K-12 Schools Should Be Concerned About Cyber Attacks

By October 29, 2019 Cybersecurity, Education

Why are K-12 public schools targeted?

Public schools along with state government are big targets for criminal hackers, only because of the affiliation of critical and important data. That digital data is crucial for administrative and other faculty alike to not only provide a safe learning environment, but also to provide an efficient and modern learning experience. Criminals seek to hold school’s data ransom in order to profit from public schools already limited budget forcing them to pay to get their critical data back. Hackers know most organizations these days require having cyber insurance or purchase it voluntarily, giving the criminals a guaranteed payday in some cases.

The impact

Most cyber-attacks are motivated by financial gain but some criminal just wish to see the data destroyed. Education services such as online learning resources, grading tools, historical student documents, or even student medical records could be impacted by a cyber-attack. Digital school records can be targeted by a mischievous student or just common cyber-criminals, holding those records ransom or simply destroying them to gain hacker credibility online. This disruption of education services is not only costly but can also be damaging to student’s over-all education.

Schools often have cyber insurance these days, but just like any insurance, filing too many claims can lead to a lapse in coverage. Cyber insurance companies will insist you take measures to protect your data to prevent further data breaches and attacks, if not they may not cover your school if it’s had excessive number of claims.

There is also the scenario that if you pay a ransom you still may not get your data back. Your school will have to burden that risk.

What to do about it

Just as your school is looking into security cameras, new electronic locks, and other safety mechanisms to keep students safe, creating a budget line-item for cybersecurity services is key to creating your security awareness and making cybersecurity a discussion topic within your school. Proactively training staff on what to look out for and how to properly report cyber security incidents a key to making sure your school has a cybersecurity culture that is necessary today and going into the future. One training method is to conduct quarterly email phishing tests and provide quarterly cyber threat newsletter “students can even participate”. With phishing tests, online training can be mandatory for any staff that fail a phishing campaign test.

Gain visibility into your schools’ network by installing next generation firewall technology. Newer firewalls come bundled with features that allow more control on what comes and goes within the school network but also allows you to see what is traveling the network “even encrypted data in some cases” and report on any suspicious activity. This is how you can determine what are your greatest threats and adjust your schools network security to prevent cyber-attacks.

Implementing a Security Operation Center (SOC) provider is also a great way to supplement and create a non-bias security posture. A SOC can remotely monitor and detect threats flowing through your network and prevent them from getting through. You can kind of think of a SOC as a hired security adviser as well, making sure compliances are being checked and setting cybersecurity goals giving you a mark to hit every quarter. Security Operation Center providers give a piece of mind that expert professionals are at the helm of monitor your schools’ security infrastructure.

Please come see us

Come by our booth at this years Illinois Education Technology Conference at the Crowne Plaza in Springfield, IL November 14th – 15th!

Illinois Education & Technology Conference 2019

Colby Jennings

About Colby Jennings

Colby is responsible for a security portfolio of products, services, applications and customer data. This includes multiple channels across government, healthcare and the private sector to include both insurance and finance. He is also accountable for driving PCI and HIPAA compliance Programs, SOC operations, Vulnerability Assessments, and Penetration Testing.