In recent years, cyber-attacks have become a common thread in news updates around the world. Every major industry, including business, finance, entertainment, and technology, has been the target of one major breach or another. Then why is it that the education industry doesn’t get as much coverage when it comes to cyber threats?
In 2018 alone, more than 120 cyberattacks affected 119 public K-12 schools throughout the United States, highlighting a growing threat. From social security numbers to dates of birth and other valuable personal information, schools and educational institutions are prime targets for cyber hackers.
Hackers usually look to hit weakly guarded systems, and with limited IT resources, schools fall in that category. Parents and teachers alike are at risk for fraud, identity theft, and harassment online. Special education grants are at risk if any private data is exposed online and reputations can be hurt in the long term.
Many school breaches result from phishing attacks in which a school district employee receives an email containing a link with malware embedded in it. By clicking on the link, the employee allows their device to become infected. This opens the door for the hacker(s) to take over the school’s network and steal the data they’re looking for.
Hackers can also deploy ransomware that locks up data from the school until the district decides to pay up. Even then, the hacker, after having been paid a ransom, may not guarantee a return of the data. Social engineering is another way that hackers are infiltrating schools in which a hacker impersonates a trusted district employee or vendor in order to steal network information or login credentials. From student laptops to mobile devices, hackers are able to pinpoint different avenues to take the data they’re looking for.
Schools may not have the manpower in order to defend against digital attacks or the skills and techniques in order to keep them at bay. What’s more, schools may not be financially prepared for cyberattacks, which can cost thousands of dollars that districts may not have in order to be as safe and prepared as possible.
Schools need a stronger emphasis on cybersecurity with efforts that include effective access controls for the administrative back end of school databases and systems. Each network endpoint, such as laptops, servers, or mobile devices should have dedicated protection software highlighted by antivirus solutions.
School districts should also implement security tests and malware scans for prevention’s sake. School districts can also define and enforce security policies for firewall administration and regular system patching.
School data should be backed up on a regular basis in order to limit the effects of common data loss due to malware and breaches. Having improved awareness and a focus on being proactive, schools can help themselves out by limiting major losses.
Professional Governmental Underwriters, Inc., is a full-service risk management company dedicated to assisting public, educational and non-profit entities in the management of their professional liability exposures including educators liability insurance. We are dedicated to providing state-of-the-art professional underwriting management and loss control advisory services on behalf of our designated carriers. For more information, call us toll-free at (800) 586-6502.