Last October, hackers released a cache of data stolen the previous month from the Los Angeles Unified School District (LAUSD), the nation’s second-largest district with 600,000 students across 1,000 schools. The published data represented a treasure trove of sensitive information, including contracts, financial records, health information for staff and students, and much more.
In a separate incident, a January 2022 attack in another public school system forced the district’s 140 schools to close for two days. This hack compromised systems housing vital student details, including emergency contacts and adults authorized to pick up students from school.
A Growing Problem
Unfortunately, these attacks aren’t the first and won’t be the last. A recent report from Comparitech showed that education data breaches hit a record high by 2021, with 32 million records leaked since 2005. 51% of those breaches were within K-12.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that cybercriminals and sophisticated ransomware attacks are increasingly targeting K-12 institutions. According to cybersecurity firm Emsisoft, 2021 breaches affected 1,043 schools and colleges, including 62 districts. In 2022, 96 breaches exposed almost 1.4 million records in the education sector, according to Comparitech’s report.
Parents assume that when schools ask for sensitive information about their children, the district will take the necessary precautions to ensure the data is kept secure, private, and safe from predators. In today’s digital environment, completing forms online comes naturally. It’s a way for parents to share information quickly and for schools to streamline processes.
But are these same forms—and the way they’re processed by districts—also making it easier for cybercriminals?
The Challenge with Forms
Forms present security challenges in a couple of different ways:
- The form is on the front lines between the user and the system. Without the proper safeguards, every entry in every field on every form can be a target for malicious behavior.
- The way these forms are handled within a school or district can open the door for hackers.
If every administrative user has a login to every system, do they maintain unique User IDs and passwords for each? It’s unlikely. According to Yubico and Ponemon Institute, individuals reuse passwords across an average of 16 workplace accounts. The same report shares that 51% of users share passwords with coworkers to access the same systems.
The problem is a complex one. On the one hand, you have forms that need to be secured. On the other, you need to give your staff easy access to systems that can be trusted to manage the forms safely.
How Single Sign-On (SSO) Comes into Play with Security
More and more, districts and schools are taking a page out of the commercial business playbook and introducing increased protections to allow staff to access forms and submitted data securely.
Many districts are introducing multi- or two-factor authentication, requiring the user to provide more than one piece of “proof” to verify their identity. The proof can include additional information (the answer to a question), other applications or devices you have on hand, or biometrics, like a fingerprint.
Single sign-on (SSO) offers protection differently. SSO allows users access to multiple applications with just one secure login. In SSO, users enter a single well-secured credential to access various applications and do not have to re-enter their passwords when switching between applications. If you’ve ever clicked “log in using Google/Facebook,” you’ve used SSO!
For many K-12 organizations, SSO provides a significant first step to a tricky problem—district IT teams can control who has access to which systems and information. At the same time, the end user can log in to multiple applications and tools with a single set of assigned credentials.
Sound risky? It’s not. These credentials—usernames and passwords—are stored within a Customer Identity Access Platform, like Auth0, that protects user data while simplifying the user’s experience accessing that information.
Without SSO, employees log in to each individual system or application whenever needed. With SSO, the usernames and passwords aren’t stored in the application’s database but within the Customer Identity Access Platform. SSO allows applications to validate a single set of credentials with the identity platform and provide access to authorized users.
SSO in Action
Here’s an example. Let’s say that your district uses a student information system (SIS), nutrition software, and a finance solution and has online forms that feed information into each. Previously, a user—Jill—would log into each system individually, and because Jill has trouble remembering passwords, her password is the same for each application. Her username is always Jill@school.com, and her password is always 1234Felix, her cat’s name.
If a hacker were to breach any of the systems and access Jill’s credentials, they would have multiple entry points, allowing them to breach all systems. With SSO in place, Jill’s username and password are stored in one highly secure location, and the forms and their data are protected. And if Jill was to leave the district and Susan were to join in her place? With SSO, the IT team would have only one place to de-provision inactive users and add new ones.
Strengthen Your Security with SSO
With SSO in place, every K-12 district is taking a positive first step in driving efficiency, increasing communication, and securing data. Given their extensive use by parents and students, digital forms are an ideal place to start optimizing secure processes. Discover how LINQ Forms and Workflows can make your staff’s job easier while protecting student and family data.