In the face of continued uncertainty related to the pandemic, families like mine prepared for a return to school that still looked a little bit more like normal this year. For many parents, teachers and caregivers who struggled through a year of remote learning, with all of its online homework assignments and Zoom classes, this has been a major relief.
In my case, and admittedly more so for my superhero wife, last year involved the all-but-impossible task of wrangling 6- and 8-year-old children in front of a screen two to three times a day and somehow keeping them there through bathroom break requests and hunger pangs that only conveniently cropped up during online learning sessions.
It also meant enforcing dedicated “asynchronous learning” time for children who desperately need synchronous learning routines alongside their friends to conform to normal classroom behavior (i.e. “If my friends are paying attention, maybe I should too”). Now throw in the added complication that our children’s school had no way of restricting access to apps or websites such as YouTube on their school-issued devices, and the parenting intensity meter just about redlines.
But even with a (hopefully) easier school year on the horizon, the tech-related headaches may not be over just yet. Recent research shows that cybercriminals started aggressively targeting K-12 schools during the pandemic. According to federal government data, schools accounted for 57 percent of all ransomware attacks this past fall, doubling from the previous spring and summer. This past spring, a survey of parents of school-age children in the U.S. and found that 55 percent of them have experienced cyberattacks on their schools while their kids were attending.
Experts explained that the abrupt move to online learning in March of 2020 suddenly put massive amounts of student data online, creating a larger target for criminals and leaving underfunded school IT administrators with a lot to defend. But now, even with students returning to classrooms, security researchers say the problem won’t go away. The attacks have become higher volume and more brazen over the past year. If history repeats itself, ransomware attacks on school systems will continue to intensify.
The reason for the attacks is simple: money. Ransoms often number in the tens of millions of dollars, and administrators have often simply paid them, out of desperation to protect students and avoid closures. Unfortunately, that’s what keeps the ransomware gangs in business and encourages further attacks. While other organizations are more likely to have budget for data backups and strong defenses, schools often don’t have that luxury.
The public pressure schools often find themselves under is another challenge. The same survey mentioned earlier also found that 72 percent of parents favor having the school pay the ransom in the event of an attack, rather than risk the leak of private student data or the cancelation of classes. As a parent, I fully understand the desire to want to protect the students and doing whatever it takes to prevent their personal information from leaking online. Wanting the school to pay a ransom feels like an immediate fix in such a critical situation.
This is essentially putting a Band-Aid on a bullet wound. Instead of ever paying a ransom, experts say victims should contact the authorities, who may be able to help. There are also ransomware removal tools and decryptors available to help schools remediate the situation. Paying not only encourages the criminals to keep doing it, but also doesn’t guarantee that you’ll recover all of your data. According to another recent study, around 17 percent of ransomware victims who paid still did not get their data back.
There are other promising signs, however. Eighty percent of participants said their school has shared best practices for students and parents. And 75 percent said they talk with their kids regularly about practicing good security hygiene.
As teachers and guardians of children aged K-12, there are things we can do this fall to help. Talk to your students about how to stay safe online. That should include things like using different passwords for every account, always making prompt software updates and never opening links or attachments from suspicious sites or senders.
Schools should share what they’re doing to protect students and how they plan to keep everyone informed. School IT administrators should also be prompt with security updates, as well as create system backups that are not connected to the internet but are easily accessible in the event of an emergency. They should also implement trainings for staff and students to make sure everyone is informed and doing their part. Using multifactor-authentication, requiring everyone who accesses a school network to prove who they are with more than just a password, is also a must.
As simple as those things sound, they may be the key to fighting back against ransomware. Human beings are generally the weakest link when it comes to cyber defense. But if caregivers, students, and teachers do their part when it comes to practicing security basics, that can go a long way toward reducing schools’ vulnerability to this serious problem.
- At a grim time for math test scores, these districts buck the trend - May 15, 2025
- The business (and busy-ness) of education - May 15, 2025
- Video game design boosts students’ literacy skills - May 14, 2025