Raising baseline cyber awareness across all community members is the first line of defense against cyberattacks in American public schools.
Cybercriminals are increasingly targeting elementary and secondary schools through phishing, ransomware, and Distributed Denial-of-Service (DDoS) attacks, causing chaos in communities around the country. Cyberattacks can expose the personal data of students, disrupt a school’s ability to operate, and cost millions of dollars to remediate. In recent attacks, a data breach cost a Connecticut district over $6 million, criminals exposed sensitive records of over 2,000 Los Angeles students, and hackers leaked the personal data of nearly 100,000 people connected to a Maryland school district. Last year, ransomware attacks against schools and higher education institutions doubled.
As schools integrate more technologies into daily operations to provide opportunities to students, improve educational outcomes, and communicate better with community stakeholders, districts simultaneously become more vulnerable to cyber threats. This digital dependency is too often paired with a lack of basic cyber hygiene to protect against attacks.
Schools should focus on:
1) increasing general cyber awareness,
2) implementing basic security practices, and
3) preparing to remediate cyberattacks should they occur.
Here are some simple steps educators and administrators can take:
Increasing general cyber awareness
can prevent low-level system breaches, turning all students, faculty, and staff into the first line of defense against an attack. Enforcing community-wide basic training and awareness can drastically reduce a cyberattack’s chances of success. Did you know that 42% of schools have students or staff that circumvent cybersecurity procedures? Most people who admit to violating cybersecurity procedures do so because they do not understand why the procedures are necessary. To strengthen their first line of defense against cybercriminals, schools should:
– Limit exposure by requiring email and malware blockers on all accounts and devices so users receive fewer scam emails that could be the start of an attack.
– Prioritize broad training efforts for all educators, administrators, and community members by offering basic training as part of existing professional development, onboarding, and welcome-back meetings.
Implementing basic security principles
can drastically decrease the likelihood of falling victim to a cyberattack by minimizing opportunities for criminals to gain unauthorized access to school systems. Phishing attacks are the most common vehicle for ransomware delivery in schools. Did you know that multi-factor authentication (MFA) alone can block 99% of bulk phishing attempts and 66% of targeted phishing attacks? To build resilient systems, schools should:
– Enable auto-updates and patches to prevent hackers from exploiting known software vulnerabilities.
– Require strong passwords and the use of MFA to limit risk of unauthorized account access from all endpoints.
Preparing and planning for incidents
puts general cyber awareness into action. Did you know that multiple districts have suffered operational disruptions due to cyberattacks? These disruptions include canceled classes, board meetings, and final exams. To prevent these disruptions, schools should:
– Store data backups at multiple locations to ensure operational continuity in the case of an attack seeking to block data access.
– Monitor systems continuously by implementing anti-virus software and following up on detected threats. Take advantage of CISA’s free scanning service to detect cyber threats.
– Develop and practice comprehensive emergency response plans using resources from CISA to better react to potential breaches.
– Build relationships with local law enforcement and cyber authorities to ensure quick collaboration and recovery in case of attack.
Cybersecurity costs money, but luckily there are dedicated resources to help schools address this challenge. School administrators should seek funding opportunities to receive support for instituting cyber-secure systems. Here are some available funding opportunities as of July 2024:
– FCC Schools and Libraries Cybersecurity Pilot Program (here)
$200 million total provided to participants over three years beginning in fall 2024 to purchase cybersecurity services and equipment.
– FCC E-Rate: Universal Service Program for Schools and Libraries (here)
Discounts available for eligible schools and libraries to support telecommunications and broadband availability, such as internet access.
– Amazon Web Services K12 Cyber Grant Program (here)
Program offering $20 million to support K-12 schools in implementing Amazon Web Services systems and meeting school districts’ unique security needs.
– CISA State and Local Cybersecurity Grant Program (here)
Program providing over $374 million in grant funding to assist local entities, which must be applied for through each state’s State Administrative Agency.
– Homeland Security Grant Program (here)
Similar to CISA’s grant program, this opportunity provides funding for national security preparedness available through the State Administrative Agency.
Raising baseline cyber awareness across all community members is the first line of defense against cyberattacks in American public schools. Ongoing cybersecurity measures are essential and will set districts up for long-term success in protecting their communities from cyberattacks.