Over the past 16 months, teachers and students have immersed themselves in the technology required for virtual learning. Students use laptops at home and on outside networks. Cybersecurity once meant protecting classroom computers used on a school’s internet network. But the widespread use of remote technology presents additional challenges, as districts need to keep students and staff safe wherever they may be.
According to the K-12 Security Information Exchange and the K-12 Cybersecurity Resource Center, cyberattacks on school districts increased 17% nationally last year. There were 408 cyberattacks publicly reported last year, up from 348 in 2019.
Michael Dean, IT manager of Upper Freehold Regional School District in Allentown, NJ, said it is inevitable that board members, teachers and students will run into security issues online at some point. Online protection includes securing video conferencing platforms while class is in attendance, protecting school laptops while they are in students’ and teachers’ homes, and safeguarding district information used by teachers, administrators, and board members.
“From a cybersecurity perspective, we’re always concerned about the welfare of our students,” Dean said.
Safeguarding Students Upper Freehold Regional School District uses Chromebooks, which students can take home beginning in grade three. To protect them from harmful content, the school uses a service to restrict where students can go on the internet. Doing so ensures the district complies with various federal requirements, including the Children’s Internet Protection Act (CIPA).
“Content filtering is the most obvious way that we try to protect our students,” Dean said.
However, content filtering is more challenging when students are not on the school network and using an internet connection at home.
“That’s one of the struggles we often have,” Dean admitted. He urges parents to use solutions to provide protection at home.
Another way districts protect students is by restricting what students can do on video conferencing platforms. In Upper Freehold’s case, the district uses Google Meet to video chat. The district deploys a feature to restrict who can be in a room. For instance, students cannot invite strangers. Parents have to have an account to meet with teachers over the platform.
Defending Districts One of the biggest threats to school cybersecurity can come from teachers. They may open email messages that could make them prone to ransomware attacks.
Ransomware is a type of malware that can inadvertently be downloaded onto the computer. Once activated, the malicious entity can threaten to publish the victim’s data or perpetually block access to the computer unless a ransom is paid. If breached, the data could include information about the district or students.
The good news is that ransomware does not work on Chromebooks. Many districts use these — because they do not allow the user to download apps or support executable files that you find on Windows or Mac systems. But not all teachers use Chromebooks — many are on other platforms, which opens the door to ransomware threats.
The most common way ransomware enters the network is via phishing, a tactic where cyberattackers send a personalized email asking the target to download a document or click a link that downloads malicious software, called malware. Once clicked, malicious software is installed, making it impossible to use the computer without a unique code only obtainable after paying a ransom. Phishing has become so sophisticated that extreme vigilance is required.
“Even the best people fall for it,” Dean said. “If something even looks remotely suspicious, don’t open.”
Keeping confidential the personally-identifying information of all school stakeholders is imperative, so Dean’s district uses software to prevent ransomware activity.
Ensuring district, school, and student data safety is essential. The school district also uses a web-based student information system software to protect data in the cloud.
Other tools that staff members can use to protect their data include complex passwords. Some districts use two-factor authentication, which involves verifying identity with matching information to safeguard data.
Flex Tech The pandemic helped districts improve their technical know-how, explained Bruce Reicher, a technology teacher in the Upper Saddle River School District and a school board member in the Hawthorne School District. Giving teachers access to technology tools was overwhelming at first. Now they have help desk services available for them, as well as parents and students. All staff members have improved in using video instruction for remote learning.
Districts have also had to figure out how to pay for and distribute computers and tablets. They now have solid procedures in place to protect that equipment, Dean added.
One thing that affects cybersecurity is the fact that districts need to be agile in their approach to using technology. As some have had to switch from in-person classes to remote classes in a pinch, it’s vital to have the right tools on hand to facilitate that shift — and safeguard students and teachers while doing so, Reicher said.
“Every district has its own plan for their community,” Reicher said. “I think all districts will have their toolbox of what works for them and their students. These practical lessons are probably more important than creating policies that won’t pertain to the quickly changing landscape,” he added.
Making Cybersecurity Second Nature Along with enacting policies on everything from how students should use laptops at home to how teachers can access cloud data, districts are staying on top of the risks.
As more new threats and innovations arise, many are offering ongoing technology training to students and employees. This way, they can make sure people are aware of how to stay safe online.
“Most of cybersecurity is a human issue,” Dean added.
Dean recommended visiting the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), located at cyber.nj.gov, to find information on best practices districts can use to reduce cyber threats, including ransomware.
Solutions Available through NJSBA NJSBA offers technology and cybersecurity solutions through its cooperative pricing system to help districts and member charter schools manage and reduce IT security risks. Visit www.njsba.org/cybersecurity for more information.
To learn more contact NJSBA’s Cooperative Pricing System.
Kristen Fischer is a contributing editor with School Leader magazine.