Login Identity Protection Build Credit Pricing Employers Support Schools Parents PTAs PTOs and Education Foundations  Superintendents, Business Officers, and School Boards Resources About Us Contact Us Education Center Press Releases In the News FAQ
Resources > Cyberattacks > School Cyberattack Trends—Evaluating the Growing Threat Landscape

School Cyberattack Trends—Evaluating the Growing Threat Landscape

Schools are increasingly targeted by cybercriminals looking to steal data, install ransomware, or cause disruption. According to recent studies, cyberattacks on K-12 schools in the U.S. have been rising steadily over the past few years, and experts expect this trend to continue. Cyberattacks can compromise the private information of children and school staff, leading to potential identity theft, emotional distress, and disruption of educational processes. In this article, we’ll explore the major cybersecurity threats schools face, some recent school cyberattack examples, and the reasons why schools are such an attractive target.

The Most Common Types of Cyberattacks on School Systems

As technology becomes more integrated into the classroom, attacks are becoming more prevalent and dire. The most common cyberattack threats for schools include:

Type of CyberattackWhat It Entails
Phishing attacksPhishing involves sending fraudulent emails to trick users into providing sensitive data or downloading malware. Schools are a prime target because they have so many email users. To stay safe, schools should educate staff and students about phishing risks and safe email habits
RansomwareRansomware is malicious software that encrypts files and holds them for ransom. Once the infection takes hold, the only options are to pay the ransom or restore from backups. To mitigate ransomware risks, it’s important that schools implement strong security awareness training and backup protocols
Data breachesStudent and staff records are valuable on the dark web because they contain sensitive information such as names, addresses, and Social Security numbers (SSNs), which can be used for malicious activities. To prevent data breaches, schools should make data security a priority by keeping systems up to date, enforcing strong password policies, and enabling multi-factor authentication whenever possible
DDoS attacksDistributed denial-of-service (DDoS) attacks overload servers and network infrastructure to take systems offline. They aim to disrupt school operations, often during testing periods or admissions. IT and network security teams should implement DDoS mitigation and prepare an emergency response plan to ensure protection against these attacks
Insider threatsNot all threats originate outside the school walls—insider threats involve staff, students, or others with internal access intentionally or unintentionally compromising systems and data. Strict access controls, monitoring, and security policies are essential safeguards against insider threats

Unique Vulnerabilities of School Cybersecurity

Schools face unique cybersecurity challenges compared to other organizations due to several factors:

  1. Open networks
  2. Numerous access points
  3. Data sensitivity
  4. Limited expertise

Open Networks

School Wi-Fi networks are often open or have easily guessed passwords, allowing anyone within range to access the network. Once connected, hackers can monitor network activity or install malware to gain access to connected devices. To remain secure, schools should:

  • Implement strong Wi-Fi passwords
  • Enable encryption
  • Segment networks to limit access

Numerous Access Points

Schools utilize a variety of digital tools, platforms, and networks to facilitate learning, including smart boards and projectors, as well as students’ laptops and tablets. This diversity makes it difficult to enforce consistent security policies and monitor for vulnerabilities. To overcome this issue, schools should:

  • Mandate baseline security standards for all devices
  • Deploy mobile device management software
  • Educate students and staff about device security best practices

Data Sensitivity

Schools collect and store sensitive data like student records, medical information, and financial details. This data can be an attractive target for cybercriminals looking to steal personal information. Robust security measures have to be implemented to safeguard this data in compliance with regulations like the Family Educational Rights and Privacy Act (FERPA).

Limited Expertise

What schools often lack is dedicated cybersecurity personnel and expertise. School technology staff frequently have limited security training and may be unaware of the latest threats or best practices. Schools would benefit from partnerships with security organizations and consultants to help address their unique vulnerabilities.

Recent Examples of Cyberattacks on School Districts

Recent years have seen an alarming rise in cyberattacks targeting school districts. As schools have started turning more toward virtual learning, their digital infrastructure has become a prime target. Unfortunately, cybersecurity in school districts often isn’t prioritized, exposing them to diverse cyber threats. Here are three examples of recent major cyberattacks impacting schools:

  1. Ransomware attack in Baltimore county
  2. Data breach at Illuminate Education
  3. New Haven Public Schools cyberattack

Ransomware Attack in Baltimore County

In November 2020, Baltimore County Public Schools suffered a ransomware attack that disrupted their computer network for over a week. The hackers encrypted the schools’ data and demanded a ransom to decrypt it. While the attack didn’t access personal data, it crippled the schools’ ability to operate digitally, forcing the school to close. The recovery process and upgrades cost the district nearly $10 million.

Data Breach at Illuminate Education

In January 2022, cybercriminals targeted the student data management service at Illuminate Education and gained access to an online database containing the personal information of more than 820,000 current and former New York City public school students. The records included names, dates of birth, addresses, and other private details of students from kindergarten through 12th grade. The database has since been secured, and Illuminate reported that they haven’t discovered any signs of fraudulent or illegal activity connected to the hacking incident.

