Need proof that cyber threat actors are ruthless? Look no further than the fact that they’re going after schools.
Corporations aren’t the only institutions that have faced dramatic upheaval over the last couple of years. K-12 schools have had to get creative to keep students engaged and connected through a roller coaster of closings and blended hybrid-, in-person-, and remote-learning models.
As if that’s not enough of a challenge, threat actors are capitalizing on the widespread adoption of devices for both remote learning and in-person learning. The abrupt transitions between models often didn’t accommodate optimal security protocols, and threat actors know it. Nearly 85% of educational institutions allow students, teachers, and faculty to use personal devices on school networks.
As hard as it is to stomach, education is frequently among the top industries targeted by cyber threat actors. Microsoft released trend analysis data indicating more than eight in 10 reported cyberattacks are against schools. And the attacks are rising.
Clearly, this is the last thing K-12 districts, educators, staff, parents, and students need. How is it happening? Ransomware and malware typically infect devices using a link that is designed to look legitimate and can easily trick even someone who is educated on cybersecurity. You can imagine how vulnerable students are, particularly younger ones. Mobile and personal devices used on school networks are certainly part of the problem, but not the whole story. When school-owned devices are checked out and lost or used on a non-secure network, threat actors can get a foot in the door.
BLENDING ACCESS AND SECURITY
Digital tools are an increasingly essential component of K-12 education, even in districts that aren’t—or never were—utilizing an e-learning model. Kindergarteners use tablets in the classroom. By early elementary school, many students receive district-issued devices to use. And older students frequently use a combination of personally-owned and school-owned devices.
Cybersecurity literacy is important to teach when students are relying on devices, but it’s not reasonable to expect that every teacher at every school has the knowledge or time to educate students on the extent of the risks, let alone monitor for risks. And K-12 IT departments—if they exist at all—are overwhelmingly understaffed and under-resourced.
PROTECTING STUDENTS AND SCHOOLS
Student safety and privacy are a key focus for school districts and administrative bodies, but funding and resource limitations inhibit the kind of action needed to combat these critical vulnerabilities.
And cyberattacks are costly—in this case, an ounce of prevention can be worth many pounds of cure. Here are three steps that school districts can take to help stem the flood of attacks:
• Asset management solutions: It’s important for school administrators to be able to map, track, manage, and secure all devices at all times. It’s likely IT does not have the staff or resources to manually track and manage a disparate fleet of devices with a range of operating systems.
• Standardized best practices: Everyone—students, staff, parents, and administrators—need to be on the same page when it comes to cybersecurity best practices. Streamlined authentication, authorization, and monitoring solutions help manage resources and cut down on risks and unauthorized activity.
• Enhanced training: Since an estimated 95% of cybersecurity issues are due to human error, enhanced training focused on device safety can go a long way toward preventing attacks. Again, it’s not reasonable to expect every teacher to have the time or knowledge to provide this training, so a standardized training protocol that can be issued school- or district-wide can go a long way.
These strategies can help mitigate attack risk and reduce the amount of time staff and administrators need to spend tracking and managing devices. Fewer lost and compromised devices mean significant savings, with a better and more intuitive user experience. Streamlining the process translates to less time worrying about security and more time learning. And that works for everyone.
Bill Harrod is Federal CTO at Ivanti, a global technology company on a mission to enable and secure the Everywhere Workplace.