Making the Grade on K-12 Cybersecurity

Cybersecurity analysts warn that educational institutions have become prime targets for a variety of attacks, including ransomware, data breaches and online meeting invasions. In at least two recent cases, school districts have paid about $10 million to regain access to computer systems and their data.

According to the most recent annual report from the K-12 Security Information Exchange, there has been a five-fold increase in reported cyber incidents against U.S. schools since 2016. However, anecdotal evidence suggests that the annual number of attacks could be as much as 20 times higher due to a reluctance among school officials to report such incidents.

Recent ransomware attacks against large school districts in Baltimore and Buffalo have made headlines. In Baltimore, officials say they have spent $9.7 million to recover from a Ryuk ransomware attack that shut down schools for several days in late 2020, disrupting school websites, remote learning programs and grading systems. In Buffalo, the costs of a March 2021 ransomware attack that shut down classes for days have reached $9.4 million and counting.

Remote learning programs are also being targeted by malicious actors hacking into team collaboration and communication platforms. Known as “zoom bombing” or class invasions, these attacks are often a type of cyber harassment involving racist, threatening or pornographic images and messages.

The amount of personal student data collected by school districts also makes them enticing targets for data breaches. The U.S. Government Accountability Office reports that dozens of K-12 data breaches exposed students’ personally identifiable data, including academic records, medical records, test scores, counselor reports and special education information. In some cases, that information was used to extort and threaten students with physical violence and release of their personal information.

As the 2022-2023 school year gets started, there are several steps schools should take to mitigate risk and improve student safety:

• Get a risk assessment. Annual network assessments conducted by a neutral third party provide an objective evaluation of the current security posture along with specific recommendations for closing any gaps.
• Monitor networks. Early detection remains the best defense against threats. Monitoring network devices and security systems such as firewalls and virus scanners can help schools quickly recognize and remediate problems.
• Apply patches. Consistently patching and updating software and operating systems helps limit exposure to ransomware and other exploits.
• Secure backups. Ransomware attacks now target backup data to prevent recovery. An immutable backup is one that cannot be altered or deleted, even by an administrator. It ensures that an untouched version of data is always recoverable and safe from any attack or system failure.
• Use multifactor authentication. Most attacks exploit weak or stolen passwords. MFA processes requiring two or more verification factors reduce reliance on passwords.
• Update content filters. The Children’s Internet Protection Act requires schools to protect students from inappropriate online content. Consider replacing older hardware-based filtering solutions with cloud-based solutions that leverage artificial intelligence for more fine-tuned filtering.
• Secure firewalls. Attackers often infiltrate systems through open firewall ports. Close ports that aren’t explicitly required for network services and scan firewalls regularly to ensure they’re patched and properly configured.
• Call an expert. At a time when education budgets are tight and skilled cybersecurity pros are in short supply, working with a managed security services provider (MSSP) is a cost-efficient way to fill in any gaps. For a fraction of the cost of hiring, training and retaining in-house staff, schools can gain on-demand access to a team of specialists with expertise in a wide range of technologies and solutions.

SageNet delivers effective and affordable security solutions through our SageSECURE portfolio. In addition to network assessments, monitoring, firewall services and continuous threat detection, we can provide access to certified consultants who can help craft long-term cybersecurity planning. Contact us to learn more.