What You Need to Know:



In 2020, “remote learning” became a household term and a new digital education landscape was born. Students, educators, families and educational institutions moved many aspects of the school and student experience online.
The transition to remote learning created openings for cybercriminals. While education had been fending off cyberattacks for years, the remote approach to education enabled attackers to ramp up their efforts against schools, employees, students and families.
While the majority of students have begun returning to the classroom, there are still beneficial uses for remote learning, so it remains a relevant and useful tool. As a result, schools and students must be aware of the cybersecurity challenges that exist.
School Ransomware Attacks on the Rise
A barrage of school ransomware attacks has drawn attention to the fact that cybercriminals have discovered schools have fewer cyber defenses than private businesses. Between virtual and hybrid learning and faculty and staff that connect to school systems with personal devices, a host of new entry points are now open to attackers.
According to a joint federal agency report, during the 2020-2021 school year, the K–12 education segment became the No. 1 target for ransomware and also made up the majority of all ransomware attacks.
In ransomware attacks on schools, a cyberattacker gains access to the computer systems – often through phishing emails or stolen credentials – and holds the vital infrastructure ransom. Attackers demand money after disabling computer systems or encrypting critical data files. They may also threaten the release of sensitive personal data – often, the student and family information schools try hard to protect.
Schools across the country have experienced a wave of ransomware attacks. A few examples include:
- In July 2022, the Cedar Rapids Community School District in Michigan was forced to cancel its summer school program as the result of a cyberattack. In addition to impacting the 750 students enrolled in the program, staff members’ full names, Social Security numbers, driver’s license numbers, bank account and routing numbers, and medical information were stolen in the attack. The district’s supervisor acknowledged a ransom had been paid to prevent that information from being released, although she did not disclose the amount.
- Schools in Haverhill, MA, were forced to close in April of 2021 following a ransomware attack that rendered the entire system, including the remote learning platform, not operational.
- In June 2020, The University of California San Francisco School of Medicine was the victim of a ransomware attack that resulted in the university paying a more than $1 million ransom. University officials said the encrypted data was important to academic work in the interest of the public good. The university paid the ransom in exchange for a tool to unlock the encrypted data and return other data the cyber attackers had obtained.
Seven Cybersecurity Tips for Education Organizations
The continually evolving and growing cyber threats facing school systems present significant information security challenges. When it comes to cybersecurity, there is no silver bullet strategy. Instead, school systems can build a layered approach that significantly strengthens their security defenses across the many potential entry points for attacks.
To protect themselves from ransomware attacks, education organizations should focus on the following:
- Awareness and training. Provide education system employees with training about the most current attack methods being deployed against schools by cybercriminals. Additionally, inform students and families about how the school will communicate with them to help them avoid being victimized by fraudulent (and potentially very convincing) emails or texts.
- Watch for social engineering. Phishing (and vishing and smishing) and other innocuous-looking (but malicious) communications are still used very effectively by cybercriminals to gain access to school systems. Ensure employees and students know how to spot them and set up a way to report and track them. The cost of phishing attacks is reaching new highs, with nearly $10 million stolen from a single school district in 2020.
- Timely tech updates. When new updates are released, patch operating systems, software and firmware right away to implement vulnerability fixes identified by providers.
- Passwords, secure internet and authentication. Implement policies that ensure everyone who logs into the school system uses a strong and unique password and connects from a secure, private, password-protected network. Conduct audits that verify any new users are, in fact, legitimate accounts.
- Secure back-ups. Schools should keep system files and programs securely and regularly backed up. If something were to happen to system data, the school would be able to restore what was lost and mitigate any potential losses.
- Secure potentially vulnerable entry points. If you have employees connecting to your school system with personal devices, consider implementing mobile defenses that monitor devices and alert individuals if their device has been compromised. Having the infrastructure in place also provides IT departments a single-source view of mobile threats from devices connected to the school network.
- Cyber insurance. In the current cyber threat environment, the protection offered by cyber insurance is growing in value. A cyber policy can assist with data restoration, ransomware demands, forensic investigation and an expert helpline for those affected.