Here’s how to protect schools from cyberattacks in 2024

Key points:

• Cyberattacks can impact schools and students long after an initial breach
• Rising ransomware attacks on education demand defense readiness
• K-12 cybersecurity threats to your school can be lowered–here’s how
• For more news on cybersecurity, visit eSN’s IT Leadership page

Identity theft and data breaches are on the rise and K-12 schools are one of the biggest targets. In fact, from 2016 through 2022, there have been more than 1,600 publicly reported cybersecurity-related incidents at K-12 public schools, affecting millions of current and former students. And now in 2024, it’s reaching a crisis point. Exposure of private information can have long-term impacts for not only schools, but for the students they serve. 

It’s why the nation is now taking a closer look at data vulnerabilities in K-12 schools. In late 2023, the Federal Communications Commission proposed a $200 million program to gather data on schools’ cybersecurity and firewalls, to examine how we can best protect students, teachers and schools. It’s largely in response to the recent influx of ransomware gangs targeting K-12 schools. As cyberattacks against schools continue to increase in severity, schools must take it upon themselves to implement extra protections against online threats. 

When students’ personal information is compromised, it can lead to emotional and financial harm for years to come. Schools manage a slew of personal data, from health and psychiatric records to academic test scores to even social security numbers. For school districts, financial losses from cyberattacks can be in the millions, according to the U.S. Government Accountability Office. These costs may include replacing computer hardware or enhancing cybersecurity protections, not to mention the burden and risk of identity theft. Yet, the majority of school districts do not have a single staff member solely dedicated to cybersecurity. 

While new cybersecurity measures and modernization projects are taking place at the national level, more tangible action must be taken to combat these rising risks for schools in California. What else can be done to address these rampant cybersecurity attacks at the school level?  

With a new year upon us, here are proactive steps you can take today to protect yourself or your school community against systemic cybersecurity threats in 2024: 

Multifactor authentication. The process of Multifactor Authentication (MFA) helps prove you are who you say you are by prompting the user to enter a second factor to verify your identity when signing in to a device. Because usernames and passwords can be easy to discover, implementing MFA makes it more challenging for a threat to gain access to student, staff, or your school’s information. 
 
Train staff. Attacks are often socially engineered. That means staff must know how to identify and respond to these threats. Protecting against phone-based, email-based, and SMS-based scams through regularly scheduled training for staff helps ensure they have the language and tools needed, such as phishing campaigns. Required training will help your school community not only identify cyberthreats but share actionable guidance on what to do if any information at your school is compromised. And according to experts, it would behoove districts to participate in programs that would protect against online attackers who are specifically targeting schools. 

Protect student, teacher and staff identities. Restricting administrative access to only those who need it can help keep devices and personal information protected, since users with administrative privileges can often bypass critical security settings and access sensitive information. This can be done by validating which staff members are required and authorized to carry out those tasks as part of their duties. End-to-end encryption (e2ee) can also help ensure no one but the sender and the recipient can read sensitive communications. 

Practice continuous improvement. Regularly patching and updating systems is one of the most important cybersecurity procedures to protect against known vulnerabilities as well as provide new features. Lastly, enact policies to regularly back up your data or material in different places or mediums (e.g. separate servers). Archiving or deleting sensitive information, in alignment with your record retention policies, can help keep information secure. 

The scale and number of attacks escalated the last few years as more schools relied on technology for instructional delivery and operations. In an increased digital age, cyberattacks will only become more hazardous for students and their school communities. Looking ahead to 2024, it has never been more important for school leaders to prioritize cyber insurance, education and security.