Learn more about the importance of cyber safety, best practices and free resources to help ensure you’re not the next victim.
Schools provide the support needed to help ensure a brighter future for millions of students across the country. Unfortunately, with such a huge responsibility on your hands—and the large amount of sensitive data you may have stored—you could be a tempting target for cybercriminals who won’t think twice about holding your school ransom for a big payoff.
Think it can’t happen to your school? Think again.
Here are a few alarming statistics that you should know:
- A new cyberattack occurs somewhere on the web every 39 seconds
- 64% of companies worldwide have experienced at least one form of a cyberattack
- In 2021, it was reported that 1,043 schools were impacted by ransomware
Know your terminology.
With cyberattacks becoming more frequent, proactive cybersecurity starts with education, and knowing key terminology can be an important first step to becoming more cyber-aware and secured. The International City/County Management Association (ICMA) highlights a few definitions to know—and while ICMA is an association of city and county managers specifically serving local governments, these are terms that all entities should be aware of:
- Malware: malicious software that’s installed and can encrypt data and files, block user access, exfiltrate data, etc.
- Ransomware: a type of malware that encrypts sensitive data and files, followed by demanding a ransom to unlock the encrypted info.
- Phishing: a form of social engineering in which cybercriminals fish for victims by sending emails with promises, opportunities or threats to deceive victims.
- Spear phishing: a more sophisticated, targeted form of phishing which has cybercriminals using just enough information to make the victim believe the email came from someone known to the victim or another trusted source.
- Brute force: when an attacker uses software to continuously “bang away” in an attempt to gain access to a victim’s computer, network or IT system.
- Zero-day: an attacker’s identification of a weakness in a network or IT system. One example includes defects in outdated software versions.
- Denial of Service (DoS): an attack that sends massive volumes of traffic to overwhelm an organization’s website or server.
- Distributed Denial of Service (DDoS): a type of DoS attack that uses multiple computers simultaneously to shut down a website or server to all users.
As these threats continue to impact schools across the country, let’s take a moment to look at a few real-life examples.
Baltimore County Public Schools
Baltimore County Public Schools faced a ransomware attack in November 2020. The attack happened during full-time virtual learning, and brought Maryland’s third largest school district to a halt—cancelling virtual learning for 115,000 students for several days. A day before the attack, a state audit found “significant risks” within the system’s computer network as it was not adequately secured, and personal information wasn’t properly safeguarded. A year following the initial attack, it was reported that the cost of ongoing recovery totaled nearly $9.7 million.
The impact of this attack was still being felt in 2022, too. When the hackers hit the school system, retired teachers were unable to change their medical insurance payments—even when they changed policies. This continued for more than a year following the attack and affected up to 9,000 retirees, and in some cases, retired teachers were owed thousands of dollars.
Clark County School District
In August 2020, during the first week of school, Clark County School District (CCSD)—the fifth largest school district in the country—was targeted by hackers when computer systems became infected with a virus prohibiting access to certain files. When officials refused to pay a ransom to unlock the district’s computer servers, the hackers published documents containing social security numbers, student and employee names, addresses and grades.
One month following the ransomware incident, CCSD started to receive reports of individuals getting phishing phone calls from numbers that appeared to be connected to the school district. These calls appeared to be a third-party spoofing caller ID and used robocalls to attempt to phish and demand payment—a great reminder that phishing attacks don’t always come in the form of email!
Broward Country Public School District of Florida
In March 2021, Broward County Public School District of Florida experienced a ransomware attack that had hackers demanding $40 million in ransom. After refusing to pay up, the hackers published nearly 26,000 stolen files—many of which contained accounting and financial records, and confidential employee and student information.
An investigation into the breach found that access to the school network was first gained by unauthorized individuals in November 2020, with the ransomware being deployed in March 2021. It was also revealed that the district withheld details and delayed notifying potential victims of the cyberattack—putting them in the media’s spotlight.
The road to recovery
The recovery process can vary—in some cases dragging on for months and even more than a year—and in instances where you pay hackers’ ransom demands (which is never encouraged), the time it takes to restore and upgrade equipment can still be significant. In addition to the disruption to your school day, the cost of a breach can rack up millions.
In fact, according to IBM’s annual Cost of a Data Breach Report—which studied over 550 data breaches worldwide—the average cost of a breach rose from 4.24 million in 2021 to 4.35 million in 2022 (with the average cost in the U.S. alone being $9.44 million). To calculate this number, four elements were taken into consideration: detection and escalation, notification activities, post breach response and lost business.
While these numbers are alarming enough, in some high-profile and extreme cases, they can be even higher. For example, the 2020 attack on Baltimore County Public Schools that was detailed above.
So, how can you avoid falling victim? While there’s no one-size-fits-all solution, there are various strategies you can put in place to minimize your cyber risks. Consider the following to help keep your data safe and secured.
1. Minimize vulnerabilities and the risk of operational disruptions
Following the ransomware attack on the Colonial Pipeline in May 2021, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released an announcement with recommendations to help prevent business disruption from an attack and mitigate vulnerability.
While these recommended strategies are aimed toward the critical infrastructure industry, this information is relevant to almost all business and public entities—schools included.To reduce your risk of compromise:
- Require multi-factor authentication for remote access to OT and IT networks
- Enable strong spam filters to help prevent phishing emails
- Implement a user training program and simulated attacks for spearphishing
- Filter network traffic to help prevent access to malicious websites
- Update software such as operating systems, application and firmware on IT network assets regularly
- Limit access to resources over networks, especially by restricting Remote Desktop Protocol (RDP)
- Set antivirus/antimalware programs to conduct regular scans
- Implement unauthorized execution prevention
- Implement and ensure network segmentation between IT and OT networks
- Organize OT assets into logical zones
- Identify OT and IT inter-dependencies and develop workarounds or manual controls
- Regularly test manual controls
- Implement regular data backup procedures on both the IT and OT networks
- Ensure user and process accounts are limited through account use policies, user account and privileged account management
- Isolate the infected system
- Turn off other computers and devices that share a network with the infected computer(s) that have not been fully-encrypted by ransomware
- Ensure your backup data is offline and secure
2. Learn to spot phishing emails
Did you know that more than 90% of all cyberattacks begin with phishing? Being able to identify these types of emails will be critical. Here are 4 red flags to look for:
- Unknown email sender
- Email requests personal or financial information
- Email wants the recipient to respond immediately or makes an urgent request for information (be on the lookout for upsetting or exciting statements asking you to act fast)
- Email wants the recipient to open an attachment or click a link unexpectedly (hover your mouse over the link to see what website URL appears)
3. Find additional cyber resources
Visit our cybersecurity site for even more free valuable tools and best practices to help keep your school safer online.
Just one cyber breach can have you spending millions, impact your school and its mission, and damage your reputation. Don’t wait. Now is the time to make sure you have established policies and plans in place to better protect yourself from cybercriminals.
Richie Almeida, Integrated Marketing Specialist
Richie is an avid movie goer with an addiction to Sour Patch Kids. If he isn’t at the movies, he is at the gym or on a hike trying to make up for his bad eating habits.
The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.
Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.
It’s important to make sure your website is able to serve everyone—or you could find yourself in legal, financial or reputational trouble.
As teachers continue to take on more this year, school leaders should keep teacher burnout top-of-mind. Consider these 4 tips to better support your team.