Enhanced cybersecurity measures protect your school or district’s valuable information.
A single student record is worth between $250-300 on the black market. From Social Security numbers to school or personal email addresses, intruders can harvest valuable information from your district’s internal networks. Perhaps most frighteningly, these records also contain information enabling someone to approach a student in person, such as a home address.
And yet, despite these unsettling possibilities, cyberattacks collected approximately three million student records in 2018 alone, with the United States leading the world in all reported attacks. Not only do these attacks expose students and school communities to privacy breaches, but they also allow bad actors to infiltrate schools’ broader technology infrastructures, providing a base from which they can launch future attacks.
Unfortunately, school and district leaders typically begin addressing their cybersecurity vulnerabilities only after a major attack has occurred. In an educational landscape increasingly characterized by remote or “distance” learning, protecting school communities from cyber intrusions requires vigilance on the part of administrators, teachers, students, and their families.
Distance learning programs underscore the importance of cybersecurity for schools.
While some schools have ended instruction entirely due to the COVID-19 outbreak, others have continued to operate distance learning programs that simulate traditional school environments. As a result, students and teachers increasingly rely on strong cybersecurity measures to ensure the integrity of instruction and protect school communities from bad actors.
Globally, school closures have forced more than 1.5 billion students into remote learning environments marked by greater interaction with school-issued and personal technology, as well as online messaging platforms and learning management systems. While these tools facilitate student learning, they have also exposed schools to increased risks. “Zoombombing,” the latest example of cyberattacks to garner news attention, has underscored the vulnerabilities of seemingly secure video conferencing platforms.
Strong cybersecurity policies depend on effective communication by school leaders.
Crisis or not, school leaders must effectively communicate cybersecurity policies to their students, families, and staff. While it may be easy to have someone sign a release or acknowledgment form at the beginning of the school year, such efforts do little in the way of education or awareness. Given the rapidly evolving nature of both cybersecurity and the threats it seeks to mitigate, ongoing education is critical to the safety of your school community.
To this end, school leaders should proactively monitor developments in the field, sharing relevant news items with staff to keep awareness of cybersecurity efforts at the forefront of their broader school safety programs. Rather than providing a school’s cybersecurity policy exclusively to new hires, leaders should consider forming a working committee to review and update the policy on a regular basis, as well as manage ongoing education efforts to share any developments with the wider school community. Grounding these efforts in real-world, practical examples can help generate interest from non-technical audiences.
School communities should be wary of opening attachments from unfamiliar senders.
One of the most common types of cyberattacks on school networks occurs via email. Bad actors will sometimes contact your school staff in search of student info or other personal information, often with a financial reward attached. These hackers can masquerade as education-focused groups and or disguise themselves with another staff member’s name or title to generate trust from the recipient.
Phishing scams, in which recipients are prompted to download an attachment or click a link in the body of an email, can be particularly devastating. In one such instance, hackers stole more than $2 million dollars from a Texas school district after asking staff members to verify supposedly legitimate credit card transactions. As this case demonstrates, these scams are becoming increasingly sophisticated, causing alarm among cybersecurity experts.
Stay ahead of the curve to mitigate your school or district’s risk.
Bad actors will take advantage of every possible vulnerability in your school’s network. Because of this, ongoing education efforts and regular updates to your existing systems are critical to maintaining the security of your school’s data. School leaders should hold staff members accountable for installing key security updates—assuming they aren’t pushed out remotely—and also leverage summer months to enhance cybersecurity readiness across all of their devices.
Schools are also making increased use of multi-factor authentication to protect their networks. This process requires individuals to submit two pieces of personally identifiable information before accessing a specific platform. Such measures can greatly enhance the effectiveness of your existing cybersecurity infrastructure, making it more difficult for bad actors to easily access student or staff information.
At CTS, we help clients navigate new developments in cybersecurity.
Managing day-to-day schooling is hard enough. At CTS, we work with our schools to maintain and enhance their cybersecurity efforts. From advising clients on the latest trends in cybersecurity technology to including necessary updates in summer work plans, our managed IT services have supported more than 60 schools in securing their students, staff, and broader network data. Contact us today to learn more about how we can help keep your school community safe online, so you can get back to the business of teaching and learning.