As we transitioned online, 2020 was a record-breaking year of school ransomware attacks. In fact, there was a 20% increase in education sector cyberattacks between July and September 2020. Many of these incidents were significant: resulting in school closures, millions of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud.
Schools often discover breaches months after they happen. The numbers from 2021 continue to roll in as more hacks are discovered, and it doesn't look like schools have gotten much safer. But why target a school? And what do you need to know to protect your school community in 2022?
Why Target Schools?
Lots of Data
Ransomware attacks are some of the most common attacks that schools face. Modern Ransomware gangs will encrypt or even steal data, and if victims don't meet their demands, they will leak the information onto the Dark Web. Schools may not have your credit card information, but they are chock full of low-hanging fruit that you don't want to float around on the web.
For example, following an attack on Weslaco Independent School District, data relating to approximately 16,000 students and its employees was leaked. This included basic information such as names, dates of birth, and gender, as well as more sensitive information like social security numbers and home addresses.
So what, right? What can they do with that information? According to NBC News, a few months after a ransomware attack on Toledo Public Schools in Ohio, a parent discovered that someone had started trying to take out a credit card and a car loan in his elementary school-aged son's name.
Simply put, hackers use this information to commit fraud.
Poor Security Practices
According to Education Week and the Consortium for School Networking, 44% of chief technology officers report that their district does not provide cybersecurity training for educators. While some schools don't even have a single person devoted to cybersecurity. The result? Only 54% of educators are even familiar with the concept of ransomware attacks, even though 44% of their schools were targeted in 2020. (Parachute Technology)
On top of this, despite the availability of tech vendors that can install solid security practices and technology, not every school chooses to. Even for those that do, many don't implement them fully. This amounts to a half-put-together defense that hackers can glide right through.
Valuable ".edu" emails
Email addresses that look real are valuable for implementing phishing attacks. Emails that end in ".edu" are far more trustworthy than ones that end in ".org" or ".com." Teachers are much more likely to download and open a file if sent from another teacher. Parents are apt to open a link sent by their child's school. Prospective students might open an email from a college or university without thinking. We intuitively trust educational institutions. Capturing these emails can lead to significant attacks and huge payouts.
How to Protect Your School
Don't despair. By implementing good cybersecurity training and procedures, you can do a great deal to protect your school community, whether you're a teacher, administrator, student, or parent.
Most password attacks happen due to poor credential management and a lack of employee training. For a broader understanding of what you can do, here is a list of 10 practices that can easily be implemented in any school: 10 Cybersecurity Strategies for small businesses.
One of the most cost-effective and efficient ways to increase security is to use a password manager. A password manager protects user credentials, preventing unauthorized access to shared accounts. Better password managers also allow for easy sharing of credentials within an organization.
How TeamPassword Prevents Password Attacks
Create Secure Passwords for Every Account
Weak and reused passwords expose a company to many password vulnerabilities. TeamPassword's built-in password generator ensures you create robust credentials for every account and never reuse the same password.
The password generator lets you create passwords 12-32 characters long using letters (uppercase/lowercase), symbols, and numbers. You can also use TeamPassword's password generator to create unique usernames, increasing the strength of your company's credentials.
With all of your logins stored in TeamPassword, you will never have to remember usernames and passwords!
Two-Factor Authentication (2FA)
2FA adds an extra step to each employee's TeamPassword account. If cybercriminals steal an employee's credentials through a successful password attack, 2FA prevents a complete breach.
TeamPassword uses Google Authenticator, which is available for iOS and Android devices. Employees need to enter their password and the six-digit TeamPassword code to log into their account.
Team members can also create backup codes so they're never locked out of their TeamPassword account—even if they lose their Google Authenticator device.
Share Passwords Safely
Password attacks often happen due to human error and careless credential management.
TeamPassword allows teams to share passwords securely through the password manager, so you never have to worry about exposing raw credentials through emails, chat apps, spreadsheets, and other unsecured methods.
Instead of entering a username and password, teams use TeamPassword's browser extensions (Firefox, Chrome, Safari) to log into your company's tools, applications, and other accounts.
TeamPassword also has a mobile app for logging in to mobile-only applications. Employees can simply copy/paste the credentials they need and log in!