User Rating: 5 / 5
With 1,000+ schools cyberattacked in last 5 years, what can your district do to avoid being next?
April 12, 2021
Schools in western New York were temporarily closed this winter due to cyberattacks. In-person classes were canceled in the Victor Central School District after malware locked users out of key systems (e.g., SchoolTool, Transfinder) in January. Both in-person and remote classes were halted in Buffalo Public Schools after a cyberattack in March.
The problem is widespread and getting worse. Since 2016, there have been 1,180 publicly disclosed cybersecurity-related incidents involving U.S. public schools, according to the K-12 Cybersecurity Resource Center. In August and September, 57% of ransomware incidents reported to federal authorities involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July, according to the Cybersecurity & Infrastructure Security Agency, which is part of the federal government.
Unfortunately, the question is not “if” your school district will become the victim of a cyberattack, but when. If successful, the consequences often include disruption of critical school operations, exposure of sensitive personally identifiable information (PII) of students, teachers or staff, and, in many cases, ransom demands.
The U.S. Treasury Department has noted that cybercriminals are getting more sophisticated [see sidebar]. Every school board in New York State should be asking questions about the adequacy of the district’s defenses for a potential cyberattack and ensure that appropriate policies (including insurance policies) are in place. This article will explain the most common threats and make recommendations for action consistent withstate and federal law.