Four Steps to Help Keep Schools Safe from Cyber Attacks

By Lisa Plaggemier

Nothing has defined the last 18 months in education more than online learning. A foreign medium for most educational institutions at all levels before the pandemic, online learning was transformed overnight from a backup education channel to the only education channel. However, given that school districts and educators were forced to get digital classrooms up and running as quickly as possible, ensuring that they were secure took a back seat. And bad actors have seized the opportunity to probe for cyber security weaknesses. Not surprisingly, they found some.

For example, in June an attack forced the University of Massachusetts Lowell to cancel all in-person and online classes for a week after the school’s technology services were breached. Unfortunately, such attacks have become common during the pandemic.

This is obviously unsettling for both educators and students alike. However, some of the most effective steps in preventing security incidents are actually straightforward and easy for school districts, educators, and students to put in place.

Demystify Cyber Security at the Top

With so much jargon flying around, cyber security is perceived by many everyday tech users as being far too complicated. This leads some individuals to throw up their hands and accept the false assertion that breaches are inevitable, and that there is nothing they can do. To counter this attitude, school administrators should set out to make cyber security best practices accessible to everyone. They can start by providing ongoing, jargon-free training sessions. The goal should be to push this subject into the mainstream, and empower educators by fostering a culture that has cyber security as a core principle.

Lean on the Fundamentals

Teachers can promote the fundamentals in their classrooms. We teach students how to use technology; it doesn’t take too much more effort to teach them to use it securely. Here are four steps that all schools should be encouraged to adopt right now (if they haven’t already)

1. Embrace the Password Manager

Password managers can help boost cyber security. They can not only make recalling a password a breeze, they can empower users to pick the strongest passwords possible—no matter how long or complicated—since they can safely store them for easy access. Additionally, password managers can be instituted districtwide, meaning they should be a staple tool for any school district in the hybrid learning era.

2. Mandate Multi-Factor Authentication

Having a strong password is only the first part of the equation when it comes to ensuring your accounts are secure. The second is multi-factor authentication (MFA), which provides a second layer of protection as users attempt to log in to an account. Simply put, if a strong password is the lock on the door, then MFA is the deadbolt.

3. Use a VPN

Using a virtual private network (VPN) is especially important for remote students who can log in to classes and do schoolwork from anywhere. VPNs work to encrypt data and hide your IP address. This conceals your online identity, even on public Wi-Fi networks. Moreover, VPNs can be easily installed on any device, giving educators and students additional peace of mind wherever they may be logging on from. It’s worth purchasing one for district use, to increase your security.

4. Set Guidelines

Guidelines that ensure uniformity for device settings are imperative for schools and educators, especially if workspaces or devices are shared. Having uniform guidelines about which apps are granted access and which are not, and what can and cannot be downloaded, is hugely important in blocking bad actors from gaining access to a school’s sensitive information.

By demystifying cyber security within your school district and implementing easy-to-use security steps, administrators and educators will not only create a more secure digital learning space, they will lay the groundwork for good cyber security hygiene for students as well.

Lisa Plaggemier is interim executive director (and board member) at the National Cyber Security Alliance. The NCSA builds public-private partnerships to help bring security to education. Plaggemier has previously held executive roles with the Ford Motor Company, CDK Global, InfoSec, and MediaPRO. She is also a frequent speaker at events hosted by RSA, Gartner, and SANS.