Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Three threats facing the education sector in 2022

By Andrew Lowe
k12-cyber-freepik1170.jpg
May 18, 2022

The COVID-19 pandemic has forced many industries to operate virtually to some degree. Almost two years later, as COVID variations pop up and spread, the workplace continues to be in flux. But most businesses have adjusted, operating with a new definition of “business as usual.” Some organizations now use a hybrid model, others have all staff back on-site, and still, others function in a combination of ways that suit their needs. 


Education, however, is a very large and complicated sector. It involves children as young as four and graduate students in their 30s, as well as teachers, administrators and a wide range of support staff. It encompasses small elementary schools and huge university campuses and schools in rural, urban, suburban, reservation, and military-base settings. So when in-classroom teaching abruptly ceased in March 2020, it was especially chaotic and disruptive. Educational institutions at all levels scrambled to figure out how to hold classes online. K through 12 schools faced serving populations with limited access to the internet and students who lacked any type of mobile device as well as affluent students with the latest devices and high-speed connections. Colleges and universities closed their campuses, sending students home. Teachers, unaccustomed to delivering lessons virtually, cobbled together materials not designed for remote-learning platforms on school networks not set up for that type of traffic. 


As with the business sector, the education sector has overcome some of these challenges and functions in the e-environment. But as new COVID variants make returning to in-classroom learning unrealistic for thousands of students at all levels, the bottom line is that students — as well as educators — continue to depend on mobile devices and laptops to access online classrooms, submit/grade assignments, research/check homework topics, and more. 


Unfortunately, both students and staff likely lack basic security awareness, and their IT departments may not have the resources to properly secure their fleet of devices. K through 12 school computer systems as well as those run by colleges and universities, may also be using out-of-date software and equipment that do not receive vendor-provided security patches or bug fixes and are no longer eligible for technical support, making the institutions vulnerable to cyberattacks.


Hackers and other bad actors thrive in this type of confusion and are quick to take advantage of a large pool of vulnerabilities. Below are three cybersecurity threats the education sector will face this year as well as suggestions for how to thwart them.


1. Student/educator-driven vulnerabilities


Most students were probably already comfortable using some sort of device for fun or educational purposes before the pandemic sent them home — surfing the internet, downloading games and videos, visiting websites, and so on. But once they began attending online classes while their parents were now working remotely, the home network they shared became a potential welcome mat to malicious actors. Though some schools provide devices to students, many use devices they share with family members. If a student clicks on a malicious link in a phishing email, for example, it could release malware that could potentially affect their now shared home network. Or it could install malware that infects their home system, locking it up, potentially accessing financial information, and worse. Some live-conferencing classroom settings are easily infiltrated, allowing malicious actors to harass attendees, sneak in pornographic images, and harvest personal information that students are sharing that they then publish online.


What schools can do: Though educational institutions cannot protect students’ home networks, they can make video conferencing safer by making sure students are using the most up-to-date remote meeting applications, requiring students to sign in using their real names, and setting up policies that prevent students from entering a classroom before the teacher and making sure the teacher is logged in until all the students log out.



2. Ransomware attacks


As #1 above describes, the education sector is ripe for cyberattacks, and malicious actors have been busy targeting it. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other agencies receive reports of ransomware as well as malware and distributed denial of service attacks against K through 12 institutions, and they release alerts warning of these dangers. Malicious actors attack school systems to slow or halt access to remote classrooms and steal and/or threaten to leak confidential student data unless the attacked school system pays a ransom. These bad actors use social engineering methods such as phishing emails or fake websites to gain passwords and credentials and exploit open or exposed remote desktop protocol services to gain access to school networks. Both methods allow them to plant ransomware or malware.


What schools can do: CISA created a tip sheet that lists best practices for K through 12 school systems to follow to prepare for or prevent likely attacks. These include staying on top of software and operating system updates, changing system passwords, monitoring privacy settings on social networking sites, and configuring firewalls to try to prevent these phishing emails from coming into the system in the first place.


3. Student debt scams


Pandemic-related cyber scams reported to the FBI quadrupled in the first few months of the pandemic. So it’s a good bet that once student borrowers are required to start paying on their student loans again (the Biden Administration paused payments in March 2020 and announced it was extending the pause through May 1, 2022), they will face an increased amount of fraud and scam attempts from fraudulent student loan forgiveness programs. Bad actors might try to exploit borrowers by posing as loan servicing companies to obtain personally identifiable information, financial details, legal power of attorney, passwords, and other credentials. They could also attempt to exhort fees for services to reduce or end student loans. 


What students can do: The U.S. Department of Education (ED) lists these three ways that students can spot these loan forgiveness scammers. These include being wary of unsolicited offers from private companies that offer to help for a fee — the ED offers real student loan forgiveness programs or ways to lower payments at no charge through the student’s original loan provider. Students should not share their Federal Student Aid (FSA) password with anyone — the ED will not ask for it — and be immediately suspicious if they are asked for it. If they do give it out, they should log in to their FSA account and change it immediately. If students think they’ve been scammed, they should immediately contact their bank to stop payments to the fraudulent company and contact their original loan servicer to alert the servicer about their situation.

KEYWORDS: cyber security K12 security malware ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Andrew Lowe is a compliance and cybersecurity professional with more than 10 years of experience in the information security field. Serving as an information security consultant for TalaTek, Lowe brings experience in risk management and compliance program development and implementation, along with research and testing of cybersecurity products. Lowe is experienced in NIST, NISP, FISMA, HIPAA, GDPR, and other regulations and standards. Lowe currently holds the following certifications: CompTIA Security+ CE, CompTIA Linux+, and LPIC-1 Linux Administrator.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • computer room in school

    5 cyber threats facing the education sector

    See More
  • education-security-4freepik1170x658.jpg

    Leveraging zero trust to reduce cyberattacks in the education sector

    See More
  • Brussels Attacks Indicative of Jihadist Threats Facing the United States

    Brussels Attacks Indicative of Jihadist Threats Facing the United States

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing