Keeping Schools Safe from Cyber Threats on Holiday Vacation

Keeping Schools Safe from Cyber Threats on Holiday Vacation

With the holidays approaching, students and teachers are going to be looking forward to the break that comes along with them. Unfortunately, teachers and students are not the only ones who enjoy the holiday breaks that come with education. Hackers capitalize on the fact that students and their teachers are preoccupied with exams and getting ready to leave their classrooms for the holidays. This gives the hackers plenty of time to launch cyber attacks. These attacks are especially dangerous because staff will be out of school for the holidays and may not notice when the breach happens.

The most common cyber attacks we have been seeing around the holidays in the education sector are ransomware attacks. The attacks allow hackers to seize files and other information that contains sensitive data. After gaining access, the data is encrypted, and the victim is forced to pay a ransom so that the information is returned. A single ransomware attack can lead to the theft of student and staff medical records, financial information, and social security numbers.

A recent study found that ransomware attacks on schools have increased by 65% in the past two years. This number will likely increase around the holidays because hackers will be patiently waiting for the internal IT departments of schools to be preoccupied with last minute holiday requests from staff and students. The staff and students will also be distracted by the prospect of a holiday vacation coming up. They will be distracted and may not notice the phishing email that they have just opened or the malicious link that they have clicked. With the holidays and the new year coming very soon, schools need to have a disaster recovery plan set up as well as thorough training in place for staff and students about the cyber risks they may face.

Here are some cybersecurity tips to keeping schools safe during holiday vacation.

Have a disaster recovery plan in place for your school.

Setting up disaster recovery will ensure that even if there is a major disaster, a copy of the data will be available for a quick and easy recovery. If your school invests in a cloud-based disaster recovery plan, there will even be backups available for when the school is closed for the holiday break.

Cloud based disaster recovery can ensure data retrieval for large scale cyber attacks, but it also can cover data recovery for other events such as natural disasters and power outages. Cloud based disaster recovery for schools can be set up with a managed service provider like Tekscape through our TekCloud service.

Properly educate teachers, staff, and students on cybersecurity threats to schools.

It is commonly thought that a school’s internal IT team should be the first line of defense against cyber threats. This is somewhat truthful, but it is often very hard to find dedicated cybersecurity professionals to work at schools with the budget and funding available. 

Schools need to make educating staff, teachers, and students on cybersecurity a priority. Like school fire drills, cyber attack drills can train staff to deal with an actual threat. It will also train them to spot threats outside the school, for example when checking their email or logging into the school network on holiday break.

School staff and students should also receive regular training on the most current cybersecurity practices. This will allow them to be knowledgeable about the latest security threats. A lot of this training will focus on spotting phishing emails which are rampant this time of year. The current trend of phishing attacks against schools appears to impersonate popular company names as well as colleagues’ names. 

The emails often contain mundane subject lines such as “budget” or “COVID-19 updates”. When these emails go unnoticed and are opened, they often contain malicious links and that is where ransomware and malware attacks originate from. Making sure staff and students are aware of these threats will decrease the number of attacks. Just remember to remind them to practice them when they are home for the holidays as well.

Keeping Schools Safe from Cyber Threats on Holiday Break
Keeping Schools Safe from Cyber Threats on Holiday Break

Implement a strong password policy for staff and students.

Password sharing, though dangerous, is extremely common among students. As a best practice of good cyber hygiene, schools need to implement a strong password policy for staff and students. Provide both parties with a password manager and emphasize the dangers of what can happen if passwords get compromised. 

Students and staff should change their passwords every three months, never share them, and always use a large combination of letters, symbols, and numbers to create them. If this is hard to do, consider encouraging them to use a password generator.

The main reason for keeping schools safe from cyber threats on holiday vacation is the education sector spends more time recovering from ransomware attacks than any other. Twenty eight percent of school IT staff say that they need at least six days on average to recover. Cybersecurity professionals have also reported that the negative impacts of a cyber attack that occurs over the holidays are much worse. 

The statistics improve dramatically though if the school is working with a managed service provider. When working with an MSP, the schools reportedly only took one to two days to recover. Schools on average spend less than eight percent of their budgets on information technology and cybersecurity. 

If administrators do not want to spend the budget on internal IT, this might be another reason to work with an MSP. MSPs are often more cost-effective than hiring internal IT staff because the work associated with MSPs is scalable.

When looking for a managed service provider for your educational facility, consider Tekscape. We are a nationally managed IT service provider that works with K – 12 schools and charter schools. Besides offering managed cybersecurity for schools, our services also include network, collaboration, servers, and cloud computing. We are located in New York and Florida but work with schools all over the country. Have a happy and safe holiday and a prosperous new year!