And this risk won’t go away despite plans for schools to reopen in the fall, as schools rely increasingly on online learning in one form or another.
“School districts throughout the United States suffer from notoriously poor information security,” The K-12 Cybersecurity Resource Center said last year as the COVID-19 pandemic swept across the country.
“The public assumption that K through 12 information security has kept pace with the rest of society is wrong,” the organization said, which tracks K-12 cybersecurity incidents.
Flexible learning styles mean more reliance on computers, online connectivity and learning apps, increasingly exposing schools to the risk of cyberattacks, according to software security company McAfee. (iStock)
As of August, more than 1,100 cybersecurity incidents have been confirmed since the organization began tracking in 2016.
This year, the Broward County public schools in Florida were hit by ransomware demanding $40 million in ransom with threats to expose sensitive student, teacher and employee data. This follows attacks on other schools in Baltimore, Fairfax County, Va., and Hartford, Conn., among others.
The upshot is, flexible learning styles mean more reliance on computers, online connectivity and learning apps, increasingly exposing schools to the risk of cyberattacks, according to software security company McAfee.
And lessons learned from distance learning and virtual classrooms during the height of the pandemic need to be applied going forward.
“Cyber actors could view the increased reliance on—and sharp usership growth in—these distance learning services and student data as lucrative targets,” according to the Cybersecurity and Infrastructure Security Agency (CISA).
More than 1,100 cybersecurity incidents at schools have been confirmed since the K-12 Cybersecurity Resource Center began tracking in 2016. (iStock)
Here are some safety tips for schools and students from CISA and McAfee.
Unwanted visitors: Zoombombing and unintended screen sharing have shown that cameras can be the gateway for security incidents. Be vigilant of unrecognized video chats, screen shares and instant messages “even if it’s in an app they’re familiar with,” according to McAfee. And disable chat when possible or if it’s not clearly necessary.
Watch what you share: Be very careful about what you share. Consider the sensitivity of data before sharing or uploading it to video conference and collaboration platforms. When sharing a screen, make sure only information that needs to be shared is visible (CISA).
Don’t get too personal: When signing up for new learning apps, do not sign up with a personal email address but use a school-provided email address or a username and password, according to McAfee. On the other hand, do not use school email addresses to sign up for unauthorized or free tools (CISA).
Vetting: Always have a vetting process, such as a waiting room, to identify participants as they arrive in a learning session (CISA).
Too much information: “Don’t put too much personal information in the [learning] app profile. Keep location, phone number and dates of birth private if possible,” McAfee advises.
MFA: Use multi-factor authentication (MFA) for apps whenever possible. This is one of the simplest yet effective ways to thwart hackers. (CISA)
Mute: Privacy concerns can also be security concerns. For large meetings “ensure you have the capability to mute all attendees and limit the ability of attendees to share screens…consider giving participants an option to participate by audio only if they have privacy concerns,” according to CISA.