Keith Krueger
CEO, CoSN (Consortium for School Networking)
Since schools moved to remote learning this spring, cybersecurity incidents have become breaking news stories. We hear daily stories about security breaches (“zoom bombings”) of video conferencing classes, hacks of online learning platforms, phishing scams of students, and ransom attacks on school districts.
Attacks have resulted in well-publicized shutdowns of school districts in Alabama, Nevada, Florida, New York, and more. The Louisiana governor declared a state of emergency after a virus disabled three school districts’ computers.
Because school systems are responsible for protecting vast amounts of confidential student and employee data, cyber criminals are targeting our students and teachers.
Why is this happening now?
Even before COVID, schools were a tempting target for cybercriminals. Remote learning has only made it easier for bad actors. With teachers and students working at home, often on their own devices and networks, they are frequently distracted (siblings, elderly care, pets) and they are letting their guard down.
This spring, there was a reported 6,000 percent increase in COVID-related email spam. Students and educators are falling victim to a growing trend of COVID themed malware. According to the MS-ISAC Center for Internet Security, schools were the most impacted governmental sector for ransomware demanding payment for stolen student and employee data.
What can we do?
We must make cybersecurity awareness education a top priority. Often learners, and even teachers and parents, do not understand how to protect their information. Being a good digital citizen means understanding and practicing safe, secure digital habits.
How do you start a discussion about cybersecurity? Keep it simple. To effectively raise awareness, users need to connect with messages that are personal and easily actionable. Using negative and fear-based messaging can turn people off. Relying on overly technical language can leave people feeling that the messages don’t apply to them.
To avoid phishing attempts, encourage people to look at the actual email address (not the person’s name) that’s sending the message.
Second, we must ensure our school networks have current detection and prevention technologies. Unfortunately, the Federal Communications Commission decided the E-rate program — the largest federal funding source for education technology — should not cover the most essential cybersecurity costs.
And while cybersecurity is the highest-ranked priority, according to CoSN’s national IT survey, less than 1 in 5 school districts have an employee whose primary responsibility is cybersecurity.
This is a new and challenging moment. Resources are stretched and time is short. We can and must ensure students have a safe and secure learning environment, and that means we must invest in cybersecurity.