Jan 06 2021

Schools Strengthen Defenses Amid Increases in Cyberattacks

As the number of cyberattacks against schools increase, districts are investing in more holistic and proactive defenses.

Cybersecurity threats are always evolving. And at Eastern Carver County Schools, IT staff work constantly to strengthen their defenses.

That’s why Information Systems Administrator Craig Larsen ensures the district gets annual independent security audits and quickly fixes any vulnerabilities that are discovered. It’s also why in the spring, when the Minnesota district shifted to remote learning, and in the fall when ECCS implemented hybrid instruction, Larsen added new safeguards to better secure the remote workforce.

“We never anticipated that every staff member would work from home, so we needed to shore things up around remote staff and security,” Larsen says.

Now, about 2,000 ECCS administrators, staff and teachers — all equipped with Dell notebooks — regularly work from home. To reduce the risk of cyberthreats, Larsen and his team have installed Ivanti management software on each laptop to support remote updates with the latest software patches and security fixes.

“Schools are extremely soft targets with many avenues of attack,” Larsen says. “You have to take these kinds of measures and have the right tools in place to stay on top of security.”

The team has also replaced traditional, signature-based, anti-virus software with Carbon Black’s more comprehensive endpoint security software, which uses behavioral analytics to spot suspicious activity and block attacks.

Cybercriminals have stepped up their attacks on school districts during the pandemic as most schools have operated almost entirely online or have taken a hybrid learning approach. Hackers are also attempting to exploit weaknesses from all the new remote users and devices on district networks. In fact, this fall, districts have seen a rise in ransomware infections, successful phishing scams over email, denial-of-service attacks and “Zoom bombing” incidents in which outsiders disrupt online classes, says Doug Levin, founder of the K–12 Cybersecurity Resource Center.

“This fall has been historically bad,” Levin says. “There are some districts that are relying on technology more than they used to, and that represents new threats to these districts.”

While it’s well established that some K–12 schools are easy targets for cybercrimes, some districts — such as ECCS — are more proactive about mitigating cybersecurity threats. During remote learning and hybrid instruction, these districts have beefed up remote access security to prevent data breaches, and have adopted cloud security tools to better protect data and improve student safety.

Beefing Up Schools’ Remote Access Security

Besides the addition of remote patch management and next-generation endpoint security, ECCS largely had all the necessary cybersecurity measures and tools in place when the pandemic hit, Larsen says.

“Because we had so much in place, the transition was much simpler for us,” he says.

A school technology and security levy that voters approved six years ago gave ECCS the funds to launch a one-to-one initiative with Chromebooks and implement a comprehensive security strategy, Larsen says. For example, the IT department had previously standardized on Palo Alto Networks’ GlobalProtect VPN software, which allows employees to connect to the school network through a secure, encrypted connection.

Craig Larsen, Information Systems Administrator, Eastern Carver County Schools
You have to take these kinds of measures and have the right tools in place to stay on top of security.

Craig Larsen Information Systems Administrator, Eastern Carver County Schools

The 9,900-student, 22-school district also previously deployed Cisco’s Duo multifactor authentication tool, which strengthens security by requiring employees to verify their identity a second time by texting them a one-time code on their smartphones.

When the coronavirus pandemic forced employees to telecommute, Larsen increased the number of VPN and multifactor authentication licenses from 50 to 500 to support the influx of users needing remote access.

“We still have a lot of local storage in our environment,” he says. “Our users need access to file systems, whether they are shared drives or user folders.”

Securing the Cloud Environment Amid Increased Use

As school districts increasingly rely on the cloud, their IT departments are deploying new cloud security apps to gain better visibility into cloud resources and better manage user behavior and prevent data breaches.

Some cloud solutions have protections baked in. In fact, Bremerton School District in Washington state is less worried about getting hacked during online learning because students and teachers use Chromebooks, which offer built-in security features, says Justin Feltus, the district’s system administrator.

The Chromebooks’ web-based Chrome OS automatically updates with the latest security fixes, while open tabs are “sandboxed” or isolated so threats are contained. Google’s web-based administrative tool also allows Bremerton’s IT department to centrally configure the devices and manage policies, such as the types of apps or extensions students can access.

“Students can’t get to stuff they are not supposed to get to,” Feltus says.

The 5,000-student, 14-school district also deploys additional cloud-based security tools to filter web content, protect data and ensure students are safe. The tools monitor for keywords, such as cyberbullying and suicide, and immediately alert IT staff who notify school administrators.

GoGuardian allows for off-campus web content filtering to prevent students from accessing objectional content, while ManagedMethods, a cloud access security broker tool, protects against malware and phishing attempts, scans for suspicious login attempts and makes sure sensitive data, such as credit card numbers and individualized educational program information for students with disabilities, doesn’t leave the district, Feltus says.

“If there’s an email with personally identifiable information, we flag it and don’t let it go out,” he says.

ECCS takes a similar approach. The district used cloud resources before COVID-19, but since the pandemic its cloud usage has skyrocketed, Larsen says. District employees use Microsoft 365, while students and teachers work on Google apps for education, including the Google Classroom learning management system, the Google Meet videoconferencing service and Google Workspace for productivity.

Larsen also previously deployed two cloud security tools to manage the cloud environment: Securly, a web content filter that also uses algorithms to monitor online activity for bullying, thoughts of suicide and depression; and ManagedMethods, which manages both the Microsoft 365 and Google environments.

“Before ManagedMethods, we had zero visibility into files. Now, it scans emails and stored documents, and stops phishing and whaling attacks,” he says. “We also have rules in place for data loss prevention.”

10,000

The number of emails that Eastern Carver County Schools’ Mimecast email filter rejects every day because of spam, viruses, malware or other security concerns.

Source: Source: 1Eastern Carver County Schools

Doing ‘Our Best’ to Manage Increased Cybersecurity Threats

In California, CTO Kurt Madden of Fresno Unified School District subscribes to the adage that it’s not if, but when organizations will get disrupted by a cyberattack. His aim is to throw enough roadblocks to prevent it from happening at his district anytime soon. His IT security infrastructure defends against 10 to 15 cyberattacks every second, while its email filter blocks 2 to 3 million emails a day that contain spam, viruses and malware.

The Fresno district, with 74,000 students and 10,000 employees across 106 schools, is doing full online learning this fall. The district, which was in the middle of deploying a one-to-one initiative over three to five years, ended up rolling out Lenovo notebooks to every student in three to five months instead because of the coronavirus.

Distance learning has increased security risks because students have gone from using devices at schools for several hours a day to all hours of the day at home, Madden says. “The devices are used 24/7. The increase of the attack surface compared with three to four hours a day at school is a huge difference,” he says.

Madden and his IT staff use multiple security applications to protect the devices. They use Microsoft Endpoint Configuration Manager to remotely install Windows updates and software patches and Microsoft Defender for Endpoint to protect against phishing, ransomware and malware attacks.

When the pandemic forced the district to switch to online learning, Madden installed a Cisco Umbrella app on every notebook for off-campus web content filtering. The IT staff also installed Absolute Software’s Computrace software, so if devices are lost or stolen, the district can track their location and remotely wipe their hard drives.

Overall, the district has been successful in staving off attacks — and Madden hopes to keep it that way.

“We have 100 people on the IT staff, but we are outnumbered by 10,000 employees and 70,000 learners, he says. “We just have to do our best.”

Illustration by Taylor Callery