71.4 F
Salina
Sunday, October 24, 2021

Audit: Inadequate IT Security at Kansas Schools Leaves Vital Information Exposed

TOPEKA — A legislative audit revealing many school districts are not practicing basic security measures for information technology systems raised eyebrows Tuesday from a panel of legislators.

According to the K-12 Cybersecurity Resource Center, security incidents at schools have increased by 18% since last year. The limited-scope audit focused on how schools were approaching IT security, which contains sensitive data including grades, medical records and financial information.

Members of the Legislative Post Audit Committee expressed disappointment upon hearing that most respondents to a survey of all Kansas school districts do not have adequate IT security measures.

“I can’t believe in this day and age that we’re this far behind. It’s gonna take two or three years just to get up to par,” said Sen. Rob Olson, an Olathe Republican. “I think the Legislature should pick this up and set some minimum standards, but it’s really up to the state school board to pick this one up.”

The survey — which had a 51% response rate — revealed 58% of responding school districts do not require security awareness training for staff at any time, 65% do not scan their systems for vulnerabilities as often as recommended and 69% do not have an incident response plan.

State auditors said many schools simply failed to implement basic security controls to protect their networks against unauthorized users. They recommended the Legislature consider a measure to direct the Kansas State Department of Education to set minimum IT security standards for schools through guidance or requirements.

About half of survey respondents said the biggest barrier to achieving better IT security was an inability to hire enough staff or pay them competitively. Olson said he hoped legislative committees, such as the House K-12 Education Budget Committee chaired by Rep. Kristey Williams, would take up the matter.

Williams, an Augusta Republican who is chairwoman of the post audit panel, said they would review the issue but appeared keen to take a route that did not require spending state funds. She said districts should have money to address this issue with increased school funding from legal settlements and federal COVID-19 relief funds. 

“Ultimately I do feel that we have fully funded our school districts and they need to take this on,” Williams said, adding that offering guidance would not require school districts to spend money unless they choose to invest in improved security.

Rep. Jim Gartner, a Topeka Democrat, said it was a bit unrealistic to expect a department or any school districts to measure up without a statutory requirement.

“It would seem to me if it’s not required, they’re not going to really do it unless we require them to do it,” Gartner said. “So that’s something the legislature needs to address.”

In a written response to the audit, Kansas State Education Commissioner Randy Watson said if KSDE sets minimum standards, districts would likely rely on the agency for technical assistance. At the moment, the agency is only staffed to meet its own needs. 

“The level of support necessary for school districts to implement IT security standards would be a significant undertaking and is not possible with the current level of IT staffing at KSDE,” Watson said. “If the Kansas Legislature chooses to implement the LPA recommendation, there will need to be additional IT staff, and the Department would like to see that noted within the LPA recommendation.”

Kansas Reflector is part of States Newsroom, a network of news bureaus supported by grants and a coalition of donors as a 501c(3) public charity. Kansas Reflector maintains editorial independence. Contact Editor Sherman Smith for questions: info@kansasreflector.com. Follow Kansas Reflector on Facebook and Twitter.

Derek Nesterhttps://sunflowerstateradio.com
Derek Nester was born and raised in Blue Rapids and graduated from Valley Heights High School in 2000. He attended Cowley College in Arkansas City and Johnson County Community College in Overland Park studying Journalism & Media Communications. In 2002 Derek joined Taylor Communications, Inc. in Salina, Kansas working in digital media for 550 AM KFRM and 100.9 FM KCLY. Following that stop, he joined Dierking Communications, Inc. stations KNDY AM & FM as a board operator and fill-in sports play-by-play announcer. Starting in 2005 Derek joined the Kansas City Chiefs Radio Network as a Studio Coordinator at 101 The Fox in Kansas City, a role he would serve for 15 years culminating in the Super Bowl LIV Championship game broadcast. In 2021 he moved to Audacy, formerly known as Entercom Communications, Inc. and 106.5 The Wolf and 610 Sports Radio, the new flagship stations of the Kansas City Chiefs Radio Network, the largest radio network in the NFL. Through all of this, Derek continues to serve as the Digital Media Director for Sunflower State Radio, the digital and social media operations of Dierking Communications, Inc. and the 6 radio stations it owns and operates across Kansas.

Related Articles

Stay Connected

496FansLike
104FollowersFollow
511FollowersFollow
- Advertisement -

More Headlines