Keeping student data safe and maintaining information security in education are part of living in today’s world for educators. Why is it important to include data security in their work? Find an example of how to set up a school cybersecurity policy and more below.

School Cyberattacks On the Rise

There’s no sign that digital attacks are slowing down in this sector. On the contrary, schools suffered a combined total of 348 publicly disclosed malware infections, phishing scams, denial-of-service attacks and other attacks in 2019. That’s more than triple the number of attacks in the sector a year earlier.

Things didn’t get better in 2020. In April, the FBI’s Internet Crime Complaint Center (IC3) warned that threat actors could take advantage of the world’s rapid transition to remote learning to undermine students’ safety and privacy online. A summer 2020 report found that the weekly number of digital attacks per school had risen from 368 in May and June to 608 in July and August. Many of those digital attacks consisted of distributed denial-of-service (DDoS) attacks.

But that wasn’t the only problem. In the months that followed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert in which it revealed that threat actors were targeting K-12 schools to steal information, disrupt distance learning services and install ransomware. Threat actors assumed all kinds of disguises to boost their chances of success. In one attack, they even pretended to be parents in an attempt to target teachers with crypto-malware.

Why This Rise in School Cybersecurity Attacks?

Running on public funding could make it difficult for schools to find the money for consistent cybersecurity investments from year to year. At the same time, schools need to make their networks open to everyone they serve. That includes teachers, administrators, students, staff and parents — all of whom have varying levels of security awareness.

Take teachers, for example. Another report said nearly half (44%) of K-12 and college educators had not received even basic security awareness training around the digital threats facing them. Another 8% said that they weren’t even sure if they had received training. These results help to explain why so many aren’t familiar with some of today’s common digital threats.

That being said, a rise in digital attacks is what happens when schools also spend years thinking that they don’t have anything worth stealing. If there’s nothing worth stealing, then there’s no threat. And if there’s no threat, there’s no need to invest in school cybersecurity measures.

That’s a problem, given the speed with which schools are adding video conferencing apps and other remote access tools. These tools could provide attackers with a means to infiltrate schools’ networks and deploy malware. They can also gain access to sensitive data and use it to conduct phishing scams, identity theft and other attacks.

How to Improve School Cybersecurity

One of the best ways to boost school cybersecurity is to create an incident response plan. This lets personnel use defined roles to delegate essential response functions. It also enables them to test those processes so that they’re prepared in the event of a problem. That plan needs to work not only within the school’s workforce but also with external groups, including local law enforcement and the FBI.

Schools can also try to prevent an incident from occurring in the first place. They can do that by creating an effective security awareness training program. It should consist of the following three components:

  • leaders prepared for real-world digital attacks,
  • robust digital security skills, and
  • training by roles to keep the group protected against targeted attacks.

That last point is important. Teachers face different threats than students do, and those threats aren’t the same as those confronting parents and administration. Therefore, schools need to create a program that provides training to all of their different groups. It should let people know the exact actions they can take and focus on relevant security topics. It needs to go beyond just email.

School Cybersecurity Training for Students

Schools can concentrate the content of their security awareness training programs on threats that affect their teachers and staff. But they need a different strategy for students, more so those in K-12 facilities. Just as they cultivate students’ language, reading, writing and other skills, so too should they foster their pupils’ digital hygiene.

One of the most effective means to do this is to make it hands-on and fun. The Center for Internet Security and the Multi-State Information Sharing & Analysis Center hosts the National Kids Safe Online Poster Contest every year, in which kids create posters that educate their peers about staying safe online, including password hygiene, safe web browsing habits and identity theft. With programs like this, kids can be one of the many defenses against attacks on school cybersecurity.

More from Application Security

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…