The measures taken to curb the spread of COVID-19 have created numerous challenges across all areas of society. For the primary and secondary education sectors, in particular, they have generated a series of difficulties. Given the face-to-face nature of the normal school education, very few schools had the experience or resources to switch to online teaching on such a scale and yet have had to implement these new strategies in record time.

This, in turn, has added considerably to the workload of the public sector IT managers responsible for education and, of course, also among the professionals working in the schools themselves. As is increasingly the case, some of these problems are related to the area of cybersecurity.

Schools under attack_

A case worth mentioning occurred in the Lee County High School in Sandford, North Carolina (USA). Students logged in to a virtual Spanish class through Google Meet, only to find that an unknown hacker had obtained unauthorized access to the class and was freely displaying racist and pornographic content for several minutes. Several parents witnessed the events, in addition to the students and teachers.

Although this attack only breached the integrity of the virtual class and damaged the school’s reputation, it underlines the fact that virtual education platforms are just as vulnerable as other remote access tools in the light of the recent increase in teleworking. It is also a wake-up call for IT teams in schools and colleges given that other threats could be far more harmful.

In this regard, the education sector has dedicated few resources and paid little attention to developing strategies and implementing advanced cybersecurity measures. Unlike other sectors, such as finance, industry, or tourism, until now the education sector has gone under the radar of seasoned cybercriminals, probably as there are no valuable assets to target.

Yet the current situation with the increased demand for online teaching could put the sector in the line of fire. A ransomware attack, for instance, could block all systems and put IT administrators under enormous pressure from students, parents, and teachers. This is not a hypothetical, improbable scenario, as there has already been the precedent of the ransomware NetWalker at the University of California, which saw University authorities paying $US1.14 in bitcoins to cyberattackers as ransom.

Implementing an advanced cybersecurity strategy_

In light of this, education administrators -whether in public or private centers- along with IT managers should adopt an advanced cybersecurity approach that sets out a general strategy and then implement specific measures that go beyond traditional reactive solutions. To this end, and in line with the strategy followed by the experts at the WatchGuard Technologies lab, at Cytomic we emphasize the importance of the following guidelines:

  • General coordination CISO. A CISO-type manager should be appointed to set out a general cybersecurity plan for all centers of education and coordinate a response strategy should an incident affect any centers.
  • Establish policies for passwords, roles, and permissions. Some of the most common cyber incidents such as the case at Lee County High School, stem from students or those with ties to the school having access to passwords that enable them to assume the role of virtual class manager and therefore do whatever they want in the online session. These passwords were easy to find on the school’s own website. The CISO should therefore establish a policy for all centers with roles and permissions clearly defined according to employees’ profiles and with sufficiently strong passwords.
  • Cybersecurity training for employees: Administrators, employees, and teachers themselves should receive specific training in good cybersecurity practices. In particular, teachers should be proficient in using and accessing online tools. Additionally, they should be aware of how to detect suspicious behavior among students, which may lead to cases of online vandalism against the center and its virtual classrooms.
  • Advanced Endpoint Protection: NetWalker underlined how centers of education can also be the target of advanced threats. For this reason, they need solutions that provide preventive technologies on endpoints and can detect any known or unknown malware, and prevent the execution of any binary until classified as trusted. Cytomic EPDR has these EDR capabilities and also provides additional services that can provide truly comprehensive protection for the education sector, such as filtering of specific content, which could avoid situations such as the incident in North Carolina.