Cyber-attacks have been making headlines after massive data breaches at Fortune 500 companies. According to a recent report by the Business Continuity Institute[1] and the British Standards Institution, nearly nine in 10 businesses worldwide are worried about the threat of cyber-attacks.

Recently, the panic has spread to educational institutions. Unfortunately, schools, colleges and universities are perfect targets, often possessing out-of-date security systems and a wealth of sensitive, monetizable student data. According to the Wall Street Journal[2], cyber attackers have struck more than three dozen schools this year, including recent news of an attack on the Flathead Valley School District[3].

Experts warn these attacks are likely to increase, and educational institutions are increasingly prioritizing investment in technology and systems to prevent cybersecurity breaches.

On October 16, the U.S. Department of Education issued a letter[4] for teachers, parents, students and administrators warning against the dangers of hackers. It recommends infrastructure change and preventative measures. According to the letter, “the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.”

Hackers aren’t slowing down, so it’s important for educational institutions to employ proactive methods to prevent cyberattacks and protect data and reputational assets.

How to mitigate a #cyberattack on your #school

Recognizing an Attack

Ninety-one percent of cyberattacks start with a phishing email, according to a study by PhishMe[5]. Email scams frequently attempt to trick an employee into clicking an email link, which launches malicious software that compromises the security of the employee’s network. The FBI estimates[6] that compromised email accounts for $3.1 billion in losses per year worldwide.

To prevent an attack, it’s important to train employees to look for the three most common types of email hacks:

  • Fake email coming from a company executive or colleague
  • Fake invoice from a supplier whose email address has been spoofed
  • Fake email from an attorney requesting funds or information about a deal

Even if the employee doesn’t send a payment or transfer funds in response to the email, simply clicking a link in a phishing email could cause a chain of events that compromise the network. 

(Next page: More tactics to prevent cyberattacks in schools)

About the Author:

John Lenckos is senior vice president, Specialized Industries, Bank of America Merrill Lynch.