Your district’s cyber safety needs help–here’s how to fix it

Key points:

There is no question that cybersecurity threats such as ransomware continue to pummel the education system, with the White House estimating that at least eight K-12 school districts faced “significant cyberattacks” during the last school year alone, resulting in loss of learning time and even full school shutdowns. With open networks, tight budgets, and a lack of proper cybersecurity training for teachers and students, there are many factors that lead schools to become prime targets for attacks. 

On the heels of the White House’s multi-pronged plan to help bolster K-12 schools’ cybersecurity, it is crucial that schools recognize the importance of strong cyber posture within the education system and take the steps necessary to bolster their digital security, despite limited resources and an increasing number of complex cyberattacks.

Why schools are susceptible to attacks  

Schools do not necessarily come to mind when you think about places most likely to face a cyberattack, but they’re a big target for hackers for a number of reasons. Cyber attackers are opportunistic and seem to look for victims they know or assume have weak security measures in place. School networks, whether primary schools or universities, tend to be open (and inherently less secure) more often than most organizations due to their mission to promote learning, and unfortunately often find themselves falling victim to attack.

Schools aren’t necessarily being specifically targeted, but there are several reasons they may find themselves a victim of a cyberattack:

1. Ransomware actors focus on organizations that are likely to pay a ransom.

This is how cybercriminals make their living. School environments will often be under pressure from parents and authorities to remain open, possibly making it more likely that they would pay a ransom to restore systems quickly.

2. Institutions often have limited security protections

Historically, educational institutions have not spent money to secure their information technology infrastructure or cybersecurity posture. When cybersecurity professionals are hired, the salaries typically are much lower than normal, so schools are not getting the top prospects in the cybersecurity realm. Most educational organizations and districts do not even have full-time cybersecurity professionals or offer routine training to the educators, faculty, and students.

3. Academic institutions may use new, untried technology

While recent technologies provide benefits for educators, such as improved accessibility or access to education techniques that help students with certain learning styles, it’s important to remember not all technologies are secure. Many times, the less-secured or less-tested technologies are not as expensive as the more secure and tested technologies. This can create a conundrum for educational organizations with small budgets and lead to great risks associated with cybersecurity.

4. Attackers value email addresses ending in .edu

Emails are a valuable resource for hackers who want to stage phishing attacks. The more legitimate and trustworthy an email is, the more useful it will be in launching an attack. By taking over an email account belonging to an institution, cybercriminals can benefit from the credibility that the domain offers to their phishing email.

Still, it is simple for cybercriminals to get an education domain email address for themselves; many institutions allow anyone to create an account during an application.

5. Academic staff often more exposed to phishing

Academic staff are more likely to fall victim to phishing attacks due to a lack of security tools and a lack of awareness about cyber threats. All it takes is for a single staff member to have a momentary lapse in judgment, and their action can result in malware infecting the entire campus network. High value .edu email addresses belonging to staff members are also often published online, which makes it easy for attackers to locate and choose their victims. It is for these reasons that most academic breaches begin with an email attack.

6. Staff and students take laptops home

School staff and students usually take their laptops home for weekends and summer. This makes security concerns even more critical due to the fact that laptops are using Wi-Fi networks that may not be well protected. It can also be difficult to determine how often these laptops are being updated with security patches while away from school networks.

Achieving better cybersecurity posture

Here are some simple steps to reduce cybersecurity risk in educational settings:

  • Use multifactor authentication whenever possible — never rely on passwords for security. Passwords alone cannot provide adequate security. Add MFA to passwords when authenticating to computers, applications, websites, and other networks.
  • Conduct periodic vulnerability scans on everything connected to the network. These scans will find missing updates, patches, and known vulnerabilities.
  • Install patching recommendations immediately when prompted or as quickly as possible.
  • Perform regular penetration tests to find holes, misconfigurations, improperly secured software and applications, and a host of other security related issues. These tests should be performed at least annually by a good cybersecurity firm.
  • Utilize next generation endpoint protection and log monitoring to ensure everything is being done to protect the laptops and servers, and any serious event is captured immediately so it can be investigated.
  • Hire competent, well-trained cybersecurity staff who can help develop a culture of cybersecurity awareness while testing, investigating, and promoting best practices related to cybersecurity.
  • Require mandatory cybersecurity training for teachers and staff. In addition to patching and MFA, basic cyber education for teachers and students is critical. This includes providing crucial tips or resources on:
    • Setting strong passwords for school computers 
    • How to identify phishing schemes through email 
    • The importance of not sharing personal or financial information through email 
    • Updating your computer software regularly to ensure any bugs are fixed and vulnerabilities are addressed
    • Reporting security issues to the appropriate staff, so issues can be thoroughly investigated

Schools will likely remain the targets of cyberattacks for years to come, so it is important that schools prepare themselves by implementing strong cyber practices for their systems. These include strong password management, next generation endpoint and event monitoring, MFA, vulnerability assessments, penetration testing, rapid patching and hiring cybersecurity professionals. When each of these fundamental strategies is performed correctly, significant risk reductions will occur, and cybercriminals will start to learn that school systems and networks are more secure and less vulnerable to common attacks than they think.

Related: Reading, writing, and cybersecurity: Practicing good cyber hygiene

eSchool Media Contributors