Many schools around the country are faced with the issues of outdated systems and a lack of expertise in crucial areas, leaving them vulnerable to cyber-attacks. This is doubly the case in rural areas where resources can be limited. Additionally, poor Internet connectivity can hinder the implementation of cybersecurity infrastructure to protect staff and students' personal data.
Statistics and recent incidents paint this picture very clearly. In August last year, in a survey of education industry IT professionals around the world, 80 percent reported they had been the victims of some kind of ransomware attack in 2022. It is now a well-established fact that K-12 schools represent the most-targeted industry.
In September last year, a ransomware attack released tons of sensitive information from a school district in Clark County, Nevada. Additionally, earlier in 2023, a group of hackers hacked the Minneapolis Public Schools system, leaking sexual assault cases and other sensitive online files when the board refused to pay the $1 million ransom that they were asking for.
These are among the biggest districts in the country. With the resources available to them, if they’re vulnerable to these kinds of attacks, what can be done to help schools that are particularly vulnerable in rural communities around the country? Let’s examine the proactive approach to take for these schools and measures that can be introduced to protect their cybersecurity infrastructure.
Crucial Initial Security Steps
Smaller schools need to conduct regular audits and risk assessments to identify vulnerabilities in their IT infrastructures. This helps to prioritize necessary security upgrades and allocate resources efficiently. Only by understanding their weaknesses fully can schools develop targeted strategies that strengthen their cybersecurity defenses.
One of the most important steps involves implementing multi-factor authentication (MFA) which adds an extra layer of security by requiring passwords, biometrics, or security tokens. It significantly reduces the risk of unauthorized access to university systems and ensures that only authorized individuals can access sensitive information.
Next, staff and students need to be educated about cybersecurity best practices through ongoing awareness programs and training sessions. This ensures that they are the first line of defense against potential cyberattacks by understanding phishing attacks, password security, and safe online behavior. Schools should consider delivering training sessions that are genuinely engaging and involve a variety of methods such as workshops and online modules. If students and staff are just given a pamphlet to read with a few notes in it, they will never take any information in. Schools can consider offering small incentives and seeking feedback on how the training is going.
Lastly, in this basic framework, small schools need an established and well-defined incident response plan so they can effectively manage and mitigate the impact of cyber attacks when they do happen. This would outline the steps to identify and then contain a cybersecurity breach, minimizing potential disruptions.
If possible, schools should seek help from external resources. Given the context of limited budgets and resources, this could well be the most crucial step because it might facilitate all of the above.
Government Funding and Other Resources
Firstly, like many issues around the world, it comes down to money being appropriately allocated when discussing the idea of schools seeking external help. Luckily there are some states that are showing what needs to be done in the US. The Texas legislature recently gave $55 million to fund the state’s education agency in its fight against cybersecurity in all corners of Texas.
They want to provide immediate solutions, particularly in rural areas, by hiring dedicated specialists. Additionally, technical assistance would be provided by the regional Education Service Centers throughout Texas. This means that small schools have a better chance of receiving end-point detection and other subscriptions in the coming years.
And it’s not just Texas who are making these moves, Minnesota also granted $24.3 million for their school districts for the same purposes, if not as comprehensive. This came after a big ransomware exposure back in February 2023. We need to get to a point where we are not waiting for a significant incident like this to lead to action but that it comes as a preventative measure.
Elsewhere, Project Cybersafe Schools by Cloudflare recently provided free zero-trust cybersecurity solutions across the US with no time limit in place. They had over 200 schools come forward across 30 states, which gave access protection against phishing, credential harvesting, and other types of attacks.
Final Thoughts
Rural schools clearly face challenges in enhancing their cybersecurity measures from monetary issues and outdated systems. However, if they can be proactive in seeking help from free and low-cost external resources and ensure they follow some crucial security steps in the best way that they can, these schools can keep their staff and students’ data safe.
About the author
Charlie Sander is CEO of ManagedMethods, a Boulder, Colorado-based data security and student safety platform for K-12 schools. With more than three decades of experience in the IT industry, Charlie has been an executive at some of the fastest-growing companies in business. He holds 10 patents and graduated from the Cockrell School of Engineering at the University of Texas at Austin with a BSEE degree.