While cyberattacks in the education sector are often targeted at higher education institutions, threats to K–12 schools are on the rise.
Since Jan. 1, 2016, more than 140 K–12 schools and districts have experienced a cyber incident, THE Journal reports.
“Incidents and disruptions have been on the rise,” says Doug Levin, president of Virginia-based research agency Ed Tech Strategies. “We have had more incidents in 2017 than all of 2016. We’ve seen more than double the number of incidents in schools.”
As more K–12 schools use data to fuel education innovation, they are becoming a more enticing target for hackers, Levin tells THE Journal.
With this in mind, and the start of National Cyber Security Awareness Month, we have three basic cyberhygiene tips that every IT administrator should teach their end users.
1. Start with Digital Citizenship Training
For many school districts, digital citizenship training is required before their students are even issued devices. At Bremen Public Schools, as students are learning the basics of their Chromebooks, they are also learning how to navigate the internet safely.
As students use devices more regularly at school and at home, Bremen Technology Coordinator Melissa Miller tells EdTech that instilling students with these skills is more important than ever.
“It’s important that students understand not only how to protect themselves, but also that whatever they put on the internet will be out there forever,” says Miller.
In addition to teaching them how to maintain privacy, digital citizenship can teach students — and teachers — how to recognize threats on the internet.
To better illustrate this, Google partnered with ISTE to create a game-based approach to helping students identify hackers, cyberbullies and scammers. The tech giant even set up a free online course to teach educators about establishing strong passwords and avoiding harmful downloads.
2. Be Aware of Phishing Risks
While research indicates that users are becoming even better at recognizing phishing emails, scammers are getting better at tailoring their attacks to the education sector.
With schools frequently using productivity suites like G Suite for Education and Microsoft Office 365, they are particularly vulnerable to recent spear phishing attacks that look like a Google or Microsoft alert.
Early this year, a Google Doc phishing scam notified users that a document had been shared with them, a notification that many K–12 users are used to getting on a daily basis.
Levin tells THE Journal that K–12 leaders should regularly educate their users on phishing scams and basic safety.
3. Focus on the Importance of Backups and Updates
For all internet users, backups are a great first step to staying protected from hackers and scammers.
“Backups are the first defense to keep hackers from profiting from a ransomware attack — a strike that locks down a server’s data through high-level encryption,” writes David Hutchins, CDW•G vice president of K–12 and higher education, on EdTech. Hutchins recommends that users back up all critical information and store it on an offline device.
Software giants like Symantec also recommend that K–12 IT can stay prepared for any new threats by keeping operating systems and anti-virus programs up to date.