Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity NewsEducation: K-12Education:University

The hacker stole my homework — the education industry faces its greatest test

By Christine Gadsby
education-security-4freepik1170x658.jpg

Image by vectorjuice via Freepik

June 20, 2022

The hacker stole my homework. While previous generations of educators would have stared blankly at students who offered up such an excuse as to why their book report wasn’t submitted by the deadline, today’s teachers, the bulk of whom were forced to move their classrooms to a virtual setting and employ online learning and video conferencing tools to stay connected and engaged with their students over the course of the pandemic, the statement is anything but farfetched. 

 

The recent ransomware attack on Illinois’ Lincoln College is case in point of the growing risk of cyberattacks facing today’s schools. Already reeling financially and on the brink of collapse, with a shrinking endowment and a precipitous drop in enrollment as the pandemic drove students away from campus, the ransomware attack was the straw that broke the camel’s back. Admissions and access to key campus data and documents were frozen. Computer systems required for recruitment and fundraising were inaccessible. Unable to recover from the fatal blow that seemingly came out of the blue, the college recently closed its doors, ending 157 years of operations.

 

In a banner year for cybercriminals, Lincoln was one of more than 1,000 schools and campuses to be victimized by ransomware attacks in the last year,  making it the biggest year on record thus far, with ransomware gangs seemingly comparing notes of each other’s lucrative successes and coalescing around a sector that has until in recent times flown under the radar.

 

From geography to geometry, what is it about schools that all of a sudden has threat actors circling like sharks, and how can educators and administrators guard against becoming the next Lincoln College?

 

Degrees for sale on the Dark Web

Like model students, hackers have been hitting the books just like their victims, probing for vulnerabilities across industries, researching the ones that are most likely to pay a ransom and where the Holy Grail is when it comes to valuable data. For multiple-choice fans out there, mark down ‘all of the above’ for the education sector.

 

The ransomed data’s perceived value is one of the deciding factors that will determine whether a ransomware group will target a particular entity, and while on face value, the fact that little Jimmy bombed his first big Econ exam doesn’t seem to matter, dig a little deeper, and you realize the data that today’s schools are collecting and storing is more valuable than you might think. Whether it be details on individual students, test scores, financial records or entrance criteria, each could be extremely damaging in its own right if it was to be published, and it doesn’t take a Ph.D. to figure out what the possible downstream effects could be. Malicious actors could change or delete an entire semester’s worth of grades, manufacture phony degrees or sell them on the dark web to the highest bidder. The internet is littered with horror stories of unseemly individuals revealed to have fake medical degrees and even more snake oil salesmen who will sell them to you. Why waste four years of your life and six figures going to medical school when your friendly neighborhood threat actor will ‘ship’ a credential for just a couple of bucks so you can set up shop and start putting patients under the knife today? 


Borrowing a page from the finance industry

Above and beyond the sheer value of the data that universities and colleges hold that makes them such a prime target is their woeful underinvestment in cybersecurity safeguards as compared with other industries. This situation has not gone unnoticed by today’s threat actors, many of whom cut their teeth in the heavily regulated finance industry where job number one is guarding the proverbial vault. While banks have been forced by shareholders and regulators alike to take a Mission Impossible-like approach to digital defense, investing in the cybersecurity equivalent of motion-detecting lasers, tripwires and the like, the vast majority of schools have quite simply not, making them an easy mark. 


With the value of the data high and the walls paper-thin, hackers have all the incentive they need to mount an attack. The icing on the cake is that, more often than not, schools are willing to pay the ransom. The education sector has become big business, and a school’s most valuable asset is now its reputation, with unscrupulous parents willing to beg, borrow and steal to get their children into the ‘right’ institution (see the Varsity Blues admissions scandal). Savvy threat actors are wise to this too, recognizing that the exposure of a treasure trove of data is all that it takes for a school to tumble down the hypercompetitive rankings list of America’s Top Colleges; a reputational black eye not easily overcome and one that schools will begrudgingly tap their healthy endowment funds to avoid. 


Four cybersecurity best practices to guard against ransomware 

While it’s tempting to look the other way and simply hope you’re not targeted, ‘hope’ is not a strategy you can count on. With new threats emerging every day, classrooms are at risk, and educators must get up to speed on security best practices in order to avoid falling victim to malicious hackers. Below are three security tips teachers and educational institutions should all follow to ensure both remote and in-person learning remains secure.


1. Implement a Security Awareness Training: Have teachers and professors brush up on basic security skills by offering training where they can learn the fundamentals of cybersecurity. This shouldn’t be a one-time offer but a continuous training session on relevant security tips as the technology landscape changes. Security protocols should be reviewed frequently, so teachers understand the necessary steps to secure remote learning and mobile computing. Some best practices include avoiding clicking on untrusted links or attachments, using public Wi-Fi networks, or co-mingling work and personal data on corporate endpoints or cloud services. Schools should also train teachers on how to recognize and avoid phishing scam emails, including regularly having them participate in mock exercises, seeing who ‘bites,’ being transparent about the results and pointing out any cues that might have been missed. 


2. Add Another Layer of Protection to Video Meetings: Video conferencing remains the most popular method for those that continue to use remote learning, and it is imperative for teachers to keep their online meetings secure. As a rule of thumb, never use the same video meeting ID more than once, as this will make it easy for hackers to get inside networks and remain undetected. Be sure each session has a unique password as another layer of protection to ensure no unwanted guests are able to make an appearance in meetings. In the same vein, it’s also worth making sure that attendees can’t share their screens without your permission, again thwarting any unwanted guests from making an impromptu appearance. When deciding between passwords, choose wisely and avoid certain passwords that may have been uncovered in past breaches. For those that would rather not rely on free public tools, there are also many Learning Management Systems (LMS) that are worth considering. 

3. Never Leave Devices Unattended or Outdated: Home networks are not as secure as classroom environments, and for those facilitating online learning, teachers should ensure their work-from-home devices are fully updated with the latest versions of firmware operating systems and software and have academia-approved endpoint protection and other security software installed. Additionally, just like how we would approach keeping our devices protected in a public space, one should never leave their device unattended and always enable a screen lock that requires a pin or passcode to get back in. When not in use, make sure to disable Wi-Fi and Bluetooth options, as these can be access points for hackers. 

 

4. Call in the Experts: The good news is that schools don’t have to do it all themselves. Automated cybersecurity solutions that leverage the predictive advantage of artificial intelligence (AI) can support institutions of all sizes in overcoming the challenge of insufficient resources without blowing the budget. To help keep costs down, schools can also engage a managed security service provider (MSSP) to deploy endpoint protection solutions or subscribe to a 24/7 externally monitored service called XDR (extended detection and response). By securing endpoint and network security systems through a managed XDR service, schools can have access to enterprise-grade solutions and round-the-clock cyber experts at a fraction of the cost.

Like a student who studies night after night before the final exam, if educators put in the groundwork now and take the necessary steps to properly secure their data, the future will remain bright and full of possibilities for the nation’s academia community and with any luck, ‘the dog ate my homework’ excuse will resume its rightful and hallowed place in schools across the country.  

KEYWORDS: cyber security disaster response ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Christine Gadsby is Vice President of Product Security at BlackBerry.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Gaps in Cybersecurity Programs

    The perfect storm: How hardware security is getting weaker as the industry changes its cybersecurity models

    See More
  • A Maturing Industry Faces the Need for Standards

    See More
  • eye-scan1-900px.jpg

    Why the AI Industry Faces a Diversity 'Crisis'

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • 150 things.jpg

    The Handbook for School Safety and Security

  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing