In 2019, 348 cyberattacks against public K-12 school districts were reported, a sharp increase from the previous year. With 2020 bringing new sets of challenges to every industry, schools across the country have faced an unprecedented number of attacks since the start of the pandemic. Under normal circumstances, when classes were in person, lessons could be shifted to the classroom in the event of a cyberattack. However, as school districts have made the transition to online learning and virtual classroom, a cyberattack often leaves classes delayed or canceled.

A National Emergency

Ransomware attacks are often a threat actor’s attack of choice. During these attacks, malicious software infiltrates a school district’s computer network, locking access to computers and important files until the threat actor gets paid the ransom fee demanded. School districts are a valuable source of information to the threat actors, their systems containing Social Security numbers, phone numbers, home addresses, financial information, and other sensitive student information.

Threat actors are also going beyond demanding the ransom from the school; if their demands are not met, they have resorted to posting the sensitive information they collect online. As students and faculty have transitioned to remote learning, things such as online cloud systems and unprotected networks introduce even more vulnerabilities that can be exploited by threat actors. In a statement from the head of the Cybersecurity and Infrastructure Security Agency (CISA), Brandon Wales, he stated that: “Ransomware is quickly becoming a national emergency.”

High-Profile Cases

Since the start of the pandemic, there have been many high-profile cyberattacks on school districts across the country:

• In September 2020, the Miami-Dade County Public School systems were flooded with network traffic, preventing students from logging in for class. A teenage student was arrested on charges of the attack.
• In late November 2020, Baltimore County schools were forced to close as they dealt with a ransomware attack.
• The first day of school was delayed at the Ponca City Public Schools by a ransomware attack that affected the school’s learning management platform. While they had an offline backup of critical information, they needed to rebuild data such as the students’ class schedules, calling for the delay.
• Clarks County Public Schools refused to pay a ransom requested by their cyber attackers, resulting in the release of information, including Social Security numbers of employees.

Avoiding Attacks

In light of the increased number of attacks, school districts should take steps to reduce the likelihood of becoming a target and their accessibility to threat actors. This summer, the FBI even released a warning to school districts about these attacks, recommending steps such as training employees and students to use strong passwords and not click on suspicious links in emails. At one school, phishing training reduced staff clicking on these links to just 4%. School districts are also recommended not to pay ransoms, instead, they should contact the FBI in the event of a ransomware attack. Schools should have offline backups of their data in case access to their systems is lost so that once the attack has been taken care of, it can be restored. Additionally, schools that deal with school-issued devices should implement remote wipe capabilities, in case any device is lost or stolen.

In addition to things that school districts can do themselves, the school technology association CoSN has been providing tip sheets and training to school districts to help reduce the threat of cyberattacks. They have also lobbied for the Federal Communications Commission to cover cybersecurity by the E-rate program, which is a major funding source for schools investing in technology.

Do you want to learn more about cybersecurity? Please subscribe to our newsletter.