Malware and Phishing: What Educators Need to Know
Malware and phishing attempts are a constant assault on school security
How Vulnerable are Schools to Malicious Intrusion?
As educational technology use grows, so too do cybersecurity risks of being breached and hacked. Schools and districts become more vulnerable with more technology being used, especially with the emergence of artificial intelligence.
Jena Draper, Chief Innovation Officer at itopia, discusses two hugely intrusive culprits: phishing and malware.
Malware and phishing attempts are constant, an almost relentless assault on the security of a school and its inhabitants. Students, teachers, administrators, and even some families can be subjected to these data attacks and breaches. According to itopia, over the past 90 days there have been more than 15 million malware attempts made on schools alone. This alarming number shows that student data is constantly under siege and needs to be protected at all times.
“Data privacy is adjacent to cybersecurity,” says Draper. “What we do is we have a number of databases as well as our own AI crawlers, and we actively look at over 1 billion domains in real time. If we see even one event of suspicious activity (which has a bunch of different classifications), we block it automatically. In the past 90 days, we have actively blocked 15.961 million malware threats.”
Millions of sites are working to embed malicious software into school systems on a regular basis, either through malware or phishing attacks, which involve tricking users into providing security access. But how much of this is known to regular internet users?
“This is not normal consumer information,” says Draper. “The reason why I bring this up, as far as the data points, is that the average consumer, the average school district, the average normal human, does not know about this. We know our data is out there. We know there’s some kind of risk. But we don’t really know how hackers are using our data, how they’re getting to us, and how they are using AI to improve their abilities to access [that information].”
So there are unseen digital threats all around us. In an age where everything is connected and everything is digital, how do we begin to protect ourselves?
Tech & Learning Newsletter
Tools and ideas to transform education. Sign up below.
“Districts need to move from reactive to proactive,” Draper says. “The consensus across all the districts I’ve interviewed in the last couple of months is we have a lot of tools, and we need to start consolidating. Not only do all these tools have a cost associated with them, but there’s also time associated as well. We don’t have the time to manage all these tools and look at the data and hopefully figure out whether a site or a program is a real threat or not.”
Why are Data Breaches So Frequent?
It is no secret that technology has flooded into the educational space unlike ever before. With the advent of various forms of technology, there also came with it new ways for hackers to steal data and commit heinous acts.
“COVID amplified our technology use,” says Draper. “So much money flooded into edtech because of the ESSER dollars. It was the perfect catalyst for cybersecurity to go nuts. It accelerated how many vendors and tools were out there, but it also created so many surfaces and endpoints for hackers to get into.”
Because of the plethora of new programs and devices being introduced to education, focusing on cybersecurity is even more important than ever. We may not see the danger clearly, but it is there and it is constantly working against us. We must remain vigilant in protecting the information of our students, our teachers, and ourselves.
What Can School Districts Do to Protect Themselves?
School districts cannot shy away from using technology in the classroom, but with the threats looming in regard to information safety, the question of protection is more important now than ever.
"School districts aiming to strengthen cybersecurity should start by assessing their risk and readiness,” Draper says. “The Cybersecurity Rubric (CR) by the Cybersecurity Coalition for Education (CC4E), is a great tool for evaluating their posture against NIST categories. Macs and Windows need more layers of protection and are costlier to secure than Chromebooks, which primarily require Google Workspace for Education and an added threat detection layer. Considering cybersecurity expenses in device refresh plans can significantly impact district budgets."
Michael Millington is a senior staff writer for Tech & Learning. A writer and editor with over a decade of experience, his focus on bringing actionable information to those in need is the driving force behind his work. When not researching new advancements in technology, Michael likes to practice his Italian and train his dog Cyril.