NetworkTigers discusses school cybersecurity and the safety of our students.
Education is in the crosshairs. Learn what can you do to ensure that that school cybersecurity is adequate at your child’s place of education.
Why hackers target schools
Schools and universities have fallen victim repeatedly to malware, phishing scams and ransomware attacks, alongside financial institutions, government agencies and major corporations.
On the surface, schools may seem to be unusual targets for cybercriminals in search of a payday. However, there are five attributes that make schools prime targets for hackers.
1. Schools use new technology
Well-funded universities and schools often use new technology and the latest devices and platforms. Cutting edge technology gives students the experience they need for education in the twenty-first century. However, new equipment and software may have as-yet unknown bugs and vulnerabilities for the savvy cybercriminal to exploit.
Older programs and hardware that have been in circulation have received patches and updates to bolster their security as weaknesses are discovered.
2. Schools store a wealth of personal data
Hackers know that schools are rich with personal data belonging to staff, students and families. Names, addresses, Social Security numbers and more may be up for grabs on a college’s network.
College alumni are also susceptible to identity theft if their information is retained by their alma mater.
3. School email addresses may be used for credibility
Phishing scams are more successful when they appear to be from a legitimate source. Hackers using an address that ends in .edu know that recipients are more likely to open an email that looks as if it were sent from an institute of education.
4. School cybersecurity is poor in general
Historically, schools have not done a great job at protecting the data they store. Some small schools may not even have a dedicated IT associate tasked with cybersecurity, relying instead on a staff member who is “tech savvy” enough to make ends meet.
5. Remote learning presents security risks
As with other sectors, remote attendance has stretched cybersecurity protocols thin and opened up a new world of challenges for those who keep hackers at bay.
Unsecured devices, home networks and coffee shop wifi and have all contributed to the weakening of cybersecurity in schools.
How to ensure school cybersecurity is adequate
School cybersecurity can be enhanced and maintained using the same methods that organizations of all sizes employ to prevent hacking. Parents concerned about the safety of their student’s data should demand the following:
Maintain dedicated cybersecurity staff
Small schools across the country often skimp on staff because they think they are not on the radar when it comes to cyberattacks.
However, criminals know that perceived obscurity creates soft targets. Because of this, small schools are hacked regularly. These activities rarely make headlines outside of local news, so similar-sized schools may not realize how vulnerable they are.
To make matters worse, small schools are rarely able to recover adequately from a cyberattack, and once word gets around in hacker communities they are likely to find themselves hit repeatedly.
Update everything, always
New technology comes with its own cybersecurity risks, but schools running on older technology and protocols may be vulnerable, also. It is important that older equipment is kept current with manufacturer software and firmware updates.
Insist that your child’s school authorize automatic updates of network components wherever possible. Automatic updates prevent accidental security lapses and also cut down on the paid time it might take to update everything manually.
Unsupported software should no longer be used and hardware that is not receiving regular security updates can be replaced economically with refurbished equipment.
Staff and student training
Phishing attacks are on the rise and they are becoming more sophisticated as people grow wise to the scammers’ tactics.
Your school should train students and staff on basic cybersecurity hygiene so they are able to identify malicious messages. Parents should check their child’s online communications and schoolwork regularly. Updates outlining current hacks and scams should be distributed regularly to parents.
Maintain backups
A cyberattack can devastate a school’s schedule and rhythm if classes are canceled or delayed.
Ask about your school’s plan in the event of a hack. The entire system should be backed up so that disruption from an attack is minimized and classes can resume as quickly as possible.
Demand communication and trust
With some organizations going months before reporting that they had been hacked, it’s easy to see why parents want a degree of transparency with regard to any detected malicious activity.
Ask questions and accept only answers that satisfy you. Encourage the school to provide a line of communication between parents and those tasked with safeguarding student data. This can be in the form of a regular newsletter or QA sessions at parent/teacher conferences, school board or PTA meetings.
Make security a smart investment
School budgets are notoriously tight and small schools may be unwilling to allocate funds towards cybersecurity.
If your child’s school is reluctant or resistant to the idea of fortifying their data, make it clear that the money it takes to invest in cybersecurity pales in comparison to how much it costs to recover from an attack.
The average cost of a data breach in the US is more than $8 million.
Aside from financial damage, a cyberattack also disrupts education and lowers public confidence in a school’ ability to make prudent choices with regard to their safety.
Password hygiene and multi factor authentication
Multi factor authentication should be implemented across the board to limit risk. This includes platforms used by staff to maintain records and remote systems used for distance learning and communication.
Maintaining strong login credentials doesn’t just keep outside hackers from unauthorized access. It also prevents students from logging into one another’s accounts in an effort to impersonate or bully them.
Students have been known to log into school networks to change their grades or disrupt class schedules.
The future of school cybersecurity
Cybersecurity remains a moving target and all schools are vulnerable to hackers. However, there are ways to limit that vulnerability and educate students on cybersecurity in the process.
An understanding of security basics and the importance of staying vigilant with regard to online activities are skills that serve students long after they leave school.
