Cyber attacks are on the rise, and schools are becoming targets more often.

Why schools? In an article for Forbes, Frederick Hess points out that online learning has only made things worse in recent years. Hess spoke with Doug Levin, co-founder of the K12 Security Information eXchange (K12 SIX), who stated that there have been more than 1,300 publicly disclosed incidents since 2016. Levin told Hess it comes down to money: “Schools manage more than enough money to capture the attention of cyber criminals.”

As for who is carrying out these attacks, it depends on the case: anyone from bored students to offshore criminals can find a reason to attack a school’s files. And it’s only going to become more common: Alyson Klein reports in her article in EdWeek that the problem is only increasing as schools rely more and more on technology.

Types of Cyberattacks

Ever gotten an email from someone claiming you’d won a cash prize? Or maybe a text message from someone pretending to be a company you know, like Netflix, asking you to reset your password? These are forms of phishing, and they represent just one way cybercriminals can attempt to get private data.

Phishing one kind of cyberattack—here’s a look at some others.

Phishing

Phishing is a form of fraudulent solicitation via email or on a website. It can prompt someone to enter personal information while masquerading as a trustworthy entity.

Data Breach

Often called simply a “hack,” a data breach is when an unauthorized person gains access to sensitive, confidential, or protected information stored by your school.

Ransomware

A ransomware attack is when cyber criminals use malicious software to break into a school’s network and encrypt the data—so your school can no longer access it. As the word “ransom” suggests, they say they will only release the files back to the school if a certain amount is paid first. According to CNN, schools with limited cybersecurity measures are often the most vulnerable to ransomware.

Denial-of-Service Attack

This is known as a “crash”—when cybercriminals infiltrate a network with so many requests, it stops responding. This blocks those that need the network from being able to use it.

Pranks, Invasions, and Hacktivism

Online learning has given rise to pranks like “Zoombombing,” where an outside person gets into an online class and disrupts it with inappropriate—or even hateful— messages or images. Such pranks—which seem to stem solely from the desire to disrupt—can also occur in parent meetings, online performances, and over email. “Hacktivism” involves similar tactics and protests against school policies or changes.

What’s the Impact to Your School?

Wasted Time

Often, schools must close during a cyberattack. According to a U.S. Government Accountability Office (GAO) survey, “loss of learning following a cyberattack ranged from 3 days to 3 weeks, and recovery time could take anywhere from 2 to 9 months.”

Wasted Money

GAO reports losses due to cyberattacks are significant. They include replacing computer hardware and enhancing cybersecurity to prevent future attacks.

Learning Loss and Other Harm

Cyberattacks disrupt learning with their impact on students, their families, and teachers. If systems are down, teaching and record-keeping cannot be conducted as planned. A 2020 GAO study found that breached grades, bullying reports, and social security numbers left students “vulnerable to emotional, physical, and financial harm.”

What You Can Do

The number of cyberattacks against schools is staggering: GAO reports that in 2020 there were 1,196,000 ransomware attacks alone. (Their reports include a list of the most notable incidents over the last few years, which you can find here: “As Cyberattacks Increase on K-12 Schools, Here is What’s Being Done.”) Many law and policymakers are calling for better support around cybersecurity for schools.

The good news is that you can mitigate the risk to your school. But navigating two-factor authentication, backup data, and secure logins can be daunting for school leaders already stretched so thin. You can get the support you need by signing up FREE for:

Cybersecurity for School Leaders on June 14, 2023, 10 AM PT / 12 PM CT / 1 PM ET.

Join Mohammad Ahmed and Preet Singh of SoftwareMSP to learn how robust cybersecurity practices can protect your school’s information and intellectual property and foster a culture of digital safety at your school.

You’ll learn how to:

1. Safeguard your school’s information and maintain compliance with FERPA.
2. Protect your school from the potential impact of cyberattacks on operations and student learning.
3. Establish a cybersecurity framework for your school.
4. Find and vet providers of cybersecurity insurance and solutions.

Register FREE here! (Can’t make it or missed the live session? Register and we’ll send you the recording.)