When Computers Attack

Oct 21, 2017 by

Cyber Extortion is One of Many Threats to Schools

Your Money or Your Data!

What would happen if a school suddenly lost access to its digital information? Think about it.  Exactly how much digital information does a school use?  Student records?  Human Resource records?  Course materials? E-mails?  What would happen if a school leader had to conduct the business of education without access to their digital resources?  Many school leaders have faced just this quandary as their schools have fallen prey to ransomware, malware, cyber extortion and other forms of hacking.  Schools have been forced to pay tens of thousands of dollars in ransom to nefarious digital pirates to recover information. Some schools have been attacked for purely malicious reasons with no profit motivation and forced to recover and repair systems.  Digital security threats are growing in complexity, and frequency.  The trend is likely to continue as technology expands in education.

Security concerns have come in tandem with digital technology. Today, a new type of threat has emerged as schools and communities are targeted by “cyber-terrorists” and other criminal elements. In many cases, the goal is simply financial gain.  School information systems are undermined and held ransom.  The digital thieves may release a portion of the information seized to prove their control and some have made utilized school communication systems to threaten students and their shareholders with violence.  Even when the ransom is paid, there is no guarantee that the systems will be restored.  Disrupted schedules, wrecked budgets and traumatized communities are now possible with the right keystrokes.

The Value of Information

Of all the commodities found in a school, nothing is more valuable than data. Digital texts and enrichment materials are used to instruct students and to assess their progress by comparing test scores recorded in shared digital documents.  The vital statistics and personal information for each student and employee is recorded digitally and even the casual chats are documented for posterity.  Meeting notes, cafeteria menus and scores from the intramural basketball league are all made available in various formats.  Of course losing access to all or a portion of this resource could be disastrous for a school and if student privacy is compromised, the responsible parties could be held criminally responsible through the Family Educational Rights and Privacy Act (FERPA).

Staying Safe

Schools are target rich environments for would-be cyber attackers.  Students, faculty and other school employees are all vulnerable to phishing schemes which are increasingly sophisticated.  The number of individuals with access to sensitive systems is often high in a school due to the collaborative nature of the work.  Limited budgets and professional development for information technology professionals means school systems are less likely to be updated and more vulnerable to attack.  A qualified and well informed IT professional can be the greatest ally in defending the school from a cyber-attack.  First and foremost, back up all crucial files.  If it can be restored then the information from a protected media like an external hard drive, there will be no need to pay a ransom to recover encrypted data.  Another crucial duty for the school IT team is to keep all computers and systems updated with reliable anti-virus and anti-malware software.  Software updates should be performed regularly to address any systemic vulnerabilities.  It may be difficult, but restricting access to sensitive systems can limit the number of opportunities for the determined cyber attacker.  All system users should be trained on a continuous basis and according to their level of access.  That training should include system information as well as up to date assessments of threats to security.

Vigilance in the Information Age

It wasn’t that long ago when grades were kept in books in desk drawers and student information was found in a file cabinet in the school office.  Even then, security was a concern.  That concern has evolved as the times and technology has changed.  Today, one may not need to lock the desk drawer to keep a dishonest student from manipulating a grade, but may need to do a regular sweep of all school computers to safeguard no keystroke loggers are in use. School leaders need to secure passwords so that they are updated regularly to keep systems secure.  In coming years, expect technology and all the benefits it brings to become more prevalent in education. Be prepared for the remarkably creative and resilient nature of the criminal element in society.  A determined and intelligent individual can utilize technology to make the world a better place or undermine society depending on their motivation.

Keywords: cyber security, K12 computers, hacking technology, school records

Comment below on how often you, your school or your school system backs up its data. Why is it important to understand this information?


Dempsey, T. (2017, October 12). Professor: KU student expelled for hacking, changing grades online. Kansas City News. Retrieved from:     http://www.kshb.com/news/state/kansas/ku-student-expelled-for-hacking-changing-grades-online

Fox News. (2017, August 6). California man charged in Plainfield ‘Brian Kil’ cyber threats case says he used teen to ‘attack an entire town’. Fox News 59. Retrieved from: http://fox59.com/2017/08/06/attorney-to-announce-federal-charges-in-plainfield-cyber-threats-case/

Hoffman, M. (2017, October 19). After Columbia Falls hack that closed schools, experts call for districts to be on alert. The Billings Gazette.  Retrieved from: http://billingsgazette.com/news/local/after-columbia-falls-hack-that-closed-schools-experts-call-for/article_e3a8584e-cd15-5f19-a4e0-37bc2dbb2a1c.html

Technology Insurance. (2017). Loss Control Insights for Schools. EMC Insurance Reports. Des Moines, Iowa: EMC Insurance. Retrieved from: http://www.emcins.com/losscontrol/insights-d/newsletters/school/2016/04-1/

U.S. Department of Education. (2017). Student Privacy 101. United States Department of Education Report. Washington, D.C: US Department of Education. Retrieved from: http://studentprivacy.ed.gov/

Vaas, L. (2017, September 21). Hackers hold entire school district to ransom. Naked Security Wisdom. Retrieved: http://nakedsecurity.sophos.com/2017/09/21/hackers-holds-entire-school-district-to-ransom/

Walsh, K. (2017, June 27). Yikes! Education is the Number 1 Target for Ransomware Attacks. Emerging Technology Today. Retrieved from: http://www.emergingedtech.com/2017/06/education-number-one-target-for-ransomware-attacks/

Print Friendly, PDF & Email