Malicious actors and hacker groups are actively targeting schools. According to reports, there has been a 146% increase in malware attacks against phones and laptops used in the education sector. At least 80% of education sector-based IT professionals say their school experienced a ransomware attack in 2022.
A non-profit organization called the K12 Security Information eXchange (K12 SIX) has tackled this issue head-on by releasing a set of cybersecurity best practices designed for resource-restrained K-12 school districts. This is known as the K12 SIX Essential Protections. These protections are relatively easy and affordable to implement, but can have a big impact. Here are their recommendations, and you can visit their website for more information.
Network sanitization involves filtering and monitoring all incoming and outgoing internet traffic to block malicious activity and protect sensitive data. This includes:
Implement web filtering solutions that block access to known malicious websites, phishing sites, and other harmful content. These solutions can be cloud-based or on-premise. Next, use DNS filtering services that block access to domains associated with malware, ransomware, and other threats. Finally, schools should employ URL scanning technologies that analyze website content in real-time to identify and block malicious elements before users access them.
Email filtering solutions can scan incoming and outgoing emails for spam, phishing attempts, and malware attachments, using techniques like sender reputation checks, content analysis, and attachment sandboxing. Emails containing sensitive information should be encrypted to protect them from unauthorized access if intercepted.Train staff and students to identify suspicious emails, avoid clicking on unknown links or attachments, and report phishing attempts immediately.
Network segmentation involves splitting the network into smaller segments based on security needs, restricting communication between segments and limiting the attack surface. Devices should be configured with strong security settings, such as disabling unused ports and services, keeping software updated, and implementing device controls like firewalls and intrusion detection systems (IDS). Place your internet-facing servers and services in a demilitarized zone (DMZ), isolating them from the internal network and reducing the potential impact of a security breach.
Schools are digital environments. Children, teachers, and parents are bringing laptops, tablets and smartphones to the school, which means it’s time to implement device controls, including encryption and password protection.
Restricting administrative access limits privileged user accounts to minimize attack impact. Only grant administrative access to individuals who absolutely need it for their specific job duties and enforce strong password policies. If possible, implement multi-factor authentication (MFA). Simply adding an extra layer of security, like a code from your phone, makes it much harder for attackers to gain access even if they steal a password.
Protecting devices, whether they’re used in school or at home, is vital. Endpoint protection software acts as a digital shield, safeguarding them against various threats. Endpoint protection might include:
Exposed personal information can be used for targeted advertising, fraudulent activities stalking, or harassment, compromising your privacy and safety.
MFA adds an extra layer of security by requiring not just a password, but also a second factor like a fingerprint scan. This significantly raises the bar for attackers, making it much harder for them to gain access even if they steal a password. Consider MFA for all users. If that’s not possible, prioritize MFA for administrative and other high-risk accounts.
Strong passwords and proper account management are crucial defense lines. Enforce minimum length, character types, and regular password changes, lock out accounts after failed login attempts, and disable inactive accounts. Make sure to speak to students and staff about good password hygiene.
Schools leverage various third-party vendors for tools and services that could open them up to risk. Conduct thorough vendor security assessments before partnering and contractually require strong security measures from vendors. Only share the most necessary data with trusted vendors and keep track of their interactions with your data.
Cybersecurity is a journey, not a destination. Keep improving and updating your security practices:
Software vulnerabilities are prime targets for attackers. Automate updates wherever possible – manual patching can be put off, delayed, or simply forgotten about. Address vulnerabilities with the highest risk first and test all of your updates before deployment to keep disruptions to a minimum.
Data breaches and hardware failures can happen. Regular backups ensure recovery of vital information, including student information, payroll data, lesson plans and grades.
Establish policies for identifying and classifying sensitive data – this means understanding what data you have on hand, and its sensitivity. Limit access to authorized personnel only and encrypt sensitive data when it’s at rest or in transit. Establish and then follow retention policies and securely dispose of outdated data.
Here’s a shocking statistic: 95% of cyber attacks occur due to human error. Educating your entire school community is crucial. Users often unknowingly click on malicious links or share sensitive information, creating vulnerabilities. Cover topics like phishing scams, good password hygiene, and safe online behavior. Provide in-depth training for educators, administrative staff, and IT personnel based on their roles to make sure everyone knows what they need to do.
Hope for the best, but prepare for the worst. Having a cyber incident response plan allows your school to react quickly and effectively when faced with an attack. Develop a plan outlining roles, responsibilities, and communication protocols, key contacts and notification procedures, and the steps for containment, eradication, and recovery in the event of a breach.
No school is an island in the digital world. Sharing information and collaborating with others enhances everyone’s security. Join information sharing communities, including other K-12 institutions and cybersecurity organizations. Always report cyber threats and vulnerabilities to relevant authorities – everyone will benefit from your experience.
Tackling cybersecurity can be daunting, but every small step you take is a giant leap forward and an extra layer of protection against cyber attacks. Start by completing a simple K12 SIX self-assessment to identify where the critical gaps are, and address them one by one. Remember, you don’t have to do it all on your own. Speak to Coro if you need help strengthening your school’s security posture.