A universal truth over the last two years within the education sector has been this: Students need to continue learning, whether in school, at home, or somewhere in between. For many school systems and institutions, this meant sending students home with whatever device they could get their hands on–even ones that had been earmarked for disposal. Technology had to be put into the hands of students, one way or another. For many, this came at the cost of proper security precautions. Schools and institutions were at higher risk of security attacks, with more sensitive online data than ever before.
In the two years since the onset of the COVID-19 pandemic, most schools have returned to a fully in-person learning environment. However, for many, the damaging effects linger–in 2021 alone, 67 separate ransomware attacks impacted 954 schools and colleges, putting at risk the personal data of more than 950,000 students, according to a study by security firm Comparitech.
As we head into a new school year, it is time to ask ourselves: How can we better prepare and protect our students to be a line of defense against malicious attacks? And furthermore, who is tasked with properly training them?
Here are some crucial considerations when it comes to the future of school cybersecurity training.
Why do schools have poor cybersecurity posture? How has COVID changed this?
Schools have been susceptible to cyberattacks as long as any other technology-using industry. While prior to COVID much learning, and even homework, was done offline, records, grades, data, etc. have been stored online for quite some time. However, unlike many technology companies and legacy organizations, there’s been a notorious lack of computer science training for school IT professionals. Education IT teams have been stretched so thin with the onslaught of remote learning, they had to scale, plan, and remediate at a quicker pace than ever before.
With this in mind, security and protection took a backseat to the idea of simply making sure every student had a device to work from. Few schools had proper security posture to begin with, and the rapid dispersal of devices and re-imagined use of previously retired devices created larger holes and pressure points in security posture than ever before. Schools, over time, simply became more susceptible while simultaneously getting no new protections.
Who is the most accessible target for a school ransomware attack?
What schools found, at an unfortunately rapid pace, was that their initial fear of learning loss was realized when they were ransomed. Many worried that students would miss out on class without the proper tools, sent them home with unprotected devices, and then suffered learning loss anyways–often for longer periods of time–when their systems were attacked during the pandemic.
Unfortunately, students are the most susceptible to cyberattacks. While schools can take every precaution in terms of ad-blockers, restricted websites, and patching updates, students are learning tech hacks at a rapid pace to maneuver these safeguards. While employees may receive intermittent “phishing tests” or requirements for security training from their employers, students are presented with these learning opportunities far less often – even if they are the ones more likely to be targeted with these phishing scams and suspicious links.
If students haven’t been properly trained, who is responsible for improving cybersecurity education?
Luckily, in many places, school curriculums continue to evolve and incorporate important developments. This often includes computer science courses and resources, where there one was something like “typing.” In an ideal setting, schools would implement cybersecurity training across the board. From students, to teachers, even to parents–everyone should be given the proper education and training to respond to a cybersecurity event, and avoid them in the first place.
Consider a multi-pronged approach, starting with summer vacation. IT teams should ensure that proper security controls are activated on student devices- it’s best to take as much of that responsibility away from the students as possible. Next, send a letter to parents on how to make sure their child’s device is updated, and fraudulent signs to look out for in future school communication. Lastly, help teachers and students understand what to do to improve security. Maybe it’s a checklist for “signs of a cyberattack” or a simulation that teachers can run once a semester to stay up to date. No solution will be a fix-all, but if your school is consistently looking for new solutions and staying cognizant of ransomware signs, you’ll be better prepared than most.
Unfortunately, bad actors will always be evolving. They’ll learn common precautions and defense mechanisms, and quickly move to outsmart them. Fortunately, schools are constantly evolving as well: building new curriculums, activating new tools and methodologies, and finding new ways to empower their students. If these communities–students, teachers, parents, administrators, and IT teams–can work together to approach security in the same way, schools will be better equipped to protect themselves this year and in years to come.
- 9 ways collaborative learning benefits teachers and students - December 4, 2023
- Helping students navigate college majors - December 4, 2023
- The academic implications of AI in student writing - December 1, 2023