Key points:
- Expanding classrooms mean IT leaders must prioritize network security as much as possible
- Here’s how to protect schools from cyberattacks in 2024
- Rising ransomware attacks on education demand defense readiness
- For more news on K-12 cybersecurity, visit eSN’s IT Leadership hub
Every time a parent sends their child to school, there’s a list of things they expect their child to remain safe from. That list probably includes protection from bullies, injuries during gym class, and probably rotten cafeteria food. In 2023, the internet is likely near the top of those concerns.
As the school year began this year, the White House announced several initiatives to curb cyberattacks on K-12 schools. This was in response to a 2022-2023 school year that saw eight major cyberattacks in American K-12 schools, four of which caused classes to halt or caused the school to shut down for good.
In response to this news, K-12 IT managers in the U.S. have taken a holistic approach to cybersecurity. This is especially true as more schools take advantage of WAN, or wide-area network, tools to support the expanding nature of classroom (or outside of the classroom) instruction. If school IT staff want their security plans to be successful and at the right scale, they’ll need security tools that account for a host of possibilities and, therefore, are based on zero-trust standards.
A more popular target
The rise in cyberattacks on schools came on the back of the pandemic as remote learning forced many school districts to “expand” the classroom, thereby (unintentionally) expanding the attack surface for bad actors. Now that many schools are back in the classroom, students may no longer be remotely logging onto computers for class instruction. However, they may still need to remotely access school websites or learning modules for homework, group assignments, or to check their grades.
A wider attack surface puts sensitive information such as student health information, parents’ personal information, student addresses, and faculty and staff information at risk. Also, even if students are accessing the internet at school, one wrong move could endanger sensitive information and cost the district a lot of money. The federal government reported that successful cyberattacks in 2022 ranged from $50,000 to $1 million in damages. With many districts across the country strapped for resources, a loss in this range could have significant consequences.
Types of attacks
To avoid the consequences of a cyberattack, it may help school administrators to know how cyberattacks usually originate. The U.S. Government Accountability Office notes four popular methods that bad actors use for cyberattacks:
Phishing: An attempt to access data or resources through a fraudulent solicitation in an email or on a website.
Ransomware: The use of malicious software to block access to computer or data systems. Usually, during these attacks the attacker requests a fee to release access back to the target of the attack.
Distributed denial-of-service attacks: The use of multiple machines operating together to overwhelm a target, thereby preventing or impairing the authorized use of networks, systems or applications.
Video conferencing disruptions: Attacks that disrupt teleconferences or online classrooms with malicious content. This usually includes pornographic images, hate images or speech, and threatening language.
Protecting a school from these attacks, or at the very least minimizing the damage, requires an in-depth network strategy with a zero-trust approach to cybersecurity at a K-12 school.
A wireless WAN and zero-trust approach
As the classroom expands for many schools–with more students accessing virtual classrooms at home, doing work on school-provided laptops, and even using school bus Wi-Fi to do work–it’s become more pertinent for IT administrators to prioritize network security as much as possible.
A growing number of schools are realizing that wireless WAN (WWAN), or the use of public or private cellular routers or adapters as a key component of their WAN infrastructure, is a great way to enhance connectivity at the network edge and make sure there is as little interruption as possible to the many ways in which classroom instruction has evolved. Even with greater connectivity opportunities with a WWAN, there still exist the security concerns plaguing many schools. This is why a zero-trust approach to WWAN is so important for students, teachers, and the IT personnel that manage school networks.
By default, zero-trust cybersecurity solutions give IT managers the power to decide who gains access to school networks. Also, even if a member of the school is authorized, the right network solution will allow IT managers to decide where each user can go in the network. Compare this to more traditional virtual private network (VPN) solutions, which require complex configurations and, by default, give everyone access to the entire network.
There are also specific security features that school IT managers should look for in their WWAN approach. For example, role-based internet filtering allows the IT manager to dictate where a student can go whilst on the school network and, thereby, filter the content to which they are exposed. Also, the right solution will isolate virtual meetings in the cloud, which prevents hackers from gaining sensitive information through a virtual meeting, even if they somehow obtain credentials to get into a meeting.
Speaking of isolation, security features such as remote browser isolation airgaps user devices from the internet. This means even if a student or faculty member falls for a phishing attempt, that attack will not result in access to the school network.
It’s also important that IT managers look for WWAN solutions that aren’t complicated to deploy or manage. In many cases, K-12 schools don’t have massive IT teams with multiple experts to manage the various IT concerns that can happen throughout the day. A WWAN solution that is comprehensive but not complicated to manage allows IT managers to prioritize the online safety of the school without having anything fall through the cracks.
A secure learning experience
Many schools have implemented security measures to make sure unwanted guests don’t enter their school. They in turn dictate who can enter the building once class has started and who can’t. In fact, even students need permission to be in certain places once class has started. While the use of WAN tools can enhance school networks, IT personnel should approach cybersecurity with the level of fervor that administrators approach students’ and faculty’s physical security.
With a zero-trust solution, K-12 IT managers can have more control over who enters the figurative doors of their network. This helps promote a scalable network and a safe online environment, no matter where learning occurs.