Keeping student data safe and maintaining information security in education are part of living in today’s world for educators. Why is it important to include data security in their work? Find an example of how to set up a school cybersecurity policy and more below.
School Cyberattacks On the Rise
There’s no sign that digital attacks are slowing down in this sector. On the contrary, schools suffered a combined total of 348 publicly disclosed malware infections, phishing scams, denial-of-service attacks and other attacks in 2019. That’s more than triple the number of attacks in the sector a year earlier.
Things didn’t get better in 2020. In April, the FBI’s Internet Crime Complaint Center (IC3) warned that threat actors could take advantage of the world’s rapid transition to remote learning to undermine students’ safety and privacy online. A summer 2020 report found that the weekly number of digital attacks per school had risen from 368 in May and June to 608 in July and August. Many of those digital attacks consisted of distributed denial-of-service (DDoS) attacks.
But that wasn’t the only problem. In the months that followed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert in which it revealed that threat actors were targeting K-12 schools to steal information, disrupt distance learning services and install ransomware. Threat actors assumed all kinds of disguises to boost their chances of success. In one attack, they even pretended to be parents in an attempt to target teachers with crypto-malware.
Why This Rise in School Cybersecurity Attacks?
Running on public funding could make it difficult for schools to find the money for consistent cybersecurity investments from year to year. At the same time, schools need to make their networks open to everyone they serve. That includes teachers, administrators, students, staff and parents — all of whom have varying levels of security awareness.
Take teachers, for example. Another report said nearly half (44%) of K-12 and college educators had not received even basic security awareness training around the digital threats facing them. Another 8% said that they weren’t even sure if they had received training. These results help to explain why so many aren’t familiar with some of today’s common digital threats.
That being said, a rise in digital attacks is what happens when schools also spend years thinking that they don’t have anything worth stealing. If there’s nothing worth stealing, then there’s no threat. And if there’s no threat, there’s no need to invest in school cybersecurity measures.
That’s a problem, given the speed with which schools are adding video conferencing apps and other remote access tools. These tools could provide attackers with a means to infiltrate schools’ networks and deploy malware. They can also gain access to sensitive data and use it to conduct phishing scams, identity theft and other attacks.
How to Improve School Cybersecurity
One of the best ways to boost school cybersecurity is to create an incident response plan. This lets personnel use defined roles to delegate essential response functions. It also enables them to test those processes so that they’re prepared in the event of a problem. That plan needs to work not only within the school’s workforce but also with external groups, including local law enforcement and the FBI.
Schools can also try to prevent an incident from occurring in the first place. They can do that by creating an effective security awareness training program. It should consist of the following three components:
- leaders prepared for real-world digital attacks,
- robust digital security skills, and
- training by roles to keep the group protected against targeted attacks.
That last point is important. Teachers face different threats than students do, and those threats aren’t the same as those confronting parents and administration. Therefore, schools need to create a program that provides training to all of their different groups. It should let people know the exact actions they can take and focus on relevant security topics. It needs to go beyond just email.
School Cybersecurity Training for Students
Schools can concentrate the content of their security awareness training programs on threats that affect their teachers and staff. But they need a different strategy for students, more so those in K-12 facilities. Just as they cultivate students’ language, reading, writing and other skills, so too should they foster their pupils’ digital hygiene.
One of the most effective means to do this is to make it hands-on and fun. The Center for Internet Security and the Multi-State Information Sharing & Analysis Center hosts the National Kids Safe Online Poster Contest every year, in which kids create posters that educate their peers about staying safe online, including password hygiene, safe web browsing habits and identity theft. With programs like this, kids can be one of the many defenses against attacks on school cybersecurity.
David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...