While the world continues to grapple with the challenges brought about by the COVID-19 pandemic, an unprecedented and exponential rise in cybercrime has ensued. Healthcare facilities, government organizations, and utility companies have all found themselves in the crosshairs.
Schools and universities have also found themselves repeatedly targeted by cybercriminals looking to steal large amounts of sensitive, personal data. Ransomware attacks against schools can be disastrously disruptive and result in potentially long-term issues related to identity theft for staff and students alike.
Why are schools targeted by cybercriminals?
Schools and colleges keep a large amount of student, staff, and contractor data stored in their servers. This makes their networks enticing targets for criminals looking to steal troves of valuable information. From home addresses and telephone numbers to Social Security information and banking data, the successful hack of a school’s system can result in a significant payday for a criminal looking to sell data on the dark web.
A multitude of connected devices
Between students, staff, and visitors, a school’s network may have thousands of different devices logging on and off at any given time. These different endpoints provide hackers with ample opportunities to attempt network access and create a challenging web of connected equipment for an IT department to manage.
Public access to campuses
Colleges and universities are traditionally visitor-friendly. It’s in a college’s best interest to foster an open environment where prospective students, parents, and staff can feel comfortable. However, this openness also allows bad actors to easily come and go as they please. Open computer labs provide opportunities for hackers to attempt to insert malicious code into a campus computer by physical means via a USB drive.
Sensitive, confidential research
College campuses are research supercenters. State actors are well aware of this, and efforts by foreign entities to hack into college networks to take a peek at scientific and military research have been on the rise. In 2019 alone, the Wall Street Journal reported that Chinese hackers had attempted to break into more than two dozen college campuses looking to steal data related to military research.
Poor cybersecurity protocols
Schools often lack robust cybersecurity. Most schools don’t even have anyone on the payroll specifically dedicated to maintaining network safety. In many cases, unauthorized access to networks or user email accounts is accidentally given up by someone who has been the victim of a phishing scam. One of the most important but overlooked aspects of cybersecurity is proper training. The ability to identify and recognize fraud is a skill that is sorely lacking across school systems, especially those that remain underfunded or poorly staffed. The fact that it is impractical to properly monitor the online activity of hundreds, if not thousands of students make this an especially challenging obstacle for larger districts.
How can schools improve their cybersecurity in 2021?
Hacks and ransomware attacks don’t have to be a normal occurrence. Here are some ways that schools can improve their cybersecurity in 2021 and beyond:
Improved device management
Schools should restrict staff and student access while using a device connected to their network. Access to areas outside of the controlled environment should not be allowed and students should only have the ability to access what they need to complete assignments and study. A network without restriction can be an open door for malware and hacking.
Cybersecurity training and education
Just as students are educated on the proper behavior and exit strategy in the event of a fire, young people should also be taught the foundational principles of strong cybersecurity. Teach students about password strength, online account best practices, and how to identify scam attempts.
Conduct a cybersecurity review
Conducting a review of cybersecurity practices may reveal vulnerabilities that would have been otherwise undetected. Disabling old accounts, refreshing who has access to what data, and taking a close look at the information that is currently being saved can allow an IT department to streamline and refresh network security.
Get parents involved
With so many students engaging in remote learning from home, it’s important to educate parents on proper cybersecurity protocols as well. Schools should inform parents of the risks inherent to the internet and encourage them to keep a close watch on their childrens’ web usage and habits.
How can you bolster your own cybersecurity?
Cybersecurity takes a village. Hackers are crafty and resourceful, pulling data from a variety of sources and using it to break into networks and servers belonging to targeted organizations. You can improve the cybersecurity of your home network or small business in the following ways:
Keep everything updated. From your OS to your antivirus software, keep up with regular security updates and patches to prevent hackers from taking advantage of old vulnerabilities within your system
Use a virtual private network (VPN). VPNs keep your online activity hidden and are a great way to keep prying eyes off of your web usage.
Create strong passwords. Practice proper password etiquette by creating challenging login credentials that aren’t used across multiple accounts. Change your passwords regularly.
- 6 Cyber Threats for the 2021 School Year by Lucas Anderson and Campbell Gill, 20 Aug, 2021, TASB Risk Fund
- Cybercriminals Strike Schools Amid Pandemic by Jenni Bergal, 22 Sep, 2020, PEW
- Cybersecurity in Schools: Why are Cyberattacks increasing? By Micah Castello, 17 June, 2020, EdTech
- Schools could be ripe for cyberattacks amid ransomware open season by R. Dallon Adams, 16 Aug, 2021, TechRepublic
- 3 Reasons Higher Education is a Cyberattack Favorite by Alicia Townsend, 26 Feb, 2021, onelogin
- Chinese hackers target University of Hawaii, MIT and other schools in pursuit of military secrets by Dustin Volz, 5 March, 2019, The Wall Street Journal
- 4 Ways Schools Can Improve Cybersecurity — Even When Budgets Are Tight by Jeff Bathurst, 28 Oct, 2020, EdTech