and PR teams. In addition to identifying the people that will be looped in as soon as a cybersecurity incident occurs, you’ll need to map out the chain of command and include it in a centralized communication plan.
- Looping in risk and security teams with an incident response plan: Whether the breach occurred from a student utilizing unauthorized technology connected to a school network or from EdTech tools becoming infected with malware – providing access to a treasure trove of sensitive student or district information – when an incident occurs, employees and students need to know who to report it to first. An incident response plan should also include preparation, remediation, and recovery steps that guide the team from start to finish.
- Providing examples of attack scenarios with appropriate responses: The severity of breaches can differ in the education system. There are clear differences between an online learning platform exposing students’ personally identifiable information and intruders breaching an online videoconference room. While both situations are cyberattacks, it’s beneficial to create multiple scenarios to help guide your response to different stakeholders so you know when and how to respond.
- Retaining an EdTech marketing and EdTech PR agency to act on a crisis quickly: You aren’t alone in the event of a crisis. With a team of EdTech and Cybersecurity experts well-versed in crisis communications, we’re available to help.
Protect your company in advance of a breach. Contact Alloy today to learn about our crisis capabilities from initial planning to implementation.