Students looking at computers

School District Data = Hacker Paychecks

School District Data = Hacker Paychecks

We are dedicated to protecting the education industry, so if you happen to be around, come see us at the Tennessee School Board Association Annual Convention November 16-17th, 2023 or the NYSCATE Annual Conference November 18-21, 2023.

Even if we can’t meet you in person, here is an overview of cybersecurity as it relates to the education industry. Leaders listen up!

Hackers are focusing their attention on educational institutions more than ever before, and the risk is increasing as hackers become more innovative.  

This might sound like a waste of time, right? Why would someone hack a school district when there are targets that seem more appealing? Why not go for financial institutions, banking apps, and large companies?

Looking at things from a hacker’s perspective, it will begin to make much more sense.  

There are many reasons a hacker would target a school district, the primary being something they love most: DATA. 

Target #1 – Employees

Let’s begin with employees since hacking their information seems like the most useful. The vast amount of demographic and administrative data of employees the school or district collects is a treat for hackers. This can be personal information, such as their names, addresses, dates of birth, and photos, as well as more sensitive information like their Social Security numbers, banking information, education credentials, and employment records. 

Target #2 – Students

Moving along to the next set of targets, we turn to the students. Schools often retain a lot of information about their students, including complete names, home addresses, birthdays, health records, and the PII associated with the guardians of the students. This information is enough for financial fraud. Student personal information is valuable because criminals can use it to obtain credit. If they succeed in identity theft, they can create several accounts using the student’s credentials, thereby ruining the student’s credit. What makes matters worse is how long it can take for someone to realize it has happened. It is only when they try to build credit or even apply for a college loan at age 18, do they discover that they are a victim. 

For instance, hackers released information about students and employees after an attack on a public school in Ohio.  

The breach contained information like social security numbers, home addresses, and more basic data like names, dates of birth, and gender. Surprisingly, a few months later, a father noticed someone attempted to apply for a credit card and a vehicle loan in the name of his elementary school-aged child. Cases like this show one example of what attracts hackers to the vast data available in school districts, highlighting the need to improve their cybersecurity. 

Why does it matter? 

1. Institution Reputation

People choose to live in a particular neighborhood based on the reputation of its public schools. Maybe a reputation for educational excellence, a renowned sports program, or historical significance drove their decision to enroll. But in the future, it should not come as a surprise if decisions become rooted in how confident the student is regarding the security of their personal information. Especially since our world is becoming more digital in most aspects. 

2. Compliance

Compliance with state and federal regulations is also a major factor to consider when making cybersecurity decisions. Here is an overview of the federal cybersecurity regulation, FERPA, and a New York state regulation, the SHIELD Act. 

Federal Regulations

FERPA – Family Educational Rights and Privacy Act. 

What is it? FERPA is a federal law that protects student data from unauthorized access, requiring consent of a parent/guardian, or student above 18 years of age to approve the distribution of records. 

Who is it for? With a few acceptions, most programs that recieve funds from the U.S. Department of Education are subject to this law. IF they provide educational instruction or are authorized to direct and control public educational institutions 

If compliance is not met, institutions could lose funding, have legal action pursued by individuals, be put under investigation, and damage their reputation. Be proactive in protecting student data to avoid breaking the law. A data breach may not be intentional, but organizations and individuals still suffer the consequences if one occurs. 

New York State Regulations(NY has the highest # of data breaches since 2005) 

SHIELD Act – Stop Hacks and Improve Electronic Data Security Act

What is it? This New York state law requires companies have reasonable protections around private data. This includes implementing cybersecurity measures for administrative and technical departments, and develop a plan to notify affected individuals.  

Who is it for? This Act applies to any organization that stores private data in New York. 

Monetary penalties may be imposed for Shield Act violations, and client trust could be negatively affected. 

This example is New York specific, but cybersecurity regulations and penalties vary by state. Check out your state’s department of education website to guide your research. 

Is your institution ready to adjust the budget when state-aided districts require incident response and emergency cybersecurity spending? 

Zelvin Security and ComSource, are partnered to help your organization get the services you want and the funding support you need to accomplish your 2024-2025 cybersecurity goals. Our partnership offers Cybersecurity and Penetration Testing with GSA, BOCES and other funding contracts! 

Our customized security assessments will: 

  • Uncover security weaknesses in the most important places 
  • Deliver your security testing within your budget 
  • Give you the support and flexibility to accomplish your goals 

Get started here: 


SHIELD Act | New York State Attorney General ( 

FERPA | Protecting Student Privacy ( 

Zelvin Security

IT Providers vs. Ethical Hackers  

In the diverse landscape of cybersecurity, two distinct yet collaborative providers play pivotal roles in defending your digital space: IT Providers and Ethical Hackers.   While their ultimate goal is to enhance the security posture of organizations, they approach the task…


Investing Wisely in 2024: Cybersecurity 

More digital tools = more cyber risks.  Does your organization use technology? Do you store client, employee, and confidential data?  Few can say no, as business are efficiently scaled using digital tools to automate operations, store data, and communicate internally…


7 Cybersecurity Strategies for 2024

The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers.  There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National…


Can you proactively secure your network with vulnerability scanners? 

39 Cybersecurity experts, including Zelvin Security’s President, Jeff Atkinson, took to LinkedIn to address the effectiveness of vulnerability scanners to proactively protect your network.   What is a vulnerability scanner?  These are software applications that scan a network for known vulnerabilities….


School District Data = Hacker Paychecks

Students looking at computers

K-12 Education Cybersecurity is increasingly more important for school district officials. Security is worth the investment.


What ETEC Members Need To Know About Cybersecurity 

As a proud supporter of the East Tennessee Economic Council (ETEC) community, Zelvin Security presents the following information as a guide to improve the cybersecurity programs of ETEC member organizations. One of the challenges all business leaders face is finding…


Zelvin Security at the Core

Describing the core values of Zelvin Security, a cybersecurity consulting firm

These are the core values that guide the daily work of Zelvin Security, a cybersecurity consulting firm.


The Cost of Ignoring Cyber Risks

Because securing digital assets is as important as locking an office door. Cybersecurity isn’t just a “nice-to-have" - It’s a must to keep your financial health and reputation intact.


How Much Do You Know About Third-Party Vendor Security?

The importance of third party vendor security

Strengthen the cybersecurity of third-party vendors to enhance your organizations security posture. Use the resources in this article as a starting point to implement proactive measures.


A CISO’s Guide to Cybersecurity Budgeting 

skyline with padlock overlay

How to Efficiently Allocate Cybersecurity Funds   The economy has become more reliant on digital assets than ever before. Cybercrime is at its highest. The cost and consequences of data breaches are on the rise.  This means we have to…