Engineers working at computer in office

Schools Failing When it Comes to Preventing Phishing Attacks  

Learn why phishing attacks are so common in U.S. school systems and how to protect your district from falling victim to this common hacking disruption  

Businesses and organizations of all types are becoming more susceptible to phishing attacks — fake emails or attachments that give hackers access to systems and data, according to Adam Mahoney, an IT support professional in New York City who focuses on schools.

While you would think that school systems would be unlikely targets, the opposite is true.

What Is the Rate of Phishing Attacks in U.S. Schools?

According to the K-12 Cybersecurity Resource Center, a school district became a victim of a cyberattack once every three days in 2018. That year, there were 122 cyberattacks at 118 school districts nationwide.

Student data was a part of more than 60 percent of the reported incidents while 46 percent included data about current or former faculty and staff, including payroll and personnel records.

Phishing attacks represent 15.45 percent of those incidents. In many cases, phishing was the way that hackers gained access to sensitive information or delivered malware that spread throughout district systems.

Some o the attacks were the result of bulk email phishing campaigns, others were designed to target specific school districts.

What's even more troubling is that 2018 saw several attacks designed to target school business officials. These attacks included campaigns to redirect large amounts of taxpayer dollars, including the theft of about $2 million from one Texas school district and others that nabbed amounts ranging from $300,000 to $988,000 in Idaho, Louisiana, New Jersey and Texas.

“Public schools are increasingly relying on technology for teaching, learning and school operations,”  noted Douglas Levin, the report's author. “It should hardly be surprising, therefore, that they are experiencing the same types of data breaches and cybersecurity incidents that have plagued even the most advanced and well-resourced corporations and government agencies.”

How Can School Systems Combat Phishing Attacks?

Many phishing attacks begin with an unsuspecting staff member clicking on an official-looking email. The email, seemingly from a legit source, may include a link or attachment that causes the users' computer to be infected. Here are a few tips that school systems can take to protect themselves from phishing attacks:

  • Train All Staff. Every teacher, administrator, executive, principal and coach in the school district should have training on how to spot suspicious emails and what to do if they suspect something as suspicious. If students have school email addresses, they too should receive training
  • Make It Personal. Be sure that any training reinforced the personal consequences of opening a phishing email. Sound email practices and hygiene keep the personal information stored on work computers, along with sensitive employee data, away from hackers.
  • Use Protective Measures. School systems should consider having automated anti-virus, anti-phishing and anti-spam programs in place. Solutions that deliver updates to these programs automatically offer the best forms of protection. In addition, consider content filters that restrict access to questionable websites that could be a cyberthreat.
  • Restrict Access. System and data access policies should restrict access to those employees that have a need to know. Access should be highly restricted to only those with a proven educational or business need. In the case of a phishing attack, these policies can minimize damage.
  • Schedule a Test. Issue intermittent phishing tests that evaluate whether employees understand the telltale signs and what to look for in a phishing email.

Understanding the ramifications of phishing attacks and how to prevent them can keep your school district on the honor roll. Trust your IT support company to help ensure your school and organization is safe.