Procurement decisions in educational institutions are critical and can have serious implications for cybersecurity. A notable example involves a district that suffered a ransomware attack due to poorly chosen software. This subpar software selection allowed hackers to bypass firewalls, access sensitive student data, and threaten schools with blocking access to all computer sytems throughout the district. The repercussions extended beyond data theft; parents in the district were subsequently targeted with extortion demands, highlighting the broader consequences of these cybersecurity failures. This incident underscores the importance of meticulous vetting and strategic decision-making in the procurement of digital tools and services to protect schools from cyber threats.

Prevalence and Nature of Cyber Attacks: Schools are “Target-Rich and Cyber Poor”

Did you know that there were more than 7.6 million malware attacks on kindergarten-12th grade classroom devices in the last 30 days? Education is the most affected industry when it comes to cyberattacks, with the next most affected industry being retail and consumer goods, which experienced approximately 900,000 malware attacks in the same period. According to the Cybersecurity & Infrastructure Security Agency (CISA), schools and districts across the nation are considered “target-rich, cyber poor” due to the lack of protection and the wealth of information they store, including personal details about students, families, teachers, and support staff.

K-12 schools have increasingly become targets for cyberattacks, including ransomware, phishing, denial-of-service (DDoS), and video conferencing disruptions. These attacks can cause significant interruptions in educational activities, result in the loss of sensitive data, and incur substantial financial costs to mitigate the damage. The rise in cyber threats, particularly ransomware, is driven by the digital expansion in schools, the adoption of cloud-based systems, and the reliance on technology for both in-person and remote learning. The complexity and frequency of these attacks underscore the urgent need for robust cybersecurity measures in the education sector.

Consequences of Cybersecurity Breaches

The impact of cyber attacks on schools is far-reaching. Beyond the immediate disruption to educational services, these incidents can compromise the personal information of students and staff, potentially leading to identity theft and financial fraud. High-profile cases, such as the ransomware attack on the Los Angeles Unified School District, underscore the severe consequences of cybersecurity breaches, where sensitive data was exposed publicly, intensifying the pressure on affected institutions​.

Current Measures and Recommendations

Efforts to bolster cybersecurity in K-12 schools have been substantial but remain inconsistent across districts. The Cybersecurity and Infrastructure Security Agency (CISA) and other bodies emphasize the importance of investing in effective cybersecurity measures, recommending that districts prioritize the most impactful security investments to develop a long-term cybersecurity plan. Despite challenges such as limited budgets, resources, and technical expertise, schools can take immediate steps to improve their cybersecurity posture. Implementing these key recommendations from CISA can help schools better protect their sensitive data, systems, and networks from cyber threats:

1. Implement Multi-Factor Authentication (MFA):

Multi-factor authentication (MFA) enhances security by requiring users to provide multiple forms of identification before accessing systems or data, significantly reducing the risk of unauthorized access to sensitive information like student records, financial data, and administrative systems. Educating staff, students, and parents about the importance and effective use of MFA is essential. The National Institute of Standards and Technology (NIST) recommends changing passwords once per year unless there is an immediate threat. Frequent password changes can lead to minor, predictable alterations, making accounts more vulnerable. Annual password changes encourage the creation of entirely new passwords, improving security.

2. Mitigate Known Exploited Vulnerabilities:

Regularly update and patch software, operating systems, and network devices to address known vulnerabilities. Conducting vulnerability assessments and penetration testing to identify weaknesses in the school’s IT infrastructure, and establishing a process for promptly addressing and mitigating identified vulnerabilities will minimize the risk of exploitation by malicious actors.

3. Implement and Test Backups:

Regularly backing up critical data, including student records, financial information, and administrative documents, will ensure continuity of operations in the event of a cyber incident. Store backups securely and offline to prevent them from being compromised in the event of a ransomware attack or other cyber threats, and test backup systems and procedures regularly to verify data integrity and the ability to restore systems and services effectively in case of a cyber emergency.

4. Regularly Exercise an Incident Response Plan:

Develop a comprehensive incident response plan that outlines roles, responsibilities, and procedures for responding to cybersecurity incidents such as data breaches, malware infections, and phishing attacks. Conduct tabletop exercises and simulations to test the effectiveness of the incident response plan, ensuring that staff members are prepared to respond quickly and efficiently in the event of a cyber incident. Regularly reviewing and updating the incident response plan based on lessons learned from exercises and real-world incidents will improve the school’s cyber resilience.

5. Implement a Strong Cybersecurity Training Program:

Ensuring that teachers, support staff, and students/parents have a general knowledge of cybersecurity is vital. Provide cybersecurity awareness training to all staff, students, and parents to educate them about common cyber threats, such as phishing, social engineering, and malware. Emphasize good cyber hygiene practices, including creating strong passwords, avoiding suspicious links and attachments, and promptly reporting security incidents or concerns. Offer specialized training for IT staff and administrators to ensure they have the necessary skills to implement and maintain effective cybersecurity measures throughout the school’s IT infrastructure.

