When we talk about cybersecurity threats, we usually think of hackers breaking into large corporations’ servers, law firms with leaks of sensitive information, or cybersecurity on a government level. However, K–12 schools might be more at risk of such threats than you realize.

According to Berkeley, “From July to August, 2020, Microsoft’s Global Threat Activity Tracker detected more than 8 million malware incidents — with education being the most affected industry.” This is especially true with the rise in e-learning since the pandemic. When schools face cyberattacks, it’s students, teachers, and school administrators who are at risk.

Understanding a School’s Cyber Threats

Of course, a cybercriminal targeting a school will have a different aim than one targeting a law firm or a government office. To better strengthen cybersecurity at your school, it’s important to understand the threats that face schools in particular. The FBI and the Department of Defense Technical Information Center have found that the most common cybersecurity threats facing schools include:

• Data breach: School cyber systems actually house quite a bit of sensitive information. The primary type of data targeted by cybercriminals is student records. Students may be trying to tamper with their own records, or outside individuals may want to use their data for more nefarious purposes. Employment transcripts from teachers can also be the target of a data breach.
• Denial of service: Does your school have its own website? An internal server that teachers and administrators use? An online hotline of some sort? Denial of service often involves flooding a server with requests so that it crashes and becomes unusable. Though denial of service might not be as invasive as other types of cyberthreats, it can still be harmful to school systems.
• Spoofing/phishing: Spoofing and phishing both involve sending fraudulent e-mails in an attempt to obtain sensitive information. Spoofing refers to a fraudulent e-mail that appears to come from a legitimate contact, while phishing usually involves pretending to be an official organization requesting information. There is also spear phishing, in which the phished e-mail is made to look as though it came from a colleague. If an e-mail seems suspicious, it’s always best to check with the source outside of e-mail to ensure that it’s not a scam.
• Malware: Malware involves software downloaded into your system with the purpose of installing a virus. Suspicious links in e-mails or attachments to certain downloads can be malware. Similarly, “scareware” is sometimes deployed to apply fear and pressure on IT administrators to download a particular anti-virus software.
• Ransomware: Ransomware is deployed like malware. It’s an invasive software often downloaded unintentionally. Once installed, it encrypts files in the computer system and holds them “for ransom.” Ransomware users request large amounts of funds, typically in the form of cryptocurrency, before they will release the files. In some cases, perpetrators may threaten to publish sensitive information if they are not paid in a timely fashion.

Some of these types of cyber threats may overlap each other. For instance, malware, scareware, and ransomware often end up on school computers through spoofing and phishing. Data breaches can also be caused by any of these methods.

School Cybersecurity: A Brief Case Study

Cybersecurity threats have risen in schools since 2020 because of the COVID-19 pandemic. With so many students participating in remote learning, there were (and still are) some schools that were largely, if not solely, dependent on digital systems. That means that not only are cyberattacks more common in schools, but the results can be more devastating.

One example of this is a cyberattack on Albuquerque Public Schools in January of 2022. The largest school district in the state of New Mexico, Albuquerque public schools were shut down for two days as a result of a ransomware attack on their student information systems. These systems held records of roll call, family contact information, and adults authorized to pick up students from school. Without them, the school could not function and had to close.

After two days, the ransomware issue was resolved, though the perpetrators were not caught. This time off was problematic for students who had already suffered scheduling instability due to the pandemic. More unnerving to administrators, however, was the fact that the school was clearly targeted by cybercriminals who are likely still out there.

How to Protect Schools From Cyberattacks

One thing that’s clear is that cybersecurity in schools must start with school leaders. Teachers often do not have the resources or the know-how to find and implement proper cybersecurity solutions. Students certainly don’t. But with the threat of cyberattacks rising, school leaders need to acquire these resources to protect their school communities.

Part of that process requires regular training. Teachers and administrators should have mandatory training sessions that show them how to handle data breaches, ransomware, and phishing attacks. Security awareness training can help staff to learn how to spot these types of attacks and prevent them in the first place. Schools can also invest in anti-virus software or provide regular software updates. The more updated and secure the software is, the more fortified it will be against security attacks.

Cyberattacks against schools aren’t just a threat to personal information like student records. Like the case in Albuquerque, they can actually impede a school’s ability to serve and educate its students. The better your software is protected, the better your school can do what it does best: teach.

Protecting Students and Teachers from Cybercriminals

For more in-depth strategies to use technology safely in the classroom, check out these professional development courses from Advancement Courses:

• Tech Tools for Teaching and Learning: Whether you’re teaching online or face to face, learn how to design or find digital tools that will help you personalize and differentiate curriculum and communicate more effectively with students, parents, and colleagues.
• Essential Classroom Technology for Teachers: Do you want to increase student engagement and achievement? Technology is a great way to do it! Learn to use technology across subject areas and find the latest tech tools to streamline planning, create engaging learning experiences, and improve digital literacy.
• Mission Possible: Organizing Your Digital Files, Forms, and Slides: Get tools and strategies for creating and maintaining a streamlined digital workspace. You’ll learn how to organize your digital files, forms, and slides in a way that makes sense to you, promoting productivity and saving you time and sanity down the line.
• Tech Tools for the Math Classroom: Whether you’re teaching online or face to face, learn how to design or find digital tools that will help you personalize and differentiate curriculum and communicate more effectively with students, parents, and colleagues.
• Computerless Coding: Play-Based Strategies and Tools: Teach your students essential coding skills—no computer required! Create fun games and lesson plans to teach students about algorithms, patterns, flowcharts, conditionals, and variables. That way, when they start coding, they’ll have the logical thinking and problem-solving skills they need to succeed.

Advancement Courses offers more than 280 online, self-paced PD courses covering both foundational topics and emerging trends in K–12 education. Courses are available for both graduate and continuing education credit for your salary advancement or recertification needs.