When Your K–12 School Gets Targeted by Ransomware

When you think about the state of IT at your K–12 institution, you might not consider yourself a prime target for hackers. The facts may astound you. According to a report from SonicWall, ransomware attacks grew from only about 4 million in 2015 to almost 167 times that amount, 640 million, in 2016. Another report by Bitsight showed that 13% of educational institutions they looked at had experienced a ransomware attack in the last year. Government, the next highest sector, was at only 5.9%.

Ransomware attacks happen when an attacker seizes enough important pieces of your network that they are effectively able to hold it hostage. You get locked out, and the attacker threatens to delete all of your data if you don’t pay them a fee. The alternative to paying the fee is to wipe your network and reconfigure from square one, which can set you back months

The fact of the matter is that K–12 school internet is a prime ransomware target, and organizing an aggressive plan for response is critical. The tactics that hackers use are simple but effective, so awareness and a readiness to respond are keys to survival. The good news is—with proper training, infrastructure, and planning—you can significantly manage risk.

Why K–12 Schools Are Targeted

Despite being a not-for-profit entity, K–12 schools are prime targets for attackers. Between administrators, teachers, staff, and students, there’s a wide variety of users for an administrator to juggle, and those users have different levels of experience that an attacker can exploit. Turnover from transfers, graduations, and staff changes adds to the chaos, which can disguise malicious activity if they have the right credentials.

Furthermore, schools possess a great deal of data that can be valuable to hackers. From payroll to health records to coursework, a K–12 school depends upon the information on its network like never before, and hackers know it.

IT departments at K–12 institutions are often understaffed and operating on a tight budget. As a path of least resistance and expense, it can be tempting to keep the status quo when maintaining and optimizing the network. This approach may be easier and less costly in the short-term, however, the result is often an insecure network with things like unprotected devices, out of date software and no solid contingency plans in the event of a breach. This is a network just waiting to be exploited.

The Training Challenge

When it comes to ransomware attacks, by far the most common attack method is phishing. This involves sending an email or link that the user thinks is legitimate but actually does something malicious once clicked. For example, it could be an attachment that looks like a PDF but installs a Trojan Horse program. Or, it could be a fake login screen to capture user ID and password information, even your 2-factor authentication code. Attacks are becoming more sophisticated, and are behind many recent high-profile hacks. The key to network protection is to train your users how to tell when something’s not right, but at a K–12 school, each user group may possess their own unique type of risk.

Students often have little invested in keeping your network clear of threats and operating effectively. In fact, for a K–12 institution, they can represent a significant threat to network security. Whether it’s trying to delay a test, change a grade or even if they simply fall prey to curiosity, students have the time, access, and motivation to do some damage. Many students don’t feel ownership of the network, so discerning whether an attachment or script is questionable isn’t even on their radar. The challenge, in this case, is not only training students how to exercise care of the network but also helping them understand why they should care about network security.

Staff members, on the other hand, are sometimes individuals who have been in their roles for a long time, before technology became vital to day-to-day operations. While these tenured teammates may be experts in their field, they may also be technology novices who do a poor job of discerning the safe vs. dangerous as they encounter online threat potential. Training the tenured and potentially less technology-savvy on the team requires a great deal of clarity and a patient focus upon network technology, risk, cyber-security and their role in the overall health of the network. They will likely intuit the importance of exercising care but may require technical support to do so.

Making Operational Changes to Protect Your Network

According to John Wood, CEO of the cybersecurity firm Telos Corporation, winning the training battle is key: “If you can train your students, teachers, and administrators what to look for in a phishing attack, you’re going to solve a lot of cybersecurity issues.” You need to get people to buy-in, and that starts by making the case that phishing is a real and ever-present danger. Pulling some recent headlines can do that quickly and effectively.

Beyond that, you should have a written plan for responding to an attack so your focus can be executing upon a solid plan instead of creating one in the midst of disaster. Establishing a security task force for your district can help you refine that plan, and give other departments who can help (like HR) a seat at the table. This enables others to provide input but also enables you to impress upon them the amount of risk that must be managed, and their role in that effort.

After training, the second most important resource is a great backup system. Going to the cloud is best because your resources are offsite and independent from the attack upon your network. Getting back up as a service means you know your critical and confidential data won’t be at risk if you decide to stand up to an attacker’s demands.

Finally, do what you can to prioritize patching and upgrading old devices and software on your network. Take the time to be comprehensive—if a vulnerability has been published, then a hacker will be looking for a place to exploit it. When replacing something simply isn’t possible, you need to at least take proactive steps to limit the damage it can cause.

What You Can Do Right Now

Ransomware attacks are exploding in popularity, and K–12 schools are a prime target. Because they have a wide variety of users, IT budgets are stretched thin, and they’re extremely reliant upon the private data they keep on their network, K–12 institutions are vulnerable and must take precautionary steps. To combat this threat, it is essential to train users to recognize a phishing attack. Combining this training with a response plan and a reliable data backup strategy will make your network survivable in the event of an attack.

  • Understand why K–12 schools are targeted: a wide variety of users, mission-critical data, and a shoestring IT budget.
  • Be proactive about training your users to discern threats.
  • Work with other departments to implement solutions.
  • Have a solid cloud backup plan in place so you minimize your losses if disaster strikes.
Follow Me
Latest posts by Matt Daniel (see all)
Scroll to Top