As COVID-19 cases continue to surge across the nation, there is no clear timeline for students to return to their school campuses. Cybercriminals have been given the perfect opportunity to attack. Due to the lack of protection against these threats it can cost schools time and money to rebuild their IT infrastructure and cause a disruption to student’s learning. Continue reading to discover the most common cybercrimes and how can you prevent them in your school?.
In mid-Septemeber 2020, Newhall School District in Los Angeles County, California experienced a ransomware attack. This attack disabled the school's server and email, which completely halted online learning across all 10 of the district’s elementary schools and affected around 6,000 students
Ransomware is exactly what it sounds like: asoftware designed to infect your computer and hold your infrastructure hostage with the demand of a payment for the information to be released.
About a month later, Yazoo County School District in Mississippi had a similar attack. The ransomware their servers were infected with encrypted their files leaving the school helpless. Although measures were taken to unlock the encrypted files, the school board voted to pay $300,000 to recover their data.When ransomware infects a system, you can guarantee the result will be costly. Even if a school chooses not to pay the ransom, the costs to recover the backup, decrypt files, and repair the system are significant.
How to Prevent This:
Ransomware attacks typically come from cybercriminals tapping into your network manually, or by sending links or documents in emails with the ransomware embedded for staff to click. The software
To prevent an attack on your infrastructure, ensure you have a robust securityset-up including firewalls and endpoint protection. It is also crucial to regularlyscanyour network to identify security gaps and fix them in a timely manner. To protect your school from malware embedded in emails, use email filtering software and train your staff to not open any attachments or links in emails. In the event that your school’s network is infected with ransomware, make sure you have current data backups that can easily be recovered to save your school time and money.
Phishing scams take form in emails, disguising themselves as credible sources attempting to trick the recipient into giving out their personal information or extorting money. In fact, researchers at Barracuda, one of the country’s largest IT security companies, discovered that there were attacks on over 1,000 educational institutions from June through September 2020.These attacks are often sophisticated, come from legitimate-appearing organizations, and create a sense of urgency causing the potential victim to be less careful.
One educational institution that fell prey to a phishing scam is Manor Independent School District in Manor, Texas. An employee received emails that appeared to be coming from one of the district’s vendors with a request to change payment instructions. Three separate transactions had been sent from the school, totaling over $2.3 million, before they realized the bank account information was different.This email was sent to several people within the school district, and it only took one person to believe the email for this attack to occur.
How to Prevent This:
Unfortunately, phishing scams are becoming increasingly sophisticated and targeted making them more difficult to identify. To protect your school against this, use an email filtering software that will quarantine emails that appear suspicious or have known malware strains.
Training your staff is equally as important, as it only takes one person in the school to find the email credible and for the phishing scam to be successful. Understanding how to identify a phishing email based on verbiage, types of requests, and included links could mean the difference between being safe or under attack.
Additionally, it is wise to create a procedure to change certain things like payment information if the initial contact finds it credible. For example, if Manor Independent School District hada requirement to speak to the vendor over the phone before changing payment information, the phishing scam would have been quickly recognized and stopped.
Zoom Bombing, or the practice of anonymous individuals joining Zoom meetings, has proven to be a problem for K-12 schools across the country. While those who Zoom Bomb do not attempt to extort money from schools, unlike most other types of cybercrimes, the effects can be just as damaging.
Boston Latin School experienced this first-hand in Mid-November 2020, when an unknown participant joined one of their virtual classes and began spouting racist, derogatory, and explicit content. Although the instructor promptly ended the session, the damage had already been done.
Earlier in the school year, a 4th grade class in Leander, Texas had a similar experience. The unknown assailant was admitted into the class under a student’s name and displayed inappropriate content “for about a minute before the teacher was alerted and ended the meeting” as described by the elementary school principal, Shelley Roberts. Although this type of cybercrime is not as cut-and-dry as theft, there are state and federal charges that can be brought against those who Zoom Bomb. In early April, Madison, Connecticut became the first to arrest and charge an individual for this act.
How to Prevent This:
Although Zoom is not a particularly secure platform, there are some settings that can be enabled to help prevent unwanted participants from interrupting class. Using unique IDs and password for each class session, the waiting room feature to manually admit students, invite only classes, and host only screen sharing are just a few of the settings that can be enabled.
Educators should also pay attention to the number of participants in class versus the number of students enrolled to determine if someone else has entered their meeting. Schools can also move to more secure platforms than Zoom for their online learning, like Microsoft Teams, to help prevent zoom bombing and maintain a safe learning environment.