Cybersecurity Resources for a Successful 2024-25 School Year

Security, protection, password, search, data, login, lock!, 100%Since the COVID-19 pandemic, remote learning and educational technology have become more important than ever. K-12 schools are a prime target for cybercriminals. You can improve your school’s security posture by implementing a few key steps and including your administrators, teachers, students, and parents in your security plan.

Schools are vulnerable for several reasons:

  • Valuable student and teacher data, which can include names, home addresses, and birthdays
  • Previous successful ransoms that put school’s data at risk
  • Limited IT staff and cybersecurity training for staff and students
  • Hackers targeting trustworthy .edu emails

According to a 2022 study, the most reported K-12 incidents from 2016-2021 were data breaches, ransomware, business email compromise, distributed denial-of-service attacks, invasions, and more. A similar report showed these incidents, as well as student and teacher data breaches, website and social media defacement, and online class and school meeting invasions.

The federal law K-12 Cybersecurity Act of 2021 was passed to help combat this problem and CISA (National Coordinator for Critical Infrastructure Security and Resilience) has created “Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity,” which provides school districts several resources specifically for K-12 leaders and IT staff.

According to this resource, some of the best strategies you can implement at your school are:

Utilize multifactor authentication

MFA, or multifactor authentication, requires the user to verify who they are more than once. This prevents cybercriminals from hacking into an account with just login information. MFA typically requires a one-time password, typically through your phone or email, to verify who you are, making it more challenging for hackers to access an account.

Prioritize patch management

Make sure to update software frequently and keep patching up-to-date. Missing crucial updates can create a security risk for cybercriminals to exploit.

Perform and test backups

If your school is caught off guard by a ransomware attack, having a full backup of your data can prevent you from having to pay the ransom.

Minimize exposure to common attacks

Schools can reduce their exposure to common attacks by ensuring that commonly exploited services like RDP (remote desktop protocol) and any unused services are disabled from outside the school’s network. Implementing a robust password policy for public services that are in use can also minimize risk.

Develop and exercise a cyber incident response plan

Having an incident response plan or a “plan of attack” for your school during a crisis can prevent further damage from occurring.

Create a training and awareness campaign at all levels

Prepare everyone at your school to protect their devices against these threats. Educate teachers, staff, administrators, and students (if given email access) about phishing schemes and provide anti-phishing software. You can routinely test these individuals and have them report any suspicious emails to the Anti-Phishing Working Group at reportphishing@apwg.org. The Anti-Phishing Working Group is a nonprofit organization that advises the United Nations on cybercrime and works to collect data to stop it.

Join MS-ISAC

The mission of the Multi-State Information Sharing and Analysis Center is to improve the overall cybersecurity posture of U.S. state, local, tribal, and territorial government organizations through coordination, collaboration, cooperation and increased communication.

MS-ISAC offers members incident response and remediation support through a team of security experts. They also develop tactical, strategic, and operational intelligence and advisories that offer actionable information for improving cyber maturity.

Benefits of joining MS-ISAC include:

  • 24/7 Security Operations Center
  • Incident response and digital forensics services
  • Monitoring public IP ranges and domains for possible compromises
  • Access to the Malicious Code Analysis Platform (MCAP)
  • Weekly top-malicious domains and IPs report
  • Ransomware blocking with Malicious Domain Blocking and Reporting (MDBR)
  • Access to cybersecurity table-top exercises
  • CIS SecureSuite Membership, including access to CIS Benchmarks, CIS-CAT Pro, CIS WorkBench, remediation content, and more

As cyber threats continue to evolve, we’ve learned the best defense is to prevent problems before they start. A cyber-secure school will foster a healthy environment for students to participate and learn. Using these resources will help make a bright and safe future for students across Oklahoma.

Learn more about cyber-safety at staysafeonline.org.

OneNet provides DDoS mitigation at no additional cost to our subscribers. Take advantage of the network benefits OneNet offers through our internet service suite.

By Bella Felton, Strategic Communications Intern, Summer 2024

Leave a Comment