It happened again – news of another school district being hit by a cyber attack (see here and here). Like many cyber attacks in recent years, the school district’s network, systems, communications, and internet have been shut down. Couple that outage with the additional risk of the sensitive personal data of students and staff being compromised, a bad situation can potentially turn into years of struggles for those impacted.
According to the K-12 Security Information Exchange 2020 report, there has been a sharp uptick in publicly disclosed cyber attacks. In 2020 alone, there were 408 unique attacks against schools that ranged from ransomware to phishing schemes to data breaches. While that number might not seem large, consider that it does not cover the number of schools, but the districts or institutions. It also only lists the publicly disclosed attacks – there are likely many more that went unreported.
With the prevalence of these attacks, it’s important to examine a few of the areas that a district would be hindered by during a school cyber attack and the impact of those systems being down.
This may likely be the area impacted least from a cyber attack. It would require an adjustment, but teachers and students can typically adapt to cover the curriculum. The challenges and issues from the attack, however, extend far beyond the classroom.
Phone Systems Down
Many schools that have upgraded their phone systems in the last decade now operate on VOIP (voice-over-IP) systems, making them all networked devices. If these are taken offline, classrooms are unable to communicate to one another, to the office, to call out to parents, or even call out to 911 in case of an emergency. During an outage, school staff is wholly reliant on the use of cell phones, which is then limited to the numbers you have access to in your address book or recorded somewhere (paper or memory) and the strength of their cell signal.
Email Outage During a School Cyber Attack
While district-wide email outages might not directly impact the student-teacher relationship, it most certainly will have a significant impact on faculty and staff communications. As with any larger and multi-site organization the ability to connect and coordinate via email has become a vital part of our day-to-day work lives.
In a school setting, we often think solely of the in-classroom activities but overlook the administrative actions that are required to make things run: ordering food and equipment, invoicing, recording and reporting student information. All of these require some method of connection and communication.
How a School Cyber Attack Affects School Security
Similar to the phone systems, school security measures often rely on district-wide communications. If a district-wide lockdown order is issued, that is often able to be addressed and initiated from a central location or at the very least, the order given via mass notification and the local schools initiate their own lockdown procedure and protocol. In the event of the phone systems being down, the process of initiating that notification could be significantly hindered, slowing response time.
As noted in the news story at the beginning, that particular district had to close all of the schools in their district to any visitors due to the inability to use their visitor management system (which runs a quick check on all visitors seeking to enter the school).
Data Breaches from a School Cyber Attack
In addition to the challenges of systems being offline throughout the school or district, the threat of personal information being stolen is a very real scenario to consider as well. Oftentimes, student and faculty files can contain date of birth, social security number, medical information, home address, and parent contact information.
What To Do
Looking at some of the impacts of a cyber attack, what can be done to strengthen your school or district’s defenses?
If you are a Superintendent, IT manager, faculty member, or concerned parent, it’s a valuable question to consider.
In a recent study by IDG (a well-known technology media group), they found that, “90 percent of those interviewed felt they were falling short in addressing the cyber risk.” So if your staff isn’t completely sure that they have everything covered, you wouldn’t be alone, there are almost always areas that can be improved upon.
This is where Diamond IT can help.
With solutions like our Co-managed IT services, we can work with your school or district’s IT team to expand and improve your capabilities against cyber threats, as well as help in other IT-related tasks.
Rather than going through the process of hiring direct staff that specializes in cyber security or another area of need, you can partner with a team of experts that work alongside your IT department to advise, strategize, and implement the solutions you need most. What’s more is that the workload can ebb and flow along with your district’s needs.
To learn more about how co-managed IT can help your district, check out our recent post here. Or if you would like to set up a call to discuss your needs, click here.