Educational institutions are rapidly adopting digital tools and platforms, which has skyrocketed the demand for vigilant safeguards and proactive strategies within the K-12 cybersecurity sphere.
According to the K-12 Cyber Incident Map, there were over 1,600 publicly disclosed cyber incidents targeting U.S. school districts and other public educational entities between 2016 and 2022. To understand the scale of the problem, school districts lose between $50,000 to $1 million per school data breach, according to the Government Accountability Office.
These attacks vary in nature, but the most common are phishing, data breaches, and ransomware. We’ll discuss each of these malicious attacks in more detail below.
Why strong cybersecurity for K-12 schools is so important
There's no way to sugarcoat it: breaches of this magnitude are happening all over the place, in virtually every corporate and government setting. Hackers tend to look for weakly guarded systems. Unfortunately, it’s common for school districts to have those due to limited resources for IT and cybersecurity. According to the CoSN 2023 State of EdTech Leadership Survey, only one-third of school districts have a full-time employee dedicated to web security, and two-thirds of EdTech leaders feel their district has insufficient resources for cybersecurity concerns.
Aside from the monetary losses, weak cybersecurity in schools puts thousands of students, families, faculty, and staff at risk of having their privacy invaded. It also leaves them subject to fraud, identity theft, online harassment, and more. Data breaches harm individuals, negatively impact the districts’ reputations, and diminish community trust in institutions.
How and why school data gets breached
Many school breaches are the result of phishing attacks. In this hacking technique, a school district employee receives an email containing a malware link. Clicking on the link allows his or her machine or mobile device (i.e., a network “endpoint”) to become infected. This gives the hacker an opening to pierce the school district’s network and steal data. For context, nearly 46% of emails sent in 2021 were spam, with the average click rate for a phishing campaign at 17.8%.
Hackers also deploy ransomware attacks and lock up the school’s data—or threaten to disclose confidential information—until the district pays the hacker’s price. In March 2023, more than 300,000 student files were leaked when Minneapolis Public Schools refused to pay a $1 million ransom.
Another technique involves social engineering, where a hacker impersonates a district employee or vendor in order to steal network login credentials. Hackers take advantage of the relative openness of public school networks, student laptops, and mobile apps — which are set up for community inclusion and student access to educational resources—creating vulnerability to breaches in the process.
The reality is that school districts generally don’t prioritize strong network security. According to Clever’s CyberSecure2023: The state of data security and privacy in K-12 schools, 34% of teachers and 34% of administrators believe educational devices are the most vulnerable part of their technical infrastructure. The survey also revealed that 26% of teachers say they’ve not received digital privacy or cyber security training. Data breaches are not only expensive for school districts — they may also face state and federal penalties for failing to follow security precautions. Ransomware and phishing in educational institutions represent serious threats that require heightened security measures and comprehensive training to combat.
The challenges of school cybersecurity amidst the COVID-19 pandemic
While security incidents in schools follow common patterns, the COVID-19 pandemic brought new challenges to the table. According to the 2020 State of K-12 Cybersecurity report, the frequency of cyberattacks followed usual patterns until the second semester of that year, when new methods of attack changed the security landscape for the worse.
The adoption of remote learning paved the way for three new cyber incidents: “Class invasion,” where malicious actors interrupt classes, breaching the security measures of meeting software such as Zoom or Google Meet. The same tactic can be seen in the so-called "meeting invasion," where actors target PTA meetings, virtual graduations, or educators' meetings instead of classes. The third attack is "email invasion," where a closed email system -i.e., faculty's emails- gets compromised for the purpose of sharing malicious links or photos. These specific cybersecurity threats faced by IT professionals underline the evolving landscape and the critical need for tailored security measures in educational settings.
Recommendations for enhancing K-12 cybersecurity
It’s clear that cybersecurity for K12 schools needs to be stronger, but as one would expect, money and personnel are big factors here.. Security can be expensive, as is hiring full-time IT professionals equipped with cybersecurity training.tHowever, there are solutions.Simple fixes like endpoint antivirus solutions are relatively cheap for the defense they provide. The cybersecurity industry also now fields many proven endpoint security, prevention, and detection solutions. Managed Service Providers (MSPs) with private IT staff—including those run by state cybersecurity agencies—offer affordable, high-level protection for districts.
Providing security for a school district is not a static process. It should be ever-changing and dynamic. Here are some of the biggest preventative measures you can control in aiding cybersecurity in schools:
- Antivirus software: It’s essential that school networks invest in strong antivirus software to address viruses and malware that have infected their system.
- Hardware-based firewalls: A solid firewall and network filters for on-premise access points are a must, especially in hybrid or classic on-site classes.
- DNS quality: A Domain Name System (DNS) is what links domain names with their corresponding IP addresses. An up-to-date DNS helps close the gaps in exploits that can lead to the extraction of valuable data such as usernames, passwords, and general personal information.
- Backup data: Data loss is a common consequence of malware, breaches, and ransomware. By backing up your data, you can often revert to a safe point before the damage happens.
- Whitelisting: Operating with a list of approved apps and programs on systems that limit outside applications from running.
- Security awareness training: It’s best to have administrators, teachers, and students complete a cybersecurity training hosted through a professional network security company or IT staff. A 2022 study found that one year of regular cybersecurity training reduced an institution's overall risk of falling victim to a phishing scam from roughly 32% to 5%.
How Prey can help
Prey offers a robust solution for K-12 schools and universities to improve cybersecurity. Our simple software provides unified management of device security, enabling groupings of devices by class, usage, or state with custom tags. Security managers can easily view devices’ statuses and hardware changes and can assign them to faculty or students through a single, multi-operating system platform.
In terms of reactive security, Prey lets administrators know when devices move out of bounds of Control Zones. They see historical movements and react automatically with anti-theft alarms, alerts, and locks. Throughout, the solution conducts forensic evidence gathering. Prey is focused on data privacy, so data wipe and retrieval reactions add a layer of protection that’s compliant with The Family Educational Rights and Privacy Act of 1974 (FERPA). Sign up for a free trial to see how Prey can help protect your district.
