It is common to hear people say, “COVID 19 has changed everything.” This is not hyperbole, but in the realm of cybersecurity, there is no greater truth. Security operations across the world have been overstressed and called to new threats on a constant basis as nearly every institution has moved from working on small local networks to large virtual private networks involving the home networks of their users.
One of the institutions most affected by this has been the nation’s schools. For years, schools have typically operated as an on-site entity with little-to-no focus on threats to their computer networks, as the computers were not considered distinctly vital to their primary mission, teaching the student. This – obviously – has changed.
Kids Do the Darndest Things
I used to work for a company that provided the IT infrastructure for hundreds of schools. As director of security for that company, we were regularly involved in students causing major security incidents. Most frequently, it would be students sending emails with inappropriate content, much of which would have legal concerns, but also with teachers and kids unintentionally (and intentionally sometimes for the latter group) introducing viruses and malware to the network.
Due to the sensitive nature of the privacy of minors, and communications related to those minors, there was only so much we could do once someone caused a major incident. Unlike major corporations where we could scan their emails for issues and act before, with schools we needed to proactively get in front of threats without invading the privacy of students and teachers.
Now What?
Now, hackers know that if they take out a school via ransomware (the insidious practice of making entire networks unusable without first paying a ransom), they will interrupt the very fabric of education in a region. Recently the Baltimore County School System fell victim to a ransomware attack, shutting down the computer network for nearly 115,000 students, forcing a school shutdown for several days.
The pandemic has increased the cadence and violence of cyberattacks over 400% of the last year, and that will not be slowing down any time soon. Educational institutions have never been a bastion of cybersecurity, focusing – rightfully so – on the protection of students from a physical perspective.
What to Do
Cybersecurity awareness and practice is paramount to the operations of absolutely any and all institutions in our current times, and education may be one of the most overlooked and important. Just as schools teach their students and teachers how to act during a fire-drill or protect against strangers, schools must now teach and protect against threats to the school via the Internet, not just social media or bullying, but the attacks against the school by actual criminals looking to take the school down for profit.
All schools should be educating their faculty and students on cybersecurity threats, how to recognize them, avoid them, and report them when they think they have seen them. Moreover, the institutions themselves need to take an honest look at their security posture, or lack thereof. It should be assessed by professionals on a regular basis, and the findings of those assessments should be implemented, post haste.
here to help.
Not-For-Profit Services
