Audit: Cybersecurity Weak for Many Kansas School Districts

Many Kansas school districts aren’t taking basic steps to protect their computer systems and the privacy of sensitive information collected about students, according to a legislative audit release Tuesday.

The report from the Legislature’s auditing agency based its conclusions on a survey sent to the state’s 286 local school districts, with 147, or 51% responding.

The audit said that more than a quarter of the school districts surveyed didn’t have antivirus software on all computers, with figure rising to about a third for districts with 500 or fewer students.

Only 34% of districts said they scanned computers for vulnerabilities at least once a month, while 35% said they never did it, the auditors said.

More than half of the school districts surveyed or 56% said the competitive salaries required to attract information technology workers represented a significant barrier to having enough IT staff.

The auditors recommended that lawmakers consider directing the State Department of Education to develop minimum cybersecurity standards for school districts.

The department’s top administrator, Education Commissioner Randy Watson, said in a written response that setting such standards would require the agency to increase its IT staff to help districts and to audit them.

Related: Microsoft Sees Spike in BEC Attacks Targeting Schools

Related: Officials Say School District Near Albany Hit by Cyberattack

Related: Large Florida School District Hit by Ransomware Attack