3 Cybersecurity Resolutions for K–12 School Districts
As K–12 schools discovered better ways to use technology, experts aren’t surprised that they also saw a great increase in cyber incidents in the past year.
“[Bad actors] are looking for vulnerable targets,” Doug Levin, president of research and counsel consultancy Ed Tech Strategies, tells THE Journal. “My sense is that as schools increase reliance on technology, [cybercriminals] are finding that schools are softer targets.”
In one extreme example, in September of this year, Columbia Falls Schools in Montana was targeted by an overseas hacking group, which stole information and then sent specific, violent cyberthreats in an extortion attempt. Since the attack, the Flathead Beacon reports the district has beefed up its technology to support security, but officials fear that it might not be enough.
Though cyberattacks are increasing in volume, frequency and sophistication, there are some steps that schools can take to better protect themselves in the new year.
1. Start with Digital Citizenship
For districts such as Bremen Public Schools in Indiana, digital citizenship lessons start from the second students touch the keyboard. By educating them on everything from cyberbullying to maintaining privacy, the district is making sure that students use caution online at school and at home.
But, what about teachers? In order to make sure that educators know how to teach digital citizenship, Google launched a free online training course for educators that runs the gamut from informed searching to scam safety.
With an increase in phishing attacks that resemble secure emails from commonly used productivity tools, such as Google Docs, this kind of education will be important for teachers and students alike.
2. Keep Security in Mind with Device Rollouts
Whether a school has one-to-one Chromebooks or supports a BYOD program, security issues arise when more devices are connected to the networks.
For BYOD programs, these issues come with an unknown device connecting to the network. At Mountain Brook Schools in Birmingham, Ala., a virtual local area network (VLAN) segments traffic, so that each part of the network has different security permissions. It keeps devices from outside the network away from important internal resources.
Other schools have turned to tools such as Windows Information Protection to let users access the data they need on their personal devices without compromising security. The tool also allows K–12 IT to “enlighten,” or differentiate between personal and business, apps that they can trust.
Classroom device management tools, such as Chrome Management Console, can also help teachers deal with a large number of student devices and prevent students from straying too far away from academic use.
“These tools can empower teachers by letting them see what students are doing and redirect the class at a moment’s notice,” writes CDW•G learning environment advisor Joe McAllister on EdTech.
3. Increase Network Monitoring to Reduce Threats
Sometimes bad actors do damage from inside school walls.
Several distributed denial of service (DDoS) attacks hit Miami-Dade County Public Schools’ network in Florida just in time for computer-based standardized testing, making it appear as though a student might be responsible for the mischief.
Whether it’s a student executing a DDoS attack or outside criminal looking for valuable information to ransom, monitoring networks closely is the best place to start thwarting attacks.
By increasing vigilance during testing periods and creating rules on network routers, switches and firewalls to recognize the signs of attack, Miami-Dade County Public Schools can now stop attacks before it knows they’ve happened.
“These attacks are not obvious, but we’ve tuned our tools to pick up the right metrics,” Paul Smith, the district’s director of data security and technical services, tells EdTech. “Sometimes we get a call from our ISP telling us we’re under attack, and we found out that we’ve already mitigated it with the tech we have in place.”
