Connect with us

Hi, what are you looking for?


Management & Strategy

Targeting Remote Learning: Defending Against Cyberattacks in our Schools

A return to normal does not mean that IT administrators can take their eye off the ball regarding cybersecurity

A return to normal does not mean that IT administrators can take their eye off the ball regarding cybersecurity

Schools are a popular target for cyber attackers. This is partly due to the amount of staff, student and general learning information being held on the network, but also because the nature of education means that access to data is often allowed, either for continued research or to review coursework, for a period of time after students leave. Security best practice is a challenge in this environment, but recent rapid changes have provided an excellent opportunity to review these practices for the coming year.

When the pandemic struck, schools had to adapt quickly with a wholesale shift to remote learning. Staff and students found themselves using new platforms such as Zoom or Teams to communicate, as well as making use of online file-storage systems for uploading, reviewing and marking coursework. Attackers took immediate advantage of this change, targeting newly implemented technologies to access resources and steal data. Their methods included credential thefts, password scams, Zoom-(and other video conferencing tools)-bombing and ransomware.

The level of attacks settled during 2020 as schools became more used to remote learning and other new ways of working, but this situation may be about to change. With global vaccination programs underway and return-to-work programs in development, everyone is planning for a return to bricks-and-mortar, including education systems. This provides attackers with an opportunity to hide in the confusion caused by a massive rush of people re-joining school networks. Any establishment not monitoring for unusual behavior patterns on the network could be placing itself at risk for an attack.

Back to School: Planning for the Return

School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year. There will be bigger and more complex projects to work on for many such as advanced threat detection or multi-factor authentication. Still, a couple of simple-to-address ‘quick wins’ that will help to establish robust security foundations are:

• Think about budgets. Often security investments are made in reaction to a breach or regulatory requirement. As such, in a larger school, new products are sometimes purchased and deployed in departmental bubbles. It’s worth creating a supervisory board for IT investments to ensure that any new product decision is made at the right level and can be adopted everywhere at once. This improves protection, assists with aligned management, and can reduce overall cost with potential vendor discounts for scale.

• Look at the network. Ensure that VLANS are in place to segment correctly and segregate devices and data on the network. Keep administrative and classroom access separate, by establishing a network that’s only for IoT and connected devices. Managed networks make monitoring simpler and alerts easier to identify and remediate effectively. This approach also reduces the risk that can come from potential unauthorized connections on any publicly accessible part of the school network.

Advertisement. Scroll to continue reading.

• Force everyone to change their password before the start of the new academic year. Establish and communicate best practice for new passwords, including a mandated level of complexity for strength. Create a password management policy that includes regular change requirements and limits concurrent connections from a single user account. Old, reused and shared passwords are common ways for an attacker to access network resources.

• Run awareness activities across the network. Live-fire exercises can expose gaps in plans, staffing or technology, allowing these to be closed before an attacker can take advantage. Also, schools can educate staff and students on the type of content that needs to be watched for through smaller programs such as phishing campaigns – this is beneficial to protecting the school and could also help someone safeguard their personal data.

Best Practice: Preparing for Attack Mitigation

Establishing security best practice is just one side of the equation in cybersecurity. At some point, you will be targeted, whether directly or as part of a broader campaign against schools in general. It is crucial to have a mitigation response plan in place to understand what happens and the role each person can play in reducing the impact of an attack or breach on the network. Whilst the detail in every plan will be different, based on the environment under protection and the existing solutions in place, the basic best practice to follow is similar for every school environment:

• Pre-attack: Develop a detailed response plan and review it at least every three months to ensure nothing has changed. Without this, no-one knows what needs to happen, who is responsible for which actions so systems can remain exposed.

• During an attack: Keep to the plan, bring the team together and reinforce each person’s  role. This way, understanding what has happened and starting to implement a response will be quicker and more effective. Have records of any changes made during the attack and be ready to take systems offline, so potential damage can be isolated and minimized.

• Following an attack: If the response plan was followed, then the mitigation efforts will result in a set of improvement activities that will help to deflect a similar attack in the future. Remember that once a successful ransomware attack is launched on any organization, the chances of a repeat attack increase significantly.

The Return to Normal

Most people are excited that after one of the most challenging periods in our lifetime, a return to normal is on the horizon. However, this does not mean that IT administrators can take their eye off the ball regarding cybersecurity. Take some time now, before everyone is back at their desk, to review policy and process. This means that any changes can be carried out with minimal impact on learning. It is still also worth communicating the plan and actions taken to staff, students and parents, because it will increase confidence in learning when everyone can return to their classroom.

Learn More About Cybersecurity Strategies at SecurityWeek’s Virtual Event Series

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem