K-12 schools face cyberattacks?How can that be? Unfortunately, such attacks are increasingly common. For instance, according to the 2020 State of K-12 Cybersecurity: Year in Review, a report from the K-12 Cybersecurity Resource Center, 2020 was a record-breaking year for attacks in schools, with more than 400 incidents recorded. These attacks vary in type but are mainly associated with the following: Phishing (Most common), Data breaches , and Ransomware.
We’ll get into how each of these malicious attacks work later in the article.
To understand the scale of the problem, consider that the Los Angeles Times reported as many as 500,000 students and staff at the San Diego’s Unified School District may have had their personal data stolen by cybercriminals in 2018. The breach included social security numbers, dates of birth, phone numbers, and private health information.
Why K-12 Cyber Security Is So Important
There's no way to sugarcoat it: breaches of this magnitude are happening all over the place, in virtually every corporate and government setting. Hackers tend to look for weakly guarded systems. Unfortunately, is common for school districts to have those, due to limited resources for IT and cybersecurity. And, to be sure, who would have even thought of this as an issue even a few years ago?
Thousands of students, their families, faculty, and staff are having their privacy invaded. They are at risk of fraud, identity theft, and online harassment. College admissions and other sensitive educational processes such as special ed grants are at risk if sensitive information is exposed online. Data breaches affect the districts’ reputations and diminish community trust in the institutions.
How and Why School Data Is Getting Breached
Many school breaches are the result of phishing attacks. In this hacking technique, a school district employee receives an email containing a malware link. Clicking on the link allows his or her machine or mobile device (i.e. a network “endpoint”) to become infected. This gives the hacker an opening to pierce the school district’s network and steal data. For context, Verizon reported in 2018 that users in the U.S open 30% of phishing all emails, with 12% of those targeted clicking on infected links or attachments.
Hackers also deploy ransomware attacks and lock up the school’s data -or threaten to disclose confidential information- until the district pays the hacker’s price. Another technique involves social engineering, where a hacker impersonates a district employee or vendor in order to steal network login credentials. Hackers take advantage of the relative openness of publicschool networks, student laptops, and mobile apps, which are set up for community inclusion and student access to educational resources – creating vulnerability to breach in the process.
As CSO Magazine reported, citing the Verizon breach study, “The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a mobile device.”
On the defense side, school districts, usually have not prioritized strong security. They may not have the personnel or skill sets to defend digital assets. However, cleaning up data breaches is financially costly for schools. The district may also face state and federal penalties for failing to follow security precautions.
The Challenges of School Cybersecurity Amidst The Covid-19 Pandemic
While security incidents in schools follow common patterns, the COVID-19 pandemic brought new challenges to the table. According to the aforementioned State of K-12 Cybersecurity report, the frequency of cyberattacks was following usual patterns until the second semester of 2020, where new methods of attack changed the security landscape for the worst.
The adoption of remote learning paved the way for three new cyber incidents. Class invasion, where malicious actors interrupt classes breaching the security measures of meeting software such as Zoom or Google Meet. The same tactic can be seen in the so-called "meeting invasion", where actors target PTA meetings, virtual graduations, or educators meetings instead of classes. The third attack is "email invasion", where a closed email system -i.e. faculty's emails- gets compromised for the purpose of sharing malicious links or photos.
What Are Some Ways Schools Can Improve Cybersecurity? Best Practices
It’s clear that schools need stronger cybersecurity. Money and personnel are big factors here, as one might expect. Security can be expensive, though in some cases simple fixes like endpoint antivirus solutions are relatively cheap for the defense they provide. The cybersecurity industry now fields many proven endpoint security, prevention, and detection solutions. Managed Service Providers (MSPs) with private IT staff, including those run by state cybersecurity agencies, offer affordable, high-level protection for districts.
Providing security for a school district is not a static process. It is (or should be) ever-changing and dynamic. Here are some of the biggest preventative measures you can control in aiding cybersecurity in schools:
Antivirus Software: It’s essential that school networks invest in strong antivirus software to address viruses and malware that have infected their system.
Hardware-based Firewalls: A solid firewall and network filters for on-premise access points is a must, especially in hybrid or classic, on-site classes.
DNS Quality: A Domain Name System is essentially what links domain names with their corresponding IP addresses. A constantly updated DNS helps close the gaps on exploits that can lead to the extraction of valuable data such as usernames, passwords, and general personal information.
Backup Data: Data loss is a common consequence of malware, breaches, and ransomware. By backing your data up you can often revert to a safe point before the damage happened.
Whitelisting: Operating with a list of approved apps and programs on systems that limit outside applications from running.
Security awareness training: It’s a good idea to train administrators, teachers, and students about cybersecurity through professional security companies/IT staff. For example, if people are savvier about phishing, they will be less likely to click on malware links.
How Prey Can Help
Prey offers a solution for helping schools and universities implement improved cybersecurity. It provides unified management of device security, enabling groupings of devices by class, usage, or state with custom tags. Security managers can thus view devices’ statuses and hardware changes. They can assign them to faculty or students through a single, multi-operating system platform.
In terms of reactive security, Prey lets administrators know when devices move out of bounds of Control Zones. They see historic movements and react automatically with anti-theft alarms, alerts and locks. Throughout, the solution conducts forensic evidence gathering. Prey is focused on data privacy. Data wipe and retrieval reactions add a layer of protection that’s compliant with The Family Educational Rights and Privacy Act of 1974 (FERPA).
Hugh Taylor is a Certified Information Security Manager (CISM) who has written about cybersecurity, compliance, and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google, and Advanced Micro Devices. He has served in executive roles at Microsoft, IBM, and several venture-backed technology startups. Hugh is the author of multiple books about business, security, and technology