With this in mind, security and protection took a backseat to the idea of simply making sure every student had a device to work from. Few schools had proper security posture to begin with, and the rapid dispersal of devices and re-imagined use of previously retired devices created larger holes and pressure points in security posture than ever before. Schools, over time, simply became more susceptible while simultaneously getting no new protections.
Who is the most accessible target for a school ransomware attack?
What schools found, at an unfortunately rapid pace, was that their initial fear of learning loss was realized when they were ransomed. Many worried that students would miss out on class without the proper tools, sent them home with unprotected devices, and then suffered learning loss anyways–often for longer periods of time–when their systems were attacked during the pandemic.
Unfortunately, students are the most susceptible to cyberattacks. While schools can take every precaution in terms of ad-blockers, restricted websites, and patching updates, students are learning tech hacks at a rapid pace to maneuver these safeguards. While employees may receive intermittent “phishing tests” or requirements for security training from their employers, students are presented with these learning opportunities far less often – even if they are the ones more likely to be targeted with these phishing scams and suspicious links.
If students haven’t been properly trained, who is responsible for improving cybersecurity education?
Luckily, in many places, school curriculums continue to evolve and incorporate important developments. This often includes computer science courses and resources, where there one was something like “typing.” In an ideal setting, schools would implement cybersecurity training across the board. From students, to teachers, even to parents–everyone should be given the proper education and training to respond to a cybersecurity event, and avoid them in the first place.
Consider a multi-pronged approach, starting with summer vacation. IT teams should ensure that proper security controls are activated on student devices- it’s best to take as much of that responsibility away from the students as possible. Next, send a letter to parents on how to make sure their child’s device is updated, and fraudulent signs to look out for in future school communication. Lastly, help teachers and students understand what to do to improve security. Maybe it’s a checklist for “signs of a cyberattack” or a simulation that teachers can run once a semester to stay up to date. No solution will be a fix-all, but if your school is consistently looking for new solutions and staying cognizant of ransomware signs, you’ll be better prepared than most.
Looking ahead
Unfortunately, bad actors will always be evolving. They’ll learn common precautions and defense mechanisms, and quickly move to outsmart them. Fortunately, schools are constantly evolving as well: building new curriculums, activating new tools and methodologies, and finding new ways to empower their students. If these communities–students, teachers, parents, administrators, and IT teams–can work together to approach security in the same way, schools will be better equipped to protect themselves this year and in years to come.
- Is the ‘Growing Your Own’ pipeline working for special education teachers? - March 27, 2023
- Helping students understand the Nature of Science - March 27, 2023
- What school leaders need to know about organized cybercrime - March 24, 2023