Free resources and training to help teachers, support staff, students, and parents protect themselves and the school or district when operating online can be found here:

• The National Cybersecurity Alliance

• The National Initiative for Cybersecurity Careers and Studies

• Common Sense Education

• My Cyber Hygiene

Using Artificial Intelligence (AI)

With the growing use of public generative AI applications like ChatGPT, Bard, and Claude, schools and districts must understand the difference between public and private AI. The International Association of Privacy Professionals (IAPP) warns that information entered into public generative AI applications becomes public, risking the exposure of sensitive data. Conversely, using private AI applications allows schools to control data more effectively. When using private AI, schools must implement IT best practices, including encrypting data, securing it with multi-factor authentication, and adding protections such as auditing and tracking to safeguard students’, parents’, and teachers’ information.

Recommended Cybersecurity Software

The incident recounted at the top of this article emphasizes that procurement decisions are crucial when it comes to investing in software solutions for schools to protect against cyber threats and attacks. The following software solutions are widely recognized for their effectiveness and are used by educational institutions worldwide to safeguard against various cyber threats:

1. Cisco Umbrella

Cisco Umbrella is a cloud-delivered security solution that provides comprehensive protection for users on and off the school network. It offers features such as DNS-layer security, secure web gateway, firewall, and cloud access security broker (CASB) functionality. Cisco Umbrella is particularly useful for schools as it helps block threats before they reach the network and provides detailed visibility into internet activity.

2. Sophos Intercept X

Sophos Intercept X is an advanced endpoint protection solution that uses deep learning technology to detect and prevent malware and other cyber threats. It offers features such as ransomware protection, exploit prevention, and active adversary mitigation. For schools, Sophos Intercept X provides an easy-to-manage solution that protects all endpoints, including laptops, desktops, and servers.

4. Kaspersky Total Security for Business

Kaspersky Total Security for Business is a comprehensive security solution that provides advanced threat protection, data protection, and system management. It includes features such as anti-malware, anti-phishing, firewall, and application control. Kaspersky’s solution is suitable for schools as it offers robust protection for all devices and data, ensuring the safety of both students and staff.

Leveraging State and Federal Resources to Improve Cybersecurity Posture

K-12 schools can enhance their cybersecurity posture by leveraging state and federal resources, such as guidance documents, training programs, and cybersecurity frameworks. Staying informed about regulations, guidelines, and best practices from state education departments, federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA), and industry organizations is essential. Collaborating with other schools, districts, and educational organizations to share information and resources fosters a community-driven approach to cybersecurity resilience.

Schools should also take advantage of cybersecurity grants and funding opportunities from state and federal governments, as well as private organizations, to support their cybersecurity initiatives and infrastructure improvements. Following are some grant opportunities to explore:

1. State and Local Cybersecurity Grant Program (SLCGP): Administered by the Department of Homeland Security (DHS), this program provides funding to state and local governments to enhance their cybersecurity capabilities, which can be utilized by K-12 schools through partnerships with local government entities.

2. Cybersecurity and Infrastructure Security Agency (CISA) Grants: CISA offers various grants and funding opportunities to support cybersecurity initiatives, including those tailored to the educational sector.

3. Department of Education Grants: The U.S. Department of Education offers various grants that can support technology and infrastructure improvements, including cybersecurity enhancements.

4. State-specific Grants: Many states offer their own cybersecurity grants and funding opportunities for schools. These can vary widely by state, so schools need to check with their state departments of education or other relevant state agencies.

By exploring these and other grant opportunities, K-12 schools can secure funding to support and enhance their cybersecurity initiatives.

Moving Forward

To effectively address cybersecurity vulnerabilities, K-12 schools must adopt a comprehensive approach that involves educating and raising awareness among all stakeholders—students, teachers, staff, parents, and administrators. By providing cybersecurity awareness training, emphasizing good cyber hygiene, and encouraging prompt reporting of security incidents, schools can foster a culture of transparency and accountability. Building a strong cybersecurity culture requires commitment and involvement at every level, promoting shared responsibility for protecting sensitive data and systems. Integrating cybersecurity principles into the curriculum empowers students to navigate the digital world safely. As cyber threats evolve, schools must continuously update their practices to protect the educational environment, ensuring the safety and privacy of students and staff.

This article is based, in part, on the following articles:

1. https://www.cisa.gov/K12Cybersecurity
2. https://www.edweek.org/products/quiz/quiz-yourself-how-much-do-you-know-about-cybersecurity-for-schools-and-districts?utm_source=eb&utm_medium=eml&utm_campaign=QUIZ&M=9670710&UUID=d3a95427a0c28e2a7db746003606d815&T=12773211
3. https://www.flexpointeducation.com/blog/posts/flexpointers/2023/12/07/4-ways-to-transform-school-cybersecurity-measures
4. https://www.gao.gov/blog/cyberattacks-increase-k-12-schools-here-whats-being-done
5. https://www.techlearning.com/news/k-12-cybersecurity-in-2023-ransomware-ai-and-increased-threats
6. https://blog.sonicwall.com/en-us/2023/03/sonicwall-data-shows-attacks-on-schools-skyrocketing/

Ymkje Wideman-van der Laan is an author and certified autism resource specialist with a background in teaching. Originally from the Netherlands, her work has taken her around the world, where she helped set up classrooms and children’s libraries in under-resourced areas in Asia and the Middle East. In 2006, she moved to the United States to care for her infant grandson, Logan, who was later diagnosed as autistic. This personal experience deepened her commitment to autism advocacy and education. Currently, Ymkje lives in California with her 17-year-old grandson and uses her expertise to lead autism training workshops. She works with early childhood educators, teachers, parents, and caregivers, offering practical guidance on supporting autistic individuals.