Education and technology used to operate on separate tracks, but they have become increasingly interconnected in recent years. Adding software and connected devices to the classroom has given teachers more flexibility in their teaching styles and makes their job easier.

However, these new tools came with essential responsibilities that took a moment to get embraced by teachers and school administrators. As cyber attacks against K-12 schools kept rising, the US government enacted the K-12 Cybersecurity Act.

This new regulation puts in place basic cyber security measures to give schools nationwide a head start against cyber criminals.

This article will explain why hackers target K-12 schools, how they do it, and measures the education sector can implement to remain protected.

Why Are School Cyber Attacks So Prevalent?

At first glance, it might be hard to see why cyber attackers would target K-12 schools. However, these institutions are often easy to breach and offer high rewards. The primary reason criminals target the education sector is the wealth of personal information they hold on both parents and students.

Schools are also often seen as trusted institutions by parents and students, meaning these victims are less inclined to double-check communications for phishing or spoofing attempts from their child’s school.

Another critical factor is that K-12 schools now rely so heavily on technology for their day-to-day operations that any disruption in their systems is a critical event. This technological dependence leaves these institutions open to attacks like DDoS and ransomware that hinge on keeping the victim’s system hostage.

Top 7 K-12 Cyber Security Threats

Schools face a worrying variety of cyber attacks, requiring staff and parents to always be highly vigilant. School administrators must also invest as much funds and resources as possible to keep their systems updated.

However, the solution to this issue must begin with awareness. Here are the most common cyber attacks in the education sector, as well as mitigation strategies for each:


This type of cyber attack is led by criminals who harvest personal information on their victims through social media and other methods to convince them to hand over information or trick them into giving up their login.

In the education sector, these attacks manifest in the form of fake notification messages from the platforms used by teachers and, in some cases, by scammers posing as parents. Teachers are quickly becoming the first line of defense against such attacks and must be adequately prepared.

Implementing an email filtering solution is always a good idea to mitigate the number of phishing emails ending up in teachers’ inboxes.

However, nothing beats education on phishing signs and regular phishing simulations. Sending these fake phishing attempts allows users to learn what to look for with the correct context and understand the need for constant awareness.


As schools have become more reliant and, in some cases, dependent on technology, the ransomware risk has increased. This threat infects an entire network and locks it down, effectively holding all the information hostage unless the school pays a ransom to the hackers.

If data is backed up regularly enough, ransomware attacks have a minimal impact since the school can essentially ignore the attack and restore its systems separately. Since these attacks often take advantage of software vulnerabilities, they can also be mitigated by updating programs appropriately.

If your school has a dedicated IT department, look into Zero Trust Network Architecture. This networking philosophy breaks down network access to only allow users access to what is strictly necessary to accomplish their work tasks.

The potency of breaches is then drastically diminished since hackers and malware are limited to a minor portion of the network and can’t take over the entire system.

Unsecured IoT devices

The Internet of Things (IoT) has allowed schools to connect all their devices over the internet to run classrooms efficiently. In the education sector, these devices range from smart whiteboards to security cameras and smart speakers.

Since these devices need a WiFi connection to operate, they can act as fail points that hackers can use to gain access to the network. In order to alleviate the breach potential of these devices, it is crucial to change the devices’ default passwords to strong, complex passwords.

Another important measure is to keep them updated and ideally segmented within the network to reduce hackers’ options if the devices get compromised.

DDoS attacks

In this type of attack, hackers flood a school’s network with millions of useless queries, traditionally emails, but can also be server requests linked to the software schools use. These requests eventually crash servers and networks, rendering them unusable.

Most modern servers have software and hardware protections against DDoS, shutting down the port where the requests are being sent before the network gets overwhelmed.

Another protection comes in the form of network monitoring software to detect spikes in requests, allowing your IT department to lock down the network preemptively.

Videoconferencing breaches

With the transition to online teaching, videoconferencing software has been added to the list of essential software for the education sector. Sadly, this type of software is vulnerable to several different cyber attacks.

Zoombombing refers to unauthorized users who gain access to a school’s online classes, often to display unauthorized content to disrupt them. These attacks can also be more subtle, with these fraudulent users using their access to share malware via the chat function of the videoconference software.

Palliating these risks is possible, and the first step is to have strong, unique passwords for every videoconferencing session. Thankfully, most videoconferencing software has built-in features, making this measure simple to implement.

Training teachers and other staff about the risks and how to identify the signs of a threat is also crucial.

Personal devices

It’s well known that teachers like personalizing their classrooms to offer the best teaching environment for their students. Bringing personal devices is often a way to get the required resources quicker and without relying on school resources.

However, this can open up your network to a myriad of issues ranging from malware to data breaches and more. Unfortunately, aside from outright banning the practice, there aren’t many ways to reduce the risk of personal devices.

This trend simply isn’t worth the risk, and its dangers should be explained to teachers who favor it.

End-of-life (EOL) software and systems

Schools are often on tight budgets, which can mean extending the lives of hardware and software past their prime.

While there is nothing wrong with maximizing the value of technological assets, it’s essential to be extra vigilant near the EOL, especially if the makers of the devices or software have phased out support.

Hackers often target EOL software and devices because they are easier to breach. If you have aging devices or software, keeping them updated to their latest version and monitoring them closely is crucial.

This method should only be seen as a way to tide you over while you select a new, recent alternative solution.

The Importance of Cyber Resilience in the Education Sector

With such a varied amount of attack vectors, it’s clear that cyber attacks against K-12 schools will only keep growing.

The education sector relies greatly upon technology and has dramatically improved classrooms using it, but this new tool comes with significant responsibilities that shouldn’t be overlooked.

Schools should look inward and do what they do best: Educate. Educate their staff on cyber security. Methods like multi-factor authentication, cyber security awareness, phishing simulations and role-based permissions can go a long way in education.



Fortra’s Terranova Security is committed to helping schools worldwide improve their cyber security. Read some of our success stories here.