High Schools & Cybersecurity

Whatever the motivation, cybersecurity threats have now become pervasive. They continue to upend every facet of the digital realm. The sad thing is that no institution, organization, or individual is impervious to cyberattacks.

High schools are particularly vulnerable to cyberattacks. This is why cybersecurity in education should be taken more seriously. High schools should assess their current strategies to know if they can defend themselves against these cyber threats.

You wouldn’t necessarily consider a school to be a prime target of cybercrime. This is the exact reason why cybercriminals have identified schools as profitable targets.

Types of Cyber Attacks Targeting Schools

1. Phishing

Phishing attacks are usually in the form of an email appearing to be from a trustworthy source. The attackers usually include malicious links or attachments that look like normal documents and links.

Unfortunately, students are easily tricked into clicking on the links and downloading the attachments. This then downloads malware onto their school computer and gives the attacker access. Schools should employ email address lookup tools to ensure that any emails the staff or students open are from trustworthy sources.

2. Malware/Ransomware

Ransomware is malware that encrypts the owner's files once installed on a device. High school-directed ransomware attacks usually contain malware that encrypts the school's data files and systems. This leaves the school's staff and students unable to access them.

The attackers then demand a ransom for the school to regain access. They know schools can’t afford to delay the education of students while they make efforts to restore the system.

3. DDoS Attacks

Distributed Denial of Service attacks usually overwhelms network servers by flooding them with numerous requests from thousands of machines, usually through botnets. Ultimately, the increase in traffic knocks the institution offline.

The attackers gain access to the resources with the main goal being to steal data, money, or intellectual property.

Why are Schools Targeted?

1. Financial Gains

With most cyberattacks, money is usually the main motivation. Financial motives range from stealing money to holding the school's data or systems for ransom. While not all schools have a lot of finances, if they can be hacked, the payoff is worth it for cyber attackers.

2. Lots of Personal Information of Students/Staff/Families

Schools are a goldmine for personally identifiable information (PII), which makes them attractive targets for cybercriminals. They have large student populations, and they typically keep not only the student and staff information but that of parents/guardians.

This information could be anything from health records, financial information, social security numbers, home addresses, parents' names, and phone numbers.

3. Old Software

High schools, especially public ones, struggle with budgets. Investment in security software comes at the cost of other items. For this reason, security software is often thrown on the back burner.

Most schools generally use old and outdated cybersecurity software. With such lax security software, it's an open invitation to cybercriminals. They might as well put up a sign saying "Attack Me."

4. Lots of Connected Devices

The “bring your own device” (BYOD) practice is still prevalent in some high schools. This way, staff and students use their own computers, smartphones, or other devices for school purposes. In most schools, everyone connects through their own laptops, desktops, phones, and tablets. Each of these devices usually connects to the school's network, and each one of them is an opportunity for hackers.

Challenges School Districts Face with Cybersecurity

1. Not Enough Knowledge/Education on the Topic by the Staff and Decision-Makers

There's a lack of awareness on cybersecurity by students, staff, and decision-makers in schools. The culture of cybersecurity training is something that is still missing in most schools.

This means that each person who connects to the school network is unaware of cyber risks, and they end up falling prey to cyberattacks. A good example is that not so many are knowledgeable of phishing attacks. Many also don’t realize that email lookup tools are available to verify the identity of an email sender.

2. Not Enough Resources

High schools, especially public ones, struggle a lot with supplying adequate budget for cybersecurity. Very little investment is allocated to ensure the school's network is protected from cyber threats. Many schools don’t have a dedicated IT department to deal with cybersecurity matters. Neither do they have the budget to invest in the latest cybersecurity software.

3. Resistance to Change

The nature of technology is that it's ever-changing. With this change comes an increase in the methods cybercriminals use to carry out attacks. This means that schools need to keep up with the times and adjust their cybersecurity systems.

This is important for closing loopholes for cybercriminals to take advantage of. Sadly though, most schools are resistant to this change, and they are still using outdated technology and software for cyber protection.

How Schools Should Prepare for an Attack

1. Training/Educating Staff/Students

Cyberattacks are constantly evolving. So staff and students need security awareness training to equip them to detect and avoid cyberattacks. For example, training on email lookup tools are handy to protect against phishing attacks. This training will instill knowledge of cybersecurity measures.

2. Store Data as Securely as Possible

Schools are a prime target of cyberattacks because of the amount of information they keep on students, staff, and parents. This information is valuable to attackers, and it should therefore be protected at all times.

This is why schools should make sure that any sensitive information is stored as securely as possible. Certain security measures can ensure this data remains safe, like multi-factor authentication, strong passwords, creating firewalls, installing antivirus, etc.

3. Monitoring

The best way to monitor the school’s network is to run frequent security audits. This makes it easy to see where the school's safety is falling short well before a potential attack.

Administrators should order these audits regularly to ensure the security systems and practices are up to date.

After all, technology changes rapidly. The security profile at a school may need to receive regular updates to keep up with the demands.

4. Limited Access to Staff/Students

If many people are using the school's network with unrestricted access, then one of them is bound to let slip and give a cybercriminal an access point. The easiest way to avoid an attack would be to restrict access to staff and students.

Schools should tighten up on administrative privileges to ensure not everyone has access to certain parts of the school network, especially the critical ones.

5. Create Firewalls

A firewall protects devices and data by managing network traffic. It blocks unsolicited and unwanted incoming network traffic. Usually, a firewall validates access by assessing this incoming traffic for anything malicious like malware that could infect computers.

Schools should implement frequent firewalls in their networks to effectively lock out any cybercriminals that try to gain access to the network.

What to Do after a Cyberattack Has Happened

In case of a cyberattack, here are some handy tips to follow:

Identify what part of the network and which data has been attacked.
Shut down all systems to help prevent the spread of further damage.
Change any exposed passwords.
The school and IT leaders should communicate with the school community about the attack.
Activate a cyberattack recovery plan if the school has one. If it doesn't, this would be a great time to contact a professional cybersecurity expert to help out.
Report the cyberattack. You can file a complaint with IC3 or contact the nearest FBI field office.

Conclusion

Schools are a target of cyberattacks because of sensitive stored data, and backdoors into sensitive networks. With so many attack vectors and limited IT resources, schools should focus on identifying the movement of data and incoming traffic in their network. This, coupled with prevention and detection measures, can help schools greatly improve their cybersecurity protocols.

Author:

Ben Hartwig is a Web Operations Executive at InfoTracer who takes a wide view from the whole system. He authors guides on entire security posture, both physical and cyber. Enjoys sharing the best practices and does it the right way!

Popular Stories

Harnessing AI to Transform Career Education: Philadelphia Learning Logistics & Tech Tour

Exploring Innovation and Technology: Philadelphia Learning Logistics & Tech Tour Educator Panel

Strong Leadership and Comprehensive Plan Creates Literacy Success

Tech Made Easy: Empowering Educators to Inspire the Next Generation!

The Four Pillars of Effective Learning: Applying the Carroll Model to Empower All Students

Making Phonics Fun: Engaging Approaches for Modern Classrooms

Advice for Holiday Anxiety

A Collaborative Framework for Teacher Leadership

Without Comprehension, Is It Really Reading?

The Importance of Phonics in Building Lifelong Literacy

Share to Care