Listen to this blog (6 mins)
As important as it is for schools to focus on physical threats such as fires and extreme weather, cyber-attack threats are equally important, but often overlooked by many schools. “The growth rate we’ve seen over the last few years [goes] from around 100 of these attacks… reported in 2016 to 400 in the most recent year… reported, which is 2020,” says Chris Noell, Chief Product Officer of Raptor Technologies.
On an episode of School Safety Today, Chris Noell discussed what it means to have best-in-class IT security requirements to reduce the likelihood of breaches occurring to your school. A summary of the discussion is below. Listen to the full podcast here.
What types of cyber threats should schools be aware of?
- Spear phishing attacks occur when cybercriminals impersonate others to obtain access to private information from the victim.
- Ransomware is a type of malware that encrypts the victim’s data and requires them to pay a ransom to regain access to it.
- Data breaches occur when a person or an organization’s data is obtained and/or shared without their consent.
Cyber-attacks are becoming more common and the severity of them is on the rise. In fact, ransomware and spear phishing attacks can cost schools millions of dollars if not mitigated properly. Data breaches are one of the most common types of cyber incidents and can result in many long-term issues like identity theft for students and staff whose personal information was stolen by cyber criminals.
How do cyber-attacks disrupt the learning environment?
Cyber-attacks can affect entire communities. In fact, schools can face financial liabilities and a loss of trust from staff and students whose information was stolen. In 2018, cybercriminals stole the personal information of about 500,000 San Diego Unified School District students (including former students from as far back as 2008) and staff. When incidents like this happen, the information obtained can be used for a variety of purposes, including opening credit card accounts in someone else’s name and filing fraudulent tax returns.
Are some schools more at risk than others?
Enrollment size of a school district, whether small, medium, or large, does not appear to affect the likelihood of being targeted with a cyber-attack. However, research suggests that some community types (city, suburban, rural) may be more prone to cyber-attacks than others. For example, according to the K-12 Cybersecurity Resource Center, from 2016-2020, Suburban communities had a higher percentage of schools who were victims of cyber-attacks than Rural communities, despite having fewer school districts in total. On the other hand, cyber security threats often go unreported, so regardless of what type of community a school district is in, it is important for all districts to take their cyber security seriously.
How can schools protect themselves?
Most of the data breaches that occur are not breaches of the districts’ systems themselves, but rather, the systems of vendors that the district is working with. Therefore, it’s important for schools to consider not only their security, but also the security of anyone they may be exchanging information/data with. Conducting a third-party audit on vendors is a great way for schools to ensure they’re partnering with the right firm. Additionally, some districts may choose to add vendor security questionnaires as part of their contracting process.
Schools should also consider reviewing the National Institute of Standards and Technology’s (NIST’s) Cyber Security Framework, (CSF) as many schools across the country use it as a baseline and in some states, it is even required by law for schools to use the framework as a standard to follow. The Cybersecurity & Infrastructure Security Agency (CISA) has some K-12 specific guidance that contains useful information regarding common cyberattacks that target K-12 schools and districts.
Lastly, the K-12 Cybersecurity Act was signed last October, and its enactment will provide K-12 administrators with a toolkit that will help them implement a new cybersecurity guideline specific to K-12 schools. “[In] April, we should see the guideline published and roughly around August, that tool kit should become available” says Noell.
Raptor’s commitment to cyber security
It’s important to partner with vendors who have the expertise and resources to ensure your student, staff, visitor, and volunteer data is protected. Raptor has a comprehensive security program and follows industry best practices to protect your data behind multiple safeguards, like ensuring two-way data encryption both at rest and in transit; conducting annual system security audits; and continuously monitoring log-ins.
To learn more, contact us today or submit a request to schedule a personalized demo.
