The Verizon Wireless Data Breach Investigations Report looks into cyber attack trends across all sectors each year. The 2022 iteration of this Report found that the educational services sector endured over 1,200 incidents in 2021.
This sector appears to have continued its unlucky role as being a highly targeted area for cybercriminals, as the Sophos State of Ransomware in Education 2023 Report revealed that in 2022, 80% of K-12 schools reported being targeted by ransomware attacks; affected educational institutions also reported paying the ransom demands more than any other sector, with nearly half of all victimized schools paying up.
The educational system is unfortunately not well-funded in many areas of the US, so doing something like investing in cybersecurity sounds laughable to some when other areas of the schools and facilities are in dire need of budget. While it is true that investing in cybersecurity can be costly, there are affordable and even free actions that can be implemented as preventative measures to help protect against cyber attacks. Additionally, it is better to invest money in cybersecurity defenses rather than paying a ransom to regain access to sensitive data after it is stolen - this ransom itself would not only be a major hit to academic institutions that are already struggling financially, but the recovery time would end up costing the schools even more in the way of time and money to get back to normal operations.
Here are some simple steps to make the task of implementing an environment strong in cybersecurity a little less intimidating.
-Only work with secure third party companies: A New York-based school system found out the hard way how important it is to work with other companies that prioritize cybersecurity as the third party company, Illuminate Education, was hit by a data breach which resulted in systems being down for a few weeks in early 2022. Sensitive, personal data for students was made vulnerable due to the lack of strong cybersecurity at the third party company. Just as businesses should vet who they opt to do business with, school systems need to be sure to take the time to do their research on the front end before getting into a contract with a third party provider in order to avoid being left vulnerable to attack.
-Educate teachers, administrators, and students alike: So much of the schooling experience today involves students interacting with an online dashboard to submit their homework assignments or get key communication reiterated from their teachers. With this, it is important to be sure that the dashboard used by the students and teachers is secure. Beyond that, it is important to ensure that students, teachers, staff members, and administrators are all regularly trained in cybersecurity threats and how to detect common attacks such as phishing scams. Teachers can gamify this process to increase student interest and involvement. This education is not only helpful in ensuring all key members of academia are doing their part to protect the learning institutions they all are a part of, but teaches young people the importance of strong cybersecurity best practices in all facets of life.
-Hand it over to the cybersecurity professionals: Also known as cybersecurity as a service, consider going external to local cyber pros when approaching your school’s cyber defenses. This does not require you to hire a new individual to work at the school but still gets you some dedicated help from the professionals.
Image by Freepik.