Online education is now a firmly entrenched part of the traditional education landscape, but the cybersecurity measures used to protect our online education assets remain flawed, inconsistent, and vulnerable.
Before the start of the 2020-2021 school year, there existed no unified national strategy for educational cybersecurity. And given the newness of this strategy, implementation is still very much a work in progress for most schools.
Today, in the wake of the pandemic and the en masse move to online education, the risks posed by this shoddy cybersecurity infrastructure have never been greater. We’ll examine these cybersecurity risks, and consider strategies that online schools, educators, and students can use to counter these risks.
With more than 7 million students in the U.S. alone taking at least one online post-secondary course in 2019, and countless charter schools making online education a central component of their mission, online learning was already an ingrained part of our collective educational strategy when the pandemic struck in early 2020. Worldwide school closures followed, with students and teachers retreating to the web. An estimate from UNESCO holds that school closures impacted more than 1.5 billion students across the world.
As a result, online education has proven an absolutely critical component of our educational strategy. The events of the pandemic demonstrated the vital need for effective avenues to remote learning. Because the transition to online learning was so rapid, many educational institutions suffered from a lack of preparation, training, and guidance. While online learning provided an essential pathway to social and academic continuity, educational outcomes have been mixed at best. And among the many obstacles to effective online instruction that were magnified during the pandemic, cybersecurity risks warrant immediate attention.
The good news is that there a lot of ways that you can contribute to improvements in educational cybersecurity by earning an online cybersecurity degree at either the associate, bachelor’s or master’s degree level.
If you’d like to learn more about the cybersecurity threats and defense strategies before pursuing a degree, read on…Back to Top
Online educational institutions have long been uniquely vulnerable to cyber-attacks and security breaches. In the past, schools—especially small colleges, public schools, and some urban charter schools—have simply lacked the budget, experience, technology, personnel, or political will to mount comprehensive cybersecurity strategies.
According to Govtech.com, “Cyberattacks on school districts are nothing new,” and “In fact, there have been nearly a thousand such incidents since January of 2016, according to the K-12 Cybersecurity Research Center.”
Rarely have our online educational assets been protected with the ferocity that protects our financial institutions, commercial entities, and government agencies.”
Rarely have our online educational assets been protected with the ferocity that protects our financial institutions, commercial entities, and government agencies. But the demands placed upon online learning have grown dramatically as the pandemic has presented us with new and unforeseen academic challenges. This means more students than ever before are at risk, and more educational institutions are being thrust into online education without full preparation for threats such as the following.Back to Top
According to Cybintsolutions, ransomware refers to a malicious type of attack in which the perpetrator will block the victim’s access to their own systems or data. The data is only released when the victim pays a specific sum of money to the perpetrator. In the simplest terms, when this attach is inflicted upon a school, its data is held hostage until the kidnappers’ ransom demands are met. And the threat is quite real.
In July of 2020, the University of Utah was extorted to the tune of $450,000. Unknown hackers took control of the College of Social and Behavioral Science servers, making them inaccessible to university personnel until their financial demands were met. The hackers were able to encrypt .02% of the university’s data before the impacted servers were isolated and the ransom demands met.
The University of Utah was just one of countless victims that year. According to Cybintsolutions, ”Ransomware is on the rise, with a total of 304 million ransomware attacks worldwide in 2020.”Back to Top
The Distributed Denial of Service (DDos) Attack is a tactic in which hackers flood an entity’s servers with service requests until the traffic overwhelms the system. The consequence is typically a disruption of service for those who actually need it. This is a particularly threatening tactic for public school systems, which frequently have lesser processing power than commercial or financial entities. This can lower the threshold required to overburden a system, as occurred a mere two weeks into the fall semester of 2020 at the Rialto school district in California. A malware attack “Designed to disrupt or gain access to a school’s network …forced the 25,500-student district to collect–and fix–thousands of school-issued digital devices.”
The result was a lost day-and-a-half of learning for most students in the public school district. In the very same month, a 16-year-old student from the Miami-Dade school district in Florida was indicted on charges of committing eight DDoS attacks that caused lags and error notifications across the system. While the crime and its perpetrator were easily detected with limited damage, it did demonstrate the vulnerability of school districts to even the most rudimentary attacks.
In a year already marked by overwhelming challenges, educators described this form of hacking as one more roadblock on the already-embattled path to education. But it’s a roadblock that schools must take seriously. Indeed, according to one report, “between January and June 2020, the number of DDoS attacks affecting educational resources increased by at least 300-500%, compared to the corresponding months in 2019.”
