Over the last two years, instances of cyberattacks against schools have been on the rise, putting sensitive student data at risk of hackers. However, this year has seen the risks balloon.
With the COVID-19 pandemic forcing many students to shift to remote learning, hackers have capitalised on the chaos by finding new ways to attack students and teachers who are now more vulnerable than ever.
Oliver Noble, a cybersecurity expert at NordLocker, says one of the most popular tactics hackers use is phishing emails that trick students and their parents into giving away personal information to cybercriminals who impersonate school staff.
“Schools and universities are an attractive target because they usually lack digital protection, and their systems might run on outdated software,” Noble told The Educator.
“Hackers look for the weakest link, and unpatched vulnerabilities in an organization’s system or unsecured Wi-Fi networks don’t usually take long to find”.
Noble said cybercriminals are also aware that not many educational institutions are lucky to have a full-time employee who is dedicated to cybersecurity and privacy.
“The school’s IT staff might not have enough sufficient knowledge and experience to effectively manage cybersecurity and develop effective training for the rest of their colleagues,” he said.
“One might think — why would a hacker need some student’s information? A student’s stolen Social Security number can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live”.
Noble said this is very appealing to hackers who sell stolen credentials and PII (personal identifiable information) on the dark web.
How principals can respond to the threat of hackers
Even though school principals can’t usually do much in providing cybersecurity themselves, Noble said they can plan a strong strategy for other members of staff to follow.
“Some of the steps that school principals should implement include organising engaging and ongoing cybersecurity training for all school staff, and making sure that a dedicated IT person creates and follows basic cybersecurity protocol,” he said.
Noble said the latter of these should include password management of school equipment, Wi-Fi protection, and other important online safeguards.
“Schools should also check their school’s third-party contractors and providers thoroughly,” he said.
“Third-party breaches have been a problem impacting educational institutions for quite some time”.