Districts Using Cloud Apps Need To Understand These Common Security Risks
As you know, K-12 school districts are increasing their use of technology for school operations, teaching, and learning. You’re probably also aware that exposure to cyberattacks increases along with the adoption of sophisticated technology. IT leaders and system administrators in K-12 school districts face the challenge of managing cloud security risks and protecting their employees and students against a flood of attacks while managing a litany of responsibilities with limited resources.
For these reasons, cloud security for K-12 leaders is a unique challenge. IT teams are no longer simply network admins. They’re expected to protect data from the same cloud computing security issues as companies with large budgets. At the same time, K-12 IT is being brought into student safety issues that are emerging online.
K-12 Leaders Face a Substantial Challenge
K-12 cloud security is a growing issue for IT teams and district administration. It also impacts faculty, staff, students, and parents.
According to The K-12 Cybersecurity Resource Center, there were 122 data incidents in K-12 schools in 2018. This translates to one attack every three days during the year, and the Center acknowledges that this is only a small portion of the actual number of assaults.
The Center categorized the incidents to illustrate the types of threats K-12 face. Here are their findings:
- Data breach: 46.34%
- Phishing: 15.45%
- Ransomware: 9.76%
- Denial of service: 9.76%
- Other incidents: 18.7%
The effects of the attacks range from unauthorized third parties gaining access to personal information, to the loss of $2 million when cybercriminals redirected contractor payments to counterfeit accounts. There’s no doubt that the problems will only get worse, as there has been a significant increase in incidents in 2019. Leaders of K-12 must take action to protect their school districts, their staff, and their students.
What Are the Top Cloud Security Risks for K-12?
Understanding the top cloud security risks will help you to set up appropriate safeguards. Here are the top four risks you need to address.
1. Data Breaches
Data breaches don’t always result in a loss of data. But your school district should develop data loss prevention (DLP) policies and processes to safeguard your cloud environment. A data loss prevention checklist can help you ensure that the personal information you store, and other proprietary information, remain protected.
There are three types of data breaches:
Accidental data breaches are most common, yet least talked about. An employee may make a mistake by setting sharing options to make a document visible to the public, for example. This may not cause a big problem if no other individual finds it. But, if the document contains confidential personal information, it’s not a chance you want to take. There are also cases where an unauthorized person has accessed confidential information using a lost or stolen device.
2. Intentional Breaches by Employees or Students
These breaches are difficult to identify and they are causing concern among K-12 leaders. There have been several incidents over the past couple of years involving school employees or contractors. Some have involved dissatisfied employees with access to sensitive student and employee data, selling it for a profit or otherwise using it to harm schools. There have also been incidents of terminated employees downloading sensitive data before school officials have a chance to close their accounts.
There have also been numerous reported incidents of students hacking into school records to change grades or otherwise cause mischief.
3. Intentional Breaches by Cybercriminals
And then, of course, there are the external, intentional breaches that everyone is most concerned about. Cybercriminals make an incredible amount of money by selling personal information on the dark web. Identity theft of minors is on the rise, and schools are increasingly being targeted for the wealth of information they can provide.
2. Account Takeovers
When cybercriminals find a vulnerability that lets them into your systems, they can make themselves at home and create all kinds of problems. Account takeovers are difficult to detect without the right security measures. Many times, the only way you’ll identify a takeover is when employees or students experience identity theft or counterfeit contractor accounts appear.
Cybercriminals can take over your accounts using OAuth account connections, poor password practices or phishing attacks. For example, a phishing attack occurs if an employee opens an attachment to an email sent by a cybercriminal. That file can provide access to your systems.
Monitoring your accounts 24/7 to detect abnormal behavior is currently the best way to detect a cloud account takeover. Abnormal behaviors that can indicate that your district’s accounts are under attack include:
- Login Location: If there is an attempted and/or successful login to an account in another country, this could indicate an account takeover. Of course, it could also mean that particular person is on vacation. To err on the side of caution, you’ll want to lock down the account until you’re able to verify it.
- Failed Login Attempts: One or two failed login attempts are usually normal activity. If you’re seeing 5+ login failures, it’s a good indication that someone is using known and/or common passwords to try to gain access.
- Lateral Phishing Emails: Lateral phishing refers to phishing emails that are coming from an internal sender. These emails will rarely be flagged by traditional MTAs, so they are gaining in popularity. If an email account is sending phishing emails to colleagues, there’s a good chance the account has been compromised.
- Abnormal File Sharing & Downloading: If you’re suddenly seeing an account downloading a bunch of sensitive data and/or messing with the sharing settings, there is also a good chance that the account has been compromised.
3. Loss of Computing Power
This summer and fall have produced a large number of local government and public school district ransomware attacks. These attacks cut access to information systems, data, and more. Typically, this happens when a cybercriminal plants malware in your systems. Phishing emails are still the most common way for a cybercriminal to gain access to your systems to plant malware.
Malware is a term derived from combining malicious and software. Sometimes malware allows a cybercriminal to steal data or hold your systems hostage. In some instances, cybercriminals simply enjoy causing you trouble.
Malware can act as a virus to spread rapidly and damage your systems’ core functions by deleting or corrupting files. Ransomware is one of the most destructive types of malware and it is receiving a great deal of attention. A ransomware attack freezes your systems and the cybercriminal displays a message on all of your monitors demanding payment in exchange for returning control to you.
Recently, the Flagstaff United School District in Arizona experienced a ransomware attack. While they wanted to keep the details of the attack and their response private, they were able to reopen schools after a two-day closure.
4. Insecure SaaS Apps
Insecure and malicious SaaS applications can cause bigger problems than many district employees realize. The use of OAuth login integrations is most problematic for your cloud environment.
OAuth is perhaps the most common form of single sign-on SSO that allows separate services authenticated access to assets without requiring additional sign-in or authentication (once it’s initially been set up). You should be fairly familiar with OAuth. If you’ve ever signed in to platform or web service using your Google, Microsoft, or a social account, you’ve used OAuth. OAuth is great in many ways, but it does have vulnerabilities.
If the applications that students, teachers, and staff are connecting to through OAuth using their school account is not secure, cybercriminals can use that vulnerability to gain access to the district’s cloud environment—and the data stored in it.
There are also malicious apps that have been developed by criminals to easily gain access to data. They may be disguised as games or some other fun lifestyle app. Or they could be a “look-alike” app. The app will require a certain level of permission to the user’s account through OAuth. Typically, this will be read, write, and send access to email. It could also require the same level of access to contacts and shared drives and files. Once connected, the hacker can control the user’s communications without ever needing to login to their account.
Traditional network security tools weren’t created to protect your district data from the unique cloud security risks you face. Including cloud security in your cybersecurity infrastructure will allow you to monitor traffic going into and out of the cloud, detect potential threats, and set up automatic actions to remediate cloud security risks at any time—day or night.