This blog is the last in a series about improving data security in schools.

When learning moved from the classroom to the dining room, schools scrambled to ensure students had the tools they needed. A study conducted by FutureSource Consulting found that the number of computing devices shipped to educational institutions in 2020 is expected to be 27% higher than the year before, with 18 million devices shipped, compared with 14 million in 2018 and 2019. With this comes a need to be extra vigilant about digital security threats to schools.

Remote classrooms and hybrid schooling have highlighted the need for improving internet connections in rural areas and providing internet connections to poor children. And while schools may have the latest computers, their IT infrastructure may be failing and old. This can lead to security threats to schools, students and staff.

Types of Risks to School Computers

For any group, data is its most important asset. Schools are no different. In fact, the value of data in K-12 schools may be higher because young people’s data is not monitored as closely as it is for adults.

Education is also one of the hardest-hit industries for malware attacks, according to EdTech, with “61% of nearly 7.7 million enterprise malware encounters reported” in one month coming from schools.

The threat of ransomware attacks looms large in schools, as well. A school district in Connecticut was forced to postpone its first day of school due to a ransomware attack that crippled the district’s entire system. It wasn’t the only school to be affected this way. Experts say digital security threats to schools will rise at the holidays, as well, when everyone is on break and aren’t using the school networks.

The Big Picture Matters to Security Threats to Schools

Strict budgets may limit what schools can do. Decision-makers have needs that may not include security. Many schools have applied for special grants or partnerships to acquire the number of devices they need, more so during this unusual time.

School decision-makers, who lack tech and security savvy, may think that because the school already has an IT infrastructure and the devices are new, all is well. What they don’t realize is by not improving the infrastructure, the school is at risk for a data breach or other cyber incident. That could end up costing the district millions in fines and repairs.

A few areas where schools fail at security include:

• No one is in charge of watching out for digital security threats to schools. Many districts are already making staffing cuts for lack of a budget, so a chief information security officer may seem like a luxury.
• Legacy systems. The new tablets and netbooks given to students may have the latest operating systems, but what about other computers used throughout the school? Older computers often have old operating systems that their brands no longer support. Also, many schools use outdated educational software suites. You may think that since you already paid for the license and the software still works, it’s easy to keep using it. But, again, these cannot be patched and, therefore, may open networks to security threats to schools.
• The internet itself. Old buildings create dead spots for WiFi. The school may have a lot of Internet of things (IoT) devices like cameras slowing it down. Some systems are resource hogs, and not all their functions may be needed.
• Bring Your Own Device. Students and staff are using their own devices and their own internet to connect to the school network. If the district doesn’t have a security policy, there is no oversight to ensure those devices and connections are safe.

How to Lower Risks of Cyberattacks

Awareness is the best defense against digital security threats to schools. It isn’t just security awareness training that explains the need for best practices, like multifactor authentication and giving routers a unique name and password. Leadership must also learn the importance of an updated infrastructure, why legacy systems must be replaced and how to effectively handle all their internet traffic.

Budgets are tight, and who knows what the next year will bring for in-person learning. But if children are precious to us (and they are!), schools must make a better effort to protect them during online learning.