Securing data at school districts in the Dayton Area is a growing concern. Across the nation, we have seen drastic increases in cybersecurity attacks on our schools. With the most recent attacks being Los Angeles Unified district (2nd largest in the country), and South Redford School District. In both instances, the students’ personal information became a target of cyber criminals. Not only impacting the schools, but the students and their parents as well.
Why do hackers target schools?
Based on recent data, schools appear to be heavily targeted as they re-open for a new year. In 2021, over 50% of the attacks reported to the FBI in August and September were K-12 schools. And this year seems to be following suit. These school systems operate on minimal IT budgets, but often store large quantities of personal information on students, like birthdays and addresses.
And to take it a step further, most kids in Dayton Area school systems either bring their personal devices (like cell phones) to school, or have a tablet or laptop provided by the school that they can take home. In either scenario, the scope of vulnerability is drastically increased. When these devices are used at home, the schools have no control over the security of the network that is being used. If a device contracts a virus, and then that same device connects to the school’s network, it could open the door to the virus attacking the school’s information system.
What can Dayton Schools do to increase cybersecurity?
Although the IT budgets may not allow for large investments in infrastructure or staff training, there are still a few things every school can do to help.
Here are three Information Security Best Practices every school can follow:
- Setup separate internet connections. Since most students take their devices home, a way to close the potential vulnerability is setting up a guest Wi-Fi that is segregated from the schools network. Then put all student devices, whether it’s a personal device or a school device assigned to them, on this separate network. If a student clicks on a link they shouldn’t, or contracts malware at home, this will help keep the data on the network secure.
- Staff cybersecurity training. All employees in every industry need at a minimum an annual refresher course on basic cybersecurity best practices. You can find free courses available on YouTube. There are also company’s like Phishbuster Academy that offer high quality training at a very low cost.
- Monthly Phishing Simulations for the staff. The number one utilized attack by cyber criminals is phishing. There is something about a crafty email, sent to the right target, that seems to just work. Even in this day and age, there are so many people that just can’t help but click a link or open an attachment if the email is worded in a creative and enticing way. Recurring Phishing Simulations allow for staff to see these types of attacks on a monthly basis. This practice will help fortify their phish detecting skills, making them a stronger human firewall for your data.
As always, LMSolutions is here to help. If there are any Ohio schools that are needing cybersecurity help, or a free information security consultation, please contact us HERE right away.