In June 2020, Politico reported that the U.S. Federal Bureau of Investigation sent a security alert to K-12 schools warning them of an increase in ransomware attacks. K-12 institutions have limited resources that leave them vulnerable and make it difficult for them to invest in cybersecurity measures to fend against such attacks.
Even before the COVID-19 pandemic forced schools to switch to online and remote learning models, teachers and students were facing a multitude of cybersecurity and vulnerability issues. In fact, according to the K-12 Cyber Incident Map, there have been over 1,000 cyber ‘incidents’ since 2016.
The sudden shift to online learning with the onset of the pandemic has increased the possibility of ransomware attacks, phishing, and network hacks on online learning management systems, mobile apps, and other digital resources. Given the already-existing issues of cyberbullying and malware attacks on computers, schools are facing a veritable smorgasbord of potential threats to the safety of their students and staff.
In response, federal lawmakers have put a new focus on improving cybersecurity, particularly in schools. Proposals such as The National Cyber Director Act and the PROTECT Act seek to promote career awareness, provide resources, and help develop cybersecurity skills on a national level. Although these pieces of legislation are in the works, schools are still left with the constant threat of security breaches looming over them. How can schools protect themselves from cyberattacks in the meantime?
The Consortium for School Networking offers a helpful guide on addressing cybersecurity during COVID-19. Ultimately, the steps a school takes depend on the potential issues it is facing. Below are some of the key challenges facing schools and ways of addressing them:
- Districts Are Shifting Classrooms to the Cloud
As of 2020, 97% of districts are using cloud-hosted learning management systems, such as Google Classroom. Students and teachers also use cloud apps to attend class remotely, communicate with each other, turn in coursework, and submit grades. When using cloud apps rather than more secure school-based networks, additional security measures like two-factor or multi-factor authentication can help limit and secure access to this information.
- Videoconferencing Is Increasing
As the pandemic spread, videoconferencing platforms like Zoom, Google Meet, Cisco WebEx, and Microsoft Teams gained in popularity for taking the classroom online. However, these platforms are designed for commercial businesses. IT professionals were not given enough time to thoroughly vet and troubleshoot such software for large-scale use, and districts started experiencing unauthorized hijacks of their virtual meetings, disrupting classes and putting students’ private information at risk. To curb the possibility of such attacks, the CyberSecurity and Infrastructure Security Agency suggests educators use only school-approved platforms to conduct virtual class meetings. By taking just a few additional precautions, educators can increase video security:
- Require passwords to enter meeting rooms
- Send invitation links directly to students rather than making them available to the public
- Ensure that settings for class meetings are private and not public.
- Student Data Privacy Is at Risk
The use of external networks also makes it more difficult for schools to detect when sensitive data has left their information systems. Operating on clouds and using privately-owned rather than school-supplied devices leave faculty and students vulnerable to data breaches. The typical security measures that protect school devices and networks, such as firewalls, antivirus software, and content filters, are often not available on home devices and cloud apps. But when districts provide devices for faculty and students, they can control updates to firewalls, content filters, and other protective software.
Districts that cannot afford to invest in 1:1 equipment for students, must take the responsibility of assisting parents with online security. This would include:
- Notifying parents that content filtering is not provided when students use a home browser to access non-school resources
- Advising parents that enabling content blocking on their home network will keep both their student and their schools more secure
- Referring families to free or affordable resources to create home-learning environments that are cyber-safe
By staying alert to potential threats, taking appropriate measures to safeguard against cyberattacks and being prepared with responses should they occur, educators can help improve online safety for teachers, students and their families.
Learn more about TAMIU’s Master of Science in Curriculum and Instruction with a Specialization in Educational Technology online program.
Sources:
Consortium for School Networking: Cybersecurity Considerations in a COVID-19 World
Jacky Rosen: U.S. Senator for Nevada: PROTECT Act
K-12 Six: The K-12 Cybersecurity Resource Center
Politico: FBI Alerts on Ransomware Threat to Schools