This is resulting in an untold amount of lost instructional and learning time during a period when both have already been severely curtailed by the pandemic.Back to Top
While ransomware and DDoS attacks have a history which far predates the pandemic, Zoom-bombing is a cybersecurity phenomenon which could be closely associated with online education during the COVID era. Over the last two years, countless schools have come to rely on video conferencing platforms like Zoom to conduct their classes. But Zoom has proven especially susceptible to intrusion by hackers, who run the gamut from mischievous pranksters to truly malicious actors intent upon exposing students to harmful content.
Zoom-bombing is a cybersecurity phenomenon which could be closely associated with online education during the COVID era.”
According to an article from the Cincinnati Enquirer, an FBI spokesperson acknowledges the dramatic increase in such incidences since the start of Spring 2020. According to federal law enforcement, “In late May, the FBI had received more than 240 reports of Zoom disruptions that included broadcast videos depicting child sexual abuse material. The incidents at Wyoming City Schools and Miami University displayed nudity, profanity and discriminatory images, officials said.”
This presents a particularly serious problem for schools who must rely on the effectiveness of third-party platforms to protect their students not just from intrusion but from harmful content.Back to Top
As schools work to achieve compliance with the newly forged national standards for cybersecurity in online education, there are a number of very attainable steps that individual schools and educators can take to protect themselves.
Manage User Privileges: Access to a school’s system must be limited only to those affiliated with the institution or district. Only authorized individuals should possess the proper clearance, and should be required to meeti multi-factor standards for identity authentication upon sign-in. Access to school systems must be revoked immediately for those who are terminated, who voluntarily depart, or who are otherwise no longer affiliated with the school or district.
Vet Third-Party Providers: All schools and colleges must entrust some part of their security infrastructure to third-party services including server providers, Learning Management Systems, software packages, video conferencing platforms, and more. While some level of trust is necessary, the source of security breaches is far too often one of these outside parties. According to HelpNetSecurity, more than 80% of organizations facing cybersecurity breaches will find that the threat originated with a third-party provider. Every school should conduct their due diligence to determine that the security measures and capabilities provided by all third-party vendors are adequate to meet the needs of a given college, university or school district.
Conduct Effective Staff Training: With the sudden jump to online learning during the pandemic, a necessary degree of urgency preempted the possibility of providing educators and administrators with comprehensive training. But a major part of preventing cybersecurity breaches, or lessening their impact, is providing effective training to those on the front lines of online education. We must give educators and administrators the wherewithal to recognize threats and provide them with clearly delineated protocols for reporting evidence of threats.
Provide Risk Education to Students: Students and families alike must be apprised of the risks that come with online education. Effective training is required on password management, identification of suspicious emails, and avoidance of questionable links. Students should also be instructed on how to set up a VPN at home and how to ensure they are only using secure WiFi when signing into school systems. Make sure students are part of the security strategy, and not points of vulnerability for bad actors.
End-to-End Encryption: Ensure that encryption software is utilized for all data and every correspondence stored in your school’s system. Protect private information, documents, files, and messages with encryption whether correspondences take place asynchronously or in real time.
Updated Content Filters: Create clear limitations on the sites that can be visited or accessed on your school’s servers. Content filters can be used to prevent access to inappropriate material such as pornography, hate literature, or sites which perpetuate violence and disinformation. These filters can also be an effective way to prevent access to sites that are known for creating a high risk of exposure to malware.
American education must find ways to align with a comprehensive national cybersecurity strategy.”
Of course, these are all strategies that can be adopted at the level of individual school districts and universities. But the reality is, American education must find ways to align with a comprehensive national cybersecurity strategy. The Department of Homeland Security-backed group, cyber.org initiated the process of developing national K-12 cybersecurity learning standards at the onset of the 2020 school year, publishing the results of their efforts the following year.
The product—K-12 Cybersecurity Learning Standards—lays out the expectations to which all public school and their third-party providers are expected to adhere, though contrary to compliance failures in areas like retail or finance, there are few real consequences for falling short. Today, more funding, training, technology, and guidance are needed to help schools understand and integrate these new standards.
For a better understanding of some of the key controversies underlying this issue, jump to our discussions on Hacking and Charter Schools.
And to get started on an educational path in a related area, check out the following online degrees:
Get survival tips, interesting articles, and much more at our Student Life Blog.
Or get tips on studying, student life, and much more with a look at our Student Resources.