Stephanie Keer, National Practice Manager – Government/Education
Jon Clemons, National Practice Manager – Education IT Services
The unfortunate reality for schools today is the pervasiveness of physical and cybersecurity threats, including active shooter situations, family abductions, problematic teacher/student relations and vandalism, plus cybersecurity phishing and malware attacks. While such scenarios were almost unthinkable a generation ago, schools now find themselves regularly practicing ‘active shooter’ drills complete with classroom lockdowns and door barricades.
In June 2020, the FBI told K-12 districts that schools “represent an opportunistic target as more of them transitioned to distance then hybrid then a mix of hybrid and now in-person learning.” Given the rise in school shootings over the last several years, the challenge of effectively protecting students and faculty becomes even more complex. The TSA is on the forefront of layered security in airports, and their strategies can be used to make schools safer.
From a technology and procedural standpoint, a school district should examine the following six basic building blocks of security.
Unfortunately, in any one of these scenarios there will be what is called soft targets. Think front office personnel, kids moving between classes and kids on a playground. The ABSOLUTE best way to protect as many kids as possible is to temporarily barricade the classroom door. A mass shooter will quickly move on to soft targets once he realizes the classroom can’t be breached.
Konica Minolta has a comprehensive portfolio of solutions to help meet these special school security needs, including video surveillance systems, SchoolGate Guardian School Visitor Management system and Classroom Guardian door barriers.
Most schools have adopted cybersecurity technology solutions to deal with cyber bullies, but what happens when the actual school IT infrastructure is the one under attack? School districts spend years and billions of dollars outfitting their campuses with the best cameras, access controls and other physical security measures they could afford – all while mostly neglecting the security of the network from both the outside and inside. Many schools do not consider themselves targets, thinking “What do I have to steal? We just teach kids.” That is the reason schools are such a great target for hackers. Schools have unbelievably valuable data to steal. Personal Identifiable Information (PII) includes data like Social Security numbers, birthdates, as well as other biographical information about students, staff and potentially parents. This information is invaluable to hackers for the purposes of identity theft. As identity monitoring has become much more popular in recent years, child identity monitoring has not.
Attacks can happen in a multitude of ways and most of the time it is extremely hard to detect unless you have the tools and resources to monitor 24/7. Every major data breach has one thing in common – the breach was not detected as it happened. Sometimes it was weeks, months, or even years after the data was exposed. Schools are not in the business of IT security; they are in the business of teaching kids. School IT departments should be focused on the learning aspects of technology, not IT Security.
Why the recent increase in security breaches?
The introduction of hybrid and remote learning increased the usage of student and faculty home networks, which are not as secure as and less frequently maintained than school networks – leaving more areas of vulnerability. Online learning also meant a proliferation of devices on school networks. These devices are incredibly complex to manage and control. Given the less than optimal amount of time before students were sent home for months, IT could only do so much before students left and while they were at home.
Some schools initiated a 1:1 policy well before the pandemic, but these programs, including IT security and device control, did not extend the bounds of the school building. This poses an inside attack risk as students will eventually bring these devices back on campus and reconnect to the network. Lastly, hackers are praying on frustrated teachers and administrators who may be susceptible to free offers as they try to navigate hybrid learning. The offers of free software that will revolutionize your digital classroom are not what they promise – if fact, they are downright dangerous. If you are not paying for it, you are not the customer; you are the product being sold.
All these factors playing into a school’s cyber hygiene make them even more attractive to hackers and ultimately susceptible to an attack. Interfering with school technology interrupts learning, frustrates teachers and makes it nearly impossible for administration to continue their work. Not to mention, if all the school technology is corrupt, it leaves every device and piece of data in that school vulnerable. Hackers can use information gleaned from school data to execute a phishing campaign or take advantage of a pool of social security numbers. Once student or faculty data is obtained, it can be used to hold that individual for ransom. This means the hacker will give up the information in return for payment. It is a terrifyingly real scenario that happens everywhere, and school data can be the target.
To counteract this, schools need a strong security plan that includes the following tactics.
Learn more about our security strategy for your school or district online.