We have heard of and had so much discussion about moving with the times, embracing the age of automation, connecting with students, technology enhanced items, and of course remote and online testing. With these incredibly opportunities come unexpected challenges and huge responsibility. Our greatest fears include technology failure and now cyberattacks! Learn more about what areas are vulnerable and why it is critical that we take steps to protect them:
- Many districts have fallen victim to cybersecurity attacks.
- Online learning, which has increased gradually over the past decade and significantly since March 2020, has only exacerbated the possibility of exposing staff and student data to unauthorized parties.
- The education sector has been ranked among the least secure in 2018, with the highest vulnerabilities present in application security, endpoint security, and keeping software up to date.
- The 2020 calendar year saw a record-breaking number of publicly disclosed school cybersecurity incidents—a grand total of 408 across 377 school districts in 40 states (18% increase).
- These cyberattacks impacted taxpayers, district staff, and students, leading to school closures, millions of dollars stolen, and data breaches linked to identity theft and credit-card fraud.
- School districts’ networks are the perfect target for cybercriminals because they house a large amount of personal data but exist in a milieu not necessarily attuned to the threat of attack.
How Cyberattacks Happen
- Phishing – these attacks usually get a user to reveal personal information or install malicious software, or malware, on their computer. In a business-email compromise attack, cybercriminals impersonate a trusted party, usually a senior executive, to obtain payments or financial information.
- Distributed Denial-of-Service Attacks – targeted flood of internet traffic disrupts network availability by overwhelming the system and surrounding infrastructure. As a result, users are prevented from accessing payroll platforms, student schedules, and email applications, all of which are necessary to conduct the day-to-day operations of the school. In addition to the complete paralysis of a school system, these acts also breach data and expose confidential or protected information that can be viewed, shared, and used as ransom.
- Most school districts lack strong security protocols because they have small IT teams and significant budgetary constraints, but progress is being made in districts across the country, as they work to prioritize cybersecurity.
What Can Districts Do?
- Cybersecurity training – little training takes place in schools and most are unaware of critical information relevant to protecting their schools.
2. Back up, back up, back up – a robust backup system is the best protection against an attack, and the most effective backup systems are
- a) cloud-hosted or offline
- b) not tied to a district’s domain, and
- c) inaccessible from the district network.
3. Cybersecurity insurance – cost varies based on size and location, districts could end up saving millions by adding this insurance to their yearly operational budgets.
4. Other best practices – districts can reduce infections by filtering at the email gateway, maintaining updated antivirus and anti-malware software, and using a centrally managed antivirus solution.
- Districts should apply the principle of data governance, or giving users access only to the data they need to do their jobs.
- Districts must maintain a robust asset-management system, retain and secure logs from network devices and local hosts, and baseline and analyze network activity to determine behavioral patterns.
5. The Work of Many – Districts cannot fight off the hacker hordes alone.
- ESSER money allocated to support broadband access, equipment purchases, and remote-learning infrastructure does not cover districts’ cybersecurity needs, such as upgraded firewalls.
- Effort is underway to make Covid-19 relief funds available for cybersecurity resources and raise school district awareness of the need for more robust cybersecurity measures.
- On October 8, 2021, President Biden signed the K–12 Cybersecurity Act of 2021.
- study the specific risks impacting K–12 institutions
- develop recommendations for cybersecurity guidelines, and
- create an online toolkit districts can use for implementation
When it comes to a cyberattack on a school district, it is no longer a matter of if but when. Whether they are malicious or accidental, bad actors exist within our own systems and we must take stept to protect the data privacy of our staff and most importantly, of our students.
Learn more HERE