With the start of the school year fast approaching, cyber criminals are preparing to attack with malware, ransomware, phishing schemes, and denial-of-service attacks. In 2019, the number of cyber attacks on schools tripled, an increase that could continue during the latter half of 2020.

More broadly, since 2016, there have been 937 cyber incidents reported by K-12 public schools in the U.S. Cyber criminals routinely target schools to steal the personal data of students, teachers, and parents. When a single breach can result in data loss and the cancellation of classes, the stakes couldn’t be higher.

For hackers, schools are an ideal target because they are a goldmine of personal information that’s rarely protected by the same level of cyber security practices used by many private enterprises. Many institutions also manage sizable budgets that malicious entities are keen to exploit.

“Students are practically born with technology between their hands, but they don’t have the information about security” – CISO from a major University in Canada.

Cyber security and back to school preparations go together, and it’s important to understand what threats face your student and employee data and mitigate those threats with info security. Analyzing past data breaches is key to understanding the risk factors targeting schools.

K-12 Cyber Security School Breaches: Here’s What Happened in 2019

The State of K-12 Cyber security: 2019 Year in Review report records valuable information on publicly disclosed data breaches experienced by schools across the U.S. Throughout 2019, the report noted 348 security incidents, including data breaches, ransomware, denial-of-service attacks, malware, phishing attacks, and social engineering scams.

Unauthorized disclosures/breaches made up 60.06% of breaches, followed by ransomware at 17.82%, and other incidents at 12.93%. Phishing attempts were less common at 8.05%, and denial-of-service attacks were the least frequent at 1.15%.

While phishing attempts were less common, they were no less devastating, with one theft resulting in the loss of $3.7 million within one Kentucky school district. Typical phishing attempts involved attackers trying to reroute employee payroll and contractor payments to their personal accounts.

The report revealed that information is the prime target of attackers, with hackers attempting to steal information that they could later use to commit identity theft and fraud. The key take-home message was that cyber security and back to school preparations are closely linked, and teachers need to be familiar with a broad array of common attacks.

Key Lessons from Past Scholastic Data Breaches

1.   Schools are a prime target for cyber criminals

The high volume of attacks shows that schools need to protect themselves as much as private enterprises against cyber attacks. Investing in affordable anti-virus and anti-malware solutions is a must for keeping systems protected.

2.   Teachers require more security training

To combat lack of awareness of IT threats, teachers and other employees at schools need to be regularly briefed on the latest security risks to know how to respond intelligently to data breaches, ransomware, and phishing attacks.

3.   Be wary of phishing attacks

Cyber criminals target schools with phishing attempts designed to manipulate teachers into giving up personal identity and tax information. Becoming familiar with the signs of phishing attacks is critical to spotting them when they take place.

Cyber security tips for going back to school

To maximize cyber security when going back to school, teachers, and employees need access to a mixture of education and IT security solutions to stand a chance against increasingly savvy hackers. Here are some key tips for keeping your systems safe during the return to school:

1.   Keep software up to date

Regularly updating software eliminates vulnerabilities that hackers can use to launch ransomware attacks. Patching your software and devices stops anyone from being able to access your systems without your permission.

2.   Install anti-malware and anti-virus software

Anti-malware and anti-virus software will enable you to block malware and other malicious software from infecting school devices. Look for solutions with automated updates and virus scanning and anti-phishing support to tighten your defenses.

3.   Choose strong passwords

Choosing a strong password makes it much more difficult for cyber criminals to break into institutional accounts and portals. Encouraging your staff to create passwords based on non-dictionary words with a mixture of uppercase and lowercase letters, numbers, and symbols will reduce the likelihood of a successful hacking attempt. Enabling multi-factor authentication for remote access to your network is also very important.

4.   Undergo security awareness training

Cyber attacks are constantly evolving, and arranging security awareness training and phishing awareness training for staff and faculty will help them develop the skills needed to detect phishing and social engineering attempts. If you are an institution that conducts research you may want to extend training to your students.

5.   Appoint internal cyber security ambassadors

Appoint several volunteers with an interest in cyber security as ambassadors and implement a training and mentorship program to develop their knowledge of threats and best practices. Once these initial participants achieve certification, monitor their progress to look for areas to improve.

6.   Avoid clicking on email links or opening attachments

Clicking on email links or opening attachments from senders you don’t know is a security risk as opening an ill-intentioned email link or attachment can lead to installing malware. Staff and faculty should be regularly reminded how to check if the sender is legitimate before clicking on anything.


The return to school not only presents new learning opportunities for students (and teachers!) but also exposes their data to malicious entities. With the global pandemic giving hackers ample time to develop new scams and harmful software, education is the key to addressing the fast-moving threat landscape.

To protect your data, security awareness training needs to be at the forefront of your defense strategy. Proactive security awareness training will give the participants the heads-up on the methods that cyber criminals are using now and educate them on best practices they can use to protect your information and systems.

Searching for the right educational content about cyber security online can be frustrating and time-consuming. With so much information out there, it can be difficult to zero in on the information that matters most to you and your organization.

Luckily, there’s a better way. If you’re looking for definitions, examples, and tips and tricks on how to detect and avoid the latest cyber threats, make sure you check out the brand-new Cyber Security Hub, full of fun, instantly shareable content perfect for the classroom.

Sign up today!

Cybersecurity Hub

Cyber Security Hub : Access Exclusive Cyber Security Content

Sign up now to access engaging, shareable cyber security awareness content that’s available in multiple formats.