The concept of cybercriminals attacking an organization brings to mind images of hackers seeking to access corporate credit card information, corporate secrets, intellectual property, or government secrets. It’s easy to think of the targets of such attacks being big companies like Apple or AOL, or government agencies like the U.S. Department of Defense.
You probably don’t think of the high school down the street as a potential target for hackers. But the truth is, there are a number of reasons why schools make appealing targets. Take a look at some of the reasons why hackers target schools and find out how web filtering can help.
Schools Handle Sensitive Data
A child’s sensitive data is potentially just as valuable as an adult’s sensitive data.
While at first glance a school may not seem like a rich target for hackers, the fact is that schools tend to handle a large and varied selection of sensitive – and potentially valuable – data. After all, schools have the personal information, including social security numbers and health information, of all the students that pass through the school doors. They collect sensitive data on student’s parents as well, not to mention employees. This makes school databases a treasure trove for certain types of cybercriminals, such as identity thieves.
Children’s identifying information may be particularly valuable, given that a child’s identity is not already linked to a credit history, driving record, or criminal history. The theft of a child’s identity can go unnoticed for years – often until the child reaches adulthood and wants to establish their own credit history. This alone makes schools prime targets.
Schools Can’t Afford Much Downtime
One of the ways that cybercriminals make money from their attacks is with ransomware. Ransomware essentially blocks access to a computer or network until the target pays the attacker to release the block. While ransomware can be used against all types of organizations (and individuals) cybercriminals may see schools as a particularly good target because schools can’t afford to be blocked from normal operations for long.
During the school year, at least, students have to attend school every day. Many day-to-day functions of school life are impossible without full access to the school’s network. Even things as simple as recording attendance or distributing school lunches require network access. Hackers may reason that schools may be more likely to pay the ransom, just so they can resume normal operations.
Schools Are a Gateway to Other Organizations
Students, school employees and even contractors who use school networks can be targeted by cybercriminals.
School IT systems don’t operate in a vacuum, of course. They deal with vendors and other government organizations on a daily basis. Criminals may see a school network as a weaker link through which they can access other valuable but more secure databases.
For example, a DDOS attack on a school district on Miami-Dade County in Florida was found to be the work of a group that was trying to access other government systems, including voting systems. The hackers responsible were unsuccessful in their attempt in that case, but the perception of schools as gateways to other, more valuable targets may lead other hackers to attempt the same thing with more successful results.
Quite often, school employees don’t receive the stringent level of IT training that might be required for employees of government agencies or large private corporations. And school networks and IT devices are also used by students, who may have even less awareness of cybersecurity practices. It may be easy for hackers to compromise a school’s network just by getting a student or employee to click on a toxic link.
Web filtering allows schools to limit internet access by those who use the school network. Filtering can be applied to specific URLs, to various categories of websites, and to designated keywords. It works best when all three of these types of filters are used together. Web filtering is a valuable tool, because it can help block student and employee access to pages containing potentially dangerous links.