This is the first piece in a series about education security challenges in 2020-2021.

Education has been an underrated and understated hotbed for cybersecurity threats. School officials and security teams are tasked with not only protecting the personally identifiable information (PII) of students, faculty, staff, consultants and contractors, but also their health and financial data. These issues have always been security threats. But, the pandemic has shifted the emphasis on data security in schools.

Security threats to schools now include protecting school networks from malware. And, these attacks become more relevant as students and faculty connect from home. Hijacked video services and bring-your-own-device type issues are also possible as devices are transferred between home and the classroom for hybrid learning. 

“Unless students, teachers and administrators are IT experts, it’s not out of the realm of possibility that they have had malware introduced to their device,” Doug Levin, head of EdTech Strategies and former director of the State Educational Technology Directors Association, told eSchool News. “If you got your router from Best Buy or the cable company, you might not have changed the settings on it. Bad guys know that, and they look for devices they can compromise.”

Data Security in Schools in a Chaotic Time

Academia across all levels has embraced digital transformation for this school year. Even the youngest children are using connected devices. While students may seem like they were born with gadgets in their hands, this may be the first time many of them are using a computer for something other than gaming. Unfortunately, the one lesson they aren’t being taught is how their behavior impacts cybersecurity and can hurt data security in schools. And, they may not be given basic awareness lessons about data security in schools because teachers may also be unaware of the basic problems and how to prevent them. 

Types of Security Risks That Threaten School Computers

School leaders and IT departments are tasked with ensuring faculty and students have access to the data they need to learn while adding solutions to make sure that access is siloed for specific users. They also need to be on top of data security in schools and attacks that threaten school computers.

Ransomware

Ransomware has been an issue for many schools that have instituted a work-from-home or hybrid model, taking down school networks for hours or days. This style of attack isn’t new; more than 500 schools have been targeted by ransomware — and that was before schools moved to remote learning in the pandemic.

The best option for protecting yourself from a ransomware attack is to put together a plan that includes easily accessed backup data stored in an outside location, like the cloud or an external hard drive.

Internet Connection Problems

A lot of students struggle with basic connection issues. Even college students have struggled with login issues and lockouts due to forgotten passwords. When students can’t log into their virtual classroom or to dashboards that organize coursework, they fall behind. Encourage older students to use password management systems. Meanwhile, younger children can have clear written instructions on how to access their classroom on their own. Leaders should make sure IT support exists for students (and teachers) so they can easily and quickly engage with data security in schools.

Zoom Bombing

Perhaps the threat that looms the largest for remote learning is the so-called “Zoom bombing,” when an uninvited visitor hijacks a video conference. Waiting room options will keep intruders out, but teachers may not use the option because it takes a lot of time to approve hundreds of students in a large lecture class, handle students entering after class starts or letting them in again when an overwhelmed network drops off. Intruders in these calls have access to intellectual property and more. For threat actors, it is an inviting way to break in and breach data security in schools.

Teachers should use unique IDs for each classroom meeting whenever possible, rather than using their personal ID. Teachers should also be the first one in the meeting, so turn off the feature that allows guests to enter before the host. This will prevent unwanted actors from entering the virtual classroom. Once everyone is in class, teachers should then lock the virtual door.

In addition, any time a teacher is using the shared screen option, they should close browser tabs and programs to limit what attendees can see on the screen. Never share students’ personal data.

The Future of Data Security in Schools

These new threats to cybersecurity in schools are here to stay. Maybe one day remote learning will end. For now, since schools have a taste of digital transformation, expect to see it stay, too. Across the country, school boards are working through remote learning to avoid weather cancellations and COVID-19 outbreaks. Meanwhile, digital books and learning tools are less expensive and more current than paper textbooks. Leadership will need to find ongoing solutions to cybersecurity problems.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…