With the back-to-school season in full swing, security experts warn that the education sector is seeing a huge spike in cyberattacks. 

According to the K-12 Security Information Exchange, the number of publicly disclosed computer attacks on schools in the U.S. has exploded since 2016 to a record 408 in 2020. In reality, these figures could be much higher, as many cyberattacks go unreported. 

The sudden switch to remote learning at the beginning of the COVID-19 pandemic left many schools vulnerable to attacks, and the risk is not going away. In fact, this year, cybersecurity experts expect an even bigger increase in attacks. Even though most of the students are going back for in-person learning, with the Delta variant on the rise, schools keep remote learning as an option in case things get worse. 

How Can Students Be More Secure?

A lot of responsibility lies on the school itself. 

“Schools should make sure they are using secure systems that are always up to date,” said Chad Hammond, security expert at NordPass. IT administrators should also back up critical systems, which would help to build resilience against threats, like ransomware. Also, proper management of sensitive data should be ensured — stored and protected accordingly, as well as deleted when needed.” 

However, there are some things that both students and teachers can do.

  1. Strong passwords. “Password hygiene is the No. 1 thing users can do to increase their security,” Hammond said.
    Passwords should be lengthy, random, and unique.
    “Password reuse is almost as bad as creating weak passwords. If one of your accounts is compromised, all of your other accounts secured with the same breached password become jeopardized too,” he added.
  1. Password-protected meetings. One of the biggest types of security incidents last year were remote class invasions, also known as Zoombombing. This is where an attacker would join and intercept a remote meeting. It’s recommended that online classes can only be attended by authorized teachers and students. One of the ways to do this is to password-protect every meeting.
  1. Be mindful. Phishing is another incredibly popular type of cyberattack. Sadly, phishing emails are becoming very sophisticated, and, thanks to social engineering, very personal. 

“These days, we share so much information on social media — it wouldn’t be very hard to draft a personal email just from the public information available on your Facebook profile,” Hammond said. “A good piece of advice, however, is to always be mindful of emails. Even if it looks very personal but you have the slightest doubt, ask the sender if they really sent you that email. A good hint is if an email comes from a person who never emails and prefers a messaging app or a phone call. Ask yourself — why was it an email this time?”