Unexpected days off from school usually bring shouts of glee from students and moans from parents who must quickly arrange for childcare.
While these extra “vacation” days are no surprise during winter—so-called snow days—students typically plan to go to school every scheduled day in the fall and spring, whether they attend in person or remotely. Lately, however, students across the country have been getting more and more unscheduled days off—and it isn’t due to winter storms, rolling blackouts, or any other weather-related incident.
The cause of many unexpected school closings these days is cyberattacks.
The rise in cyberattacks on educational institutions
With 1,241 reported attacks between November 2020 and October 2021, the education sector ranked in the top 10 for industries being targeted with cyberattacks.
These attacks typically take the form of a data breach, ransomware, or a denial of service. In a data breach—what people often think of as the traditional “hack”—a cybercriminal infiltrates the school’s network, often via an unsecured device, and steals valuable data. A ransomware attack encrypts the school’s data and holds it “hostage” unless the school pays up. And in a denial-of-service (DOS) attack, the attacker floods the network with so many meaningless requests it is unable to function.
Over Labor Day weekend 2022, the country’s largest school district, the Los Angeles Unified School District (LAUSD), with more than 540,000 students and 70,000 employees, was the victim of a ransomware attack. LAUSD was one of 26 US school districts, along with 24 colleges and universities, that succumbed to reported ransomware attacks in the first nine months of 2022. With ever-tightening school budgets, schools need to take protection against this risk.
Due to the escalation of attacks, the US government, through the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA), has issued a warning that the education sector is vulnerable to cybersecurity risks.
Schools, colleges, and universities collect and maintain a lot of personal data, not only about their students and students’ parents but also their faculty. Compared to their counterparts in the corporate world that have enacted stricter cyber defenses, the defenses in the education sector are often relatively lax, making low-risk, high-reward targets.
Four actions a school can take to thwart a cyberattack
If you maintain any amount of personal data, you will inevitably and eventually become a target of a cyberattack. Although schools, colleges, and universities cannot prevent every single attack, they can reduce the likelihood an attack succeeds. Here are four actions that will help secure a school’s network.