Teaching Safely in the Face of Cyberthreats

October is National Cybersecurity Awareness Month, and with the education sector suddenly finding itself in cybercriminals’ crosshairs, the timing feels very appropriate. There’s no better time for teachers, parents and students to #BeCyberSmart, as the event’s hashtag goes, than right now.

This year is, of course, unlike any other, with school districts everywhere using digital classrooms as at least part of the new normal. Unfortunately, hundreds of U.S. school districts have already experienced cyberattacks. Globally, the problem dates back to last spring. When the pandemic hit, cybercriminals were exploiting it almost immediately. By June, education was being targeted more than any other industry, accounting for 61 percent of malware encounters experienced by organizations.

These attacks are continuing as we make our way through the fall season. One recent incident involved a ransomware attack on a California school district that ended up forcing it to cancel five days of school.

How do those attacks happen? One common method is phishing. Fraudulent websites began to pop up shortly after classes went online, distributing malicious files disguised as legitimate learning tools and videoconference platforms, like Moodle, Blackboard, Zoom and Google Classroom. Kaspersky data shows that 168,550 users encountered these kinds of threats though June of this year, up from just 820 users the year before.

It’s quickly become incredibly important for school districts to train teachers and students to be able to recognize phishing sites and emails, which often contain spelling errors and other telltale signs, and for users to treat any links or attachments with extreme caution. Here’s a broader set of tips for protecting against common scams.

Another type of threat is DDoS (Distributed Denial of Service) attacks, which can overload and bring down school networks. This past spring, the number of DDoS attacks that affected educational resources each month was up at least 350% from the corresponding month in 2019, according to our data.

Most school districts don’t have the funding to implement robust cyber defenses, so it’s important for everyone involved to practice good security hygiene. This can go a long way toward preventing these attacks, since most of them are not actually very sophisticated — they’re just criminals looking for an easy target.

The most basic — but important — security practice is to use strong passwords and set a different one for each service you use. If you’re a teacher or a student, you’ve probably had to sign up for more than one new account to support your e-learning. If one password gets stolen, you don’t want it to compromise all of them. Also try to avoid allowing multiple people to share a single account. The more people you have on one account, the more vulnerable it becomes.

Another good idea is to turn on multi-factor authentication for any of your digital tools that allow it. This means that everyone will need to log in with more than just a password, most often by clicking a link or entering a one-time code that gets texted or emailed to them. This will also help keep out anyone who isn’t supposed to have access to your educational tools — and any personal data they may contain.

A final piece of advice is to plan out your backup communication channels if the primary option goes down. Whether it’s caused by a hack or other type of outage, it’ll make life a lot easier if you have a backup plan. If your meeting platform goes down, everyone will know what to do next, so you don’t lose time. Meanwhile, if you notice that the school network, your work computer, or equipment are operating strangely, inform your IT support staff.

For educators, protecting the digital tools used for lessons and grading is of vital importance, particularly if anyone’s personal data is attached to any of them. After all, it’s not just ransomware and DDoS attacks we need to be worried about. There’s also good old-fashioned identity theft. Like it or not, teachers, once only responsible for the physical safety of their students, now have to play a role in protecting students in the digital realm.