This past August, the Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC), which serves state and local governments, reported that it expects an increase of as much as 86 percent in cybersecurity incidents aimed at K-12 school systems over the course of the current school year. Attacks on schools had already increased during the rush to distance learning during the pandemic. Having found some fairly easy targets, attackers are now piling on with threats like phishing schemes that can lead to ransomware, data theft and other criminal activity.
K-12 organizations almost never attract the highly sophisticated types of attack used for stealing national secrets. However, they are regularly attacked by a plethora of hackers looking for a quick buck or worse, wanting to steal the personally identifiable information of teachers, staff, and especially young students with blank slate credit histories ripe for exploit.
Countering these rampant threats is especially difficult when factoring in one of attackers’ most valuable victim profiles: children. Growing up in a continually connected world, the internet is integral to the lives of today’s young students. But digital natives aren’t necessarily being taught about proper cyber hygiene practices needed to safeguard their home or school technologies. For schools, the risks are compounded by the increased number of personal devices being connected into the school network, where hidden threats can quickly spread. Once hackers gain a foothold in the system, poor cyber hygiene also improves their ability to move later and escalate privileges as they go, compounding the damage.
Accordingly, it’s very important for K-12 organizations to prioritize cyber hygiene practices that can help limit exposure from pervasive attacks. The following policies and actions will support schools’ preparedness:
- Make cyber hygiene everyone’s top priority: A recent study by IBM shows that human error remains the main cause of 95 percent of cybersecurity breaches. That’s especially hard to overcome when we are talking about the behaviors of children. A lot of attempted attacks can be thwarted by simple actions like:
- Following prompt, effective patch management policies
- Running regular scans to detect and eliminate open ports to the internet
- Making it impossible for users to select easy-to-guess passwords like “password” instead of complex combinations of random numbers, letters and symbols