This article was originally published in EdTech Magazine on September 9, 2022.
Guest column by Charlie Sander, CEO @ ManagedMethods
Earlier this year, hackers successfully targeted a network service provider for the New York City public school system, putting the personal data of some 820,000 current students and alumni in danger. It was the largest cyberattack on a single school district in American history.
This intrusion occurred at a time when skilled cybercriminals are increasingly targeting school districts throughout the US—and the businesses that service them. Many of the hackers involved in these operations are from overseas nations, which is challenging for American law enforcement to crack down on.
Cyber-attacks on school districts have a broad range of impacts on communities. They have caused school cancellations, threats to students and parents, and impact school revenue. Recovery from an attack can also cost thousands to hundreds of thousands of dollars that could have been better spent elsewhere. Therefore, districts need to carefully consider their capacities for cyber resilience and incident response plans.
Defining The Relevant Threats to Schools
Schools are frequently targeted because their systems include a lot of private and sensitive information regarding pupils, instructors, employees, and even parents. The most common threats likely to hit schools in terms of cybersecurity are:
Data Breaches: Cyber attackers are aware that students frequently lack knowledge on how to adequately protect personal and financial data they are putting online, often for the first time. Hackers may use this data for identity theft, credit fraud, and other crimes.
Malware, Ransomware, and Phishing: Phishing is the practice of an attacker sending an email pretending to be a trustworthy business or individual in order to fool the receiver into exposing sensitive information. This could involve clicking on a link or downloading an attachment.
Vulnerabilities in Unpatched Software: Attackers trying to gain access to networks and systems are considerably more likely to exploit unpatched, outdated software and hardware.
Cyberbullying and Inappropriate Content: Bullying on computers, cell phones, or tablets may cross the line into illegal or criminal activity. The Cyberbullying Research Center estimates that 37% of pupils have been victims of cyberbullying. Students could also view inappropriate content when acceptable usage guidelines don’t exist or content screening is disregarded.