New Haven Public Schools Cyberattack

The New Haven school district in Connecticut suffered a loss of over $6 million when cybercriminals managed to hack into the email account of the district’s chief operating officer. According to the New Haven Register, the cybercriminals monitored the emails exchanged between the COO and vendors and eventually impersonated both the COO and the vendors to create fraudulent accounts. They redirected the district’s payments meant for the school bus service and legal expenses to their own accounts. As of now, $3.6 million has been recovered.

Best Practices for Securing School Networks Against Cyber Threats

As attacks become more advanced, taking proactive measures is critical. To secure their networks against cyber threats, schools should implement these best practices:

  1. Conducting regular risk assessments
  2. Providing ongoing security awareness training
  3. Strengthening security
  4. Controlling access to sensitive data

Conducting Regular Risk Assessments

Schools should run routine risk assessments to identify vulnerabilities and prioritize areas that need improvement in their security posture. Assessing aspects like outdated software, weak passwords, unpatched systems, and lack of multi-factor authentication will help prioritize risks based on likelihood and potential impact. Since cyber threats are constantly evolving, there’s a need for schools to conduct risk assessments at least once a year to stay updated with the latest risks and adjust their defenses accordingly.

Providing Ongoing Security Awareness Training

Even the most advanced security controls can be bypassed if staff and students aren’t trained on basic cyber risks and best practices. Schools should implement regular cybersecurity awareness training to teach students and staff how to spot phishing emails, keep systems up to date, and report suspicious activity.

Strengthening Security

Implementing multi-factor authentication, data encryption, firewalls, and other tools will make it much harder for attackers to access sensitive systems and information. Schools should also enforce strong password policies with minimum length and complexity requirements and enable two-factor authentication wherever possible, especially for staff and student accounts.

Controlling Access to Sensitive Data

Not everyone within an organization or institution needs access to every piece of data. Restricting access to personally identifiable information (PII) and sensitive data ensures that only those with a legitimate need can access such information. This reduces the chances of accidental leaks or deliberate misuse. Schools should use role-based access controls and monitor access to sensitive data to detect misuse.

While schools should do their part in securing the information of children and staff from cyberattacks, families are responsible for preserving their data as well. Children are especially vulnerable to data exploitation—in fact, a child’s identity is stolen every 30 seconds. To safeguard your child from these threats, you should take proactive steps, including subscribing to identity protection services like FreeKick to ensure ongoing data security.

Reduce the Risk of Identity Theft With FreeKick (Coming Soon)

Powered by Austin Capital Bank, FreeKick is a unique product that focuses on keeping your family’s PII secure. It’s a combination of a deposit account protected by FDIC insurance and additional identity monitoring services for up to two adult parents and six children aged 0–25.

Identity Protection Services

When you sign up for an account, FreeKick starts keeping a close eye on your identity and that of your children to ensure their safety. You’ll have access to all the services FreeKick offers, including:

Services for Adult Children and ParentsServices for Minor Children
• Credit profile monitoring
• SSN monitoring
• Dark web monitoring for personal information
• Up to $1 million identity theft insurance
• Full-service white-glove concierge credit restoration
• Lost wallet protection
• Court records monitoring
• Change of address monitoring
• Non-credit (Payday) loan monitoring
• Free FICO® Score monthly
• FICO® Score factors
• Experian credit report monthly
• Credit profile monitoring
• SSN monitoring
• Dark web monitoring for children’s personal information
• Up to $1 million identity theft insurance
• Full-service white-glove concierge credit restoration
• Sex offender monitoring—based on sponsor parent’s address

Parent-Sponsored Credit Building and Monitoring

In addition to providing ID monitoring for parents and their children, FreeKick offers another incredibly valuable service—automated credit building for children aged 14 to 25. When you build a credit history for your child early in life, it can significantly improve their credit profile, allowing them to possibly save up to $200,000 during their lifetime.

For many students, accessing credit options can be quite challenging. However, FreeKick offers a solution that can significantly contribute to your child’s financial well-being. The process is straightforward:

  1. Create an Account—Register at FreeKick.bank and choose your preferred plan to activate your account. Once your child is of legal age, they can activate credit reporting. If they are already a legal adult, FreeKick will automatically report their credit to the three major consumer credit bureaus—Equifax, Experian, and TransUnion
  2. Set It and Forget It—Once you activate your account, FreeKick creates a 12-month credit history for your child by providing a no-interest credit builder loan that’s repaid using the deposit
  3. Keep Growing—At the end of the 12-month term, you can decide whether to renew your account for another term or close it and get a full refund of your initial deposit

You can close your account at any time with no penalties. However, if you close the account while your child is still a minor, no credit can be reported for the account due to credit bureaus’ restrictions.

FreeKick Pricing

FreeKick offers a range of plans to suit different budgets, and each plan is FDIC-insured up to $250,000. For just a $10 deposit and a small annual fee, you can safeguard your identity (both parents), as well as the identities of up to six children between the ages of 0 and 25. Additionally, you can build credit for up to six children aged 14–25 with any plan you choose:

FDIC-Insured Deposit AmountPlan Fee

To safeguard your child’s identity from the risks of school cyberattacks while also building their credit history for a more stable financial future, sign up for FreeKick today.