A leading expert provides context and direction on an emerging area of concern.
GUEST COLUMN | by Charlie Sander
Earlier this year, hackers successfully targeted a network service provider for the New York City public school system, putting the personal data of some 820,000 current students and alumni in danger. It was the largest cyberattack on a single school district in American history.
This intrusion occurred at a time when skilled cybercriminals are increasingly targeting school districts throughout the US—and the businesses that service them. Many of the hackers involved in these operations are from overseas nations, which is challenging for American law enforcement to crack down on.
Cyber-attacks on school districts have a broad range of impacts on communities. They have caused school cancellations, threats to students and parents, and impact school revenue. Recovery from an attack can also cost thousands to hundreds of thousands of dollars that could have been better spent elsewhere. Therefore, districts need to carefully consider their capacities for cyber resilience and incident response plans.
‘…let’s dive into the main cyber security threats and the reasons why cyber security awareness is so crucial for schools.’
Since 87% of students use a laptop, notepad, or Chromebook to do their coursework, protecting this vulnerable group from cyber attacks is all the more critical. In fact, Microsoft’s Global Threat Activity Tracker discovered almost 6 million malware occurrences in the education sector in the 30 days leading up to the publication date of this article, making up 80% of all industry attacks during this period.
With that in mind, let’s dive into the main cyber security threats and the reasons why cyber security awareness is so crucial for schools.
Defining The Relevant Threats to Schools
Schools are frequently targeted because their systems include a lot of private and sensitive information regarding pupils, instructors, employees, and even parents. The most common threats likely to hit schools in terms of cybersecurity are:
- Data Breaches: Cyber attackers are aware that students frequently lack knowledge on how to adequately protect personal and financial data they are putting online, often for the first time. Hackers may use this data for identity theft, credit fraud, and other crimes.
- Malware, Ransomware, and Phishing: Phishing is the practice of an attacker sending an email pretending to be a trustworthy business or individual in order to fool the receiver into exposing sensitive information. This could involve clicking on a link or downloading an attachment.
- Vulnerabilities in Unpatched Software: Attackers trying to gain access to networks and systems are considerably more likely to exploit unpatched, outdated software and hardware.
- Cyberbullying and Inappropriate Content: Bullying on computers, cell phones, or tablets may cross the line into illegal or criminal activity. The Cyberbullying Research Center estimates that 37% of pupils have been victims of cyberbullying. Students could also view inappropriate content when acceptable usage guidelines don’t exist or content screening is disregarded.
What Do Schools Need to Do?
Obviously, it goes without saying that no tool or technology can 100% guarantee that all data systems will be protected. However, that doesn’t mean that schools shouldn’t be doing everything they can to safeguard their employees and students. The fact is that approximately 88% of all data breaches are caused by an employee mistake, and schools are no different. Most data incidents are accidental leaks from internal users (students, faculty, and staff) storing and sharing information improperly.
There is a two-pronged approach that schools should take when considering cybersecurity training.
First, on the technical side, technology teams need to stay updated on new technologies and best practices like two-factor authentication, which can help protect against unwanted access. Additionally, automatic notifications can be activated for any suspicious behavior or non-compliant devices. It’s a preventative approach to guarantee adherence to internet safety standards.
‘…technology teams need to stay updated on new technologies and best practices…’
Second, the human factor in cybersecurity cannot be ignored. Schools should consider introducing workshops on the risks of being targeted by malicious actors online and particular platforms to be aware of. The workshops would teach everyone to recognize suspicious emails and understand the best practices for sharing and storing sensitive information. For example, don’t send credit card information via email or send “global share” settings for files that contain personally identifiable information. In addition to these classes, schools can create policies defining the acceptable use of the district’s data and technology.
Unfortunately, the reality is that schools often lack the resources and bandwidth necessary to prepare for a cybersecurity crisis adequately. This is why it’s crucial for district leadership—and their security providers and vendors—to focus on investing in a safe, secure online learning environment where students can flourish.