Cybersecurity in Remote Learning Environments
Today, many schools are still operating hybrid or remote learning environments. Although this shift was necessary to reduce the spread of COVID-19, it has also made school networks – and sensitive data – more vulnerable to potential security risks. In fact, prominent cyberattacks in the past year have included:
- Baltimore County Public Schools had to cancel virtual learning classes for its more than 115,000 students due to a ransomware attack just before Thanksgiving, 2020.
- Huntsville City Schools, one of the largest school systems in Alabama, closed for a week following a ransomware attack in early December 2020.
- In February 2021 the Victor Central School District in New York closed for several days due to a ransomware attack.
The FBI recently issued an advisory about the rise in cyberattacks on schools. “Cyber actors likely view schools as targets of opportunity,” it said, noting that schools should consider this risk when planning their cybersecurity budgets.
It additionally describes some of the types of cyberattacks that have targeted schools.
In Ransomware attacks, such as those noted above, hackers threaten to expose student data or they lock down computers – including distance learning functions – until a ransom is paid. The attacker uses malware to encrypt files, locking them until the attacker’s demands are met. Tech & Learning reported that more than 1,600 schools were targeted by ransomware in 2020. The FBI, along with the Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center, said nearly 60 percent of ransomware incidents between August and September 2020 involved K-12 schools, which was nearly a 30 percent jump from the previous two months.
Distributed denial-of service (DDoS) are attacks that occur when the attacker temporarily limits or prevents users from conducting daily operations by making online resources sluggish or completely unresponsive. This is often done by flooding a web site, server or app with so much information it ties up the bandwidth and prevents other systems from connecting.
Video conference disruptions, also described as “zoombombing,” occur when an outside person crashes a remote learning class. The FBI and Department of Homeland Security have received reports of outsiders crashing remote learning calls and verbally harassing students and teachers, displaying pornography and/or violent images, and “doxing” meeting attendees (publishing personal information about them on the internet). Attackers may use student names to trick hosts into accepting them into the sessions. Attacks in 2020 led some school districts to temporarily ban schools from using Zoom.
So why have attacks on schools become so prevalent? In an interview with Education Week, Doug Levin, the founder and president of the K-12 Cybersecurity Resource Center, said several things have contributed to the rise, including more teachers and students being online and logging in from environments outside of the school which may be less controlled. These activities increase the potential for an attack. He also noted schools may not have the same level of IT support now compared to before the pandemic because IT staff may be dealing with a flood of other tech issues due to remote learning.
How to prevent attacks
The good news is there are many steps schools can take to protect their networks, including training students, staff, administrators and parents on what to do and what not to do. Here are a few suggestions from The New Jersey School Boards Association, UC Berkeley and EdTech Magazine:
What IT teams should do:
- Set strict creation policies for student and staff passwords such as requiring eight characters, upper and lower case, and encouraging using passwords that aren’t easy to guess. Have passwords set to expire on a regular basis. Set up administrative passwords to prevent students and staff from installing programs on their computers.
- Make sure the firewall is up to date and that servers, devices have the latest anti-virus and malware detections software, that they are backed up regularly and the software is regularly updated.
- Separate the student network from the administrative network so students can’t access the administrative network.
- When allowing access to the school’s wireless network, require students to use their individual network passwords rather than a shared password.
- Scan systems for sensitive and high risk information such as social security numbers and health records to ensure that the data is in the most secure space. Have technology in place to wipe that data if needed.
- It’s also important to have the right web filters in place. Impero web:check helps keep students safe by filtering URLs on school devices, even when students are not on the school network. It uses an AI categorization name service (CNS) to comb through all HTTP, HTTPS and FTP web traffic and block inappropriate material. It also protects school networks from encrypted traffic, including virus-based threats.
What students, staff and parents should do:
- Log out of the computer every time work is finished. Don’t share passwords.
- Don’t click on links or files in an unknown email, or in an email from a known sender who typically doesn’t share links or files.
- Remind students to never share personal information while online, and teach them about the importance of keeping their passwords secure.
- When doing distance learning from home, make sure the home’s WiFi includes encrypting and a strong password to restrict outside access.
- If a student is using a personal device for their distance learning, parents should make sure parental control features are on and antivirus protection is installed. They should run regular virus scans and keep software up to date.
Preparation and education is a key component to preventing cyberattacks. Impero Software’s solutions such as Impero web:check keep devices protected and student information safe, both in the classroom and during distance learning. To learn more about how Impero web:check keeps networks safe, visit us online or book a demo below.