The hacker stole my homework. While previous generations of educators would have stared blankly at students who offered up such an excuse as to why their book report wasn’t submitted by the deadline, today’s teachers, the bulk of whom were forced to move their classrooms to a virtual setting and employ online learning and video conferencing tools to stay connected and engaged with their students over the course of the pandemic, the statement is anything but farfetched. 


The recent ransomware attack on Illinois’ Lincoln College is case in point of the growing risk of cyberattacks facing today’s schools. Already reeling financially and on the brink of collapse, with a shrinking endowment and a precipitous drop in enrollment as the pandemic drove students away from campus, the ransomware attack was the straw that broke the camel’s back. Admissions and access to key campus data and documents were frozen. Computer systems required for recruitment and fundraising were inaccessible. Unable to recover from the fatal blow that seemingly came out of the blue, the college recently closed its doors, ending 157 years of operations.


In a banner year for cybercriminals, Lincoln was one of more than 1,000 schools and campuses to be victimized by ransomware attacks in the last year,  making it the biggest year on record thus far, with ransomware gangs seemingly comparing notes of each other’s lucrative successes and coalescing around a sector that has until in recent times flown under the radar.


From geography to geometry, what is it about schools that all of a sudden has threat actors circling like sharks, and how can educators and administrators guard against becoming the next Lincoln College?


Degrees for sale on the Dark Web

Like model students, hackers have been hitting the books just like their victims, probing for vulnerabilities across industries, researching the ones that are most likely to pay a ransom and where the Holy Grail is when it comes to valuable data. For multiple-choice fans out there, mark down ‘all of the above’ for the education sector.


The ransomed data’s perceived value is one of the deciding factors that will determine whether a ransomware group will target a particular entity, and while on face value, the fact that little Jimmy bombed his first big Econ exam doesn’t seem to matter, dig a little deeper, and you realize the data that today’s schools are collecting and storing is more valuable than you might think. Whether it be details on individual students, test scores, financial records or entrance criteria, each could be extremely damaging in its own right if it was to be published, and it doesn’t take a Ph.D. to figure out what the possible downstream effects could be. Malicious actors could change or delete an entire semester’s worth of grades, manufacture phony degrees or sell them on the dark web to the highest bidder. The internet is littered with horror stories of unseemly individuals revealed to have fake medical degrees and even more snake oil salesmen who will sell them to you. Why waste four years of your life and six figures going to medical school when your friendly neighborhood threat actor will ‘ship’ a credential for just a couple of bucks so you can set up shop and start putting patients under the knife today? 

Borrowing a page from the finance industry

Above and beyond the sheer value of the data that universities and colleges hold that makes them such a prime target is their woeful underinvestment in cybersecurity safeguards as compared with other industries. This situation has not gone unnoticed by today’s threat actors, many of whom cut their teeth in the heavily regulated finance industry where job number one is guarding the proverbial vault. While banks have been forced by shareholders and regulators alike to take a Mission Impossible-like approach to digital defense, investing in the cybersecurity equivalent of motion-detecting lasers, tripwires and the like, the vast majority of schools have quite simply not, making them an easy mark. 

With the value of the data high and the walls paper-thin, hackers have all the incentive they need to mount an attack. The icing on the cake is that, more often than not, schools are willing to pay the ransom. The education sector has become big business, and a school’s most valuable asset is now its reputation, with unscrupulous parents willing to beg, borrow and steal to get their children into the ‘right’ institution (see the Varsity Blues admissions scandal). Savvy threat actors are wise to this too, recognizing that the exposure of a treasure trove of data is all that it takes for a school to tumble down the hypercompetitive rankings list of America’s Top Colleges; a reputational black eye not easily overcome and one that schools will begrudgingly tap their healthy endowment funds to avoid. 

Four cybersecurity best practices to guard against ransomware 

While it’s tempting to look the other way and simply hope you’re not targeted, ‘hope’ is not a strategy you can count on. With new threats emerging every day, classrooms are at risk, and educators must get up to speed on security best practices in order to avoid falling victim to malicious hackers. Below are three security tips teachers and educational institutions should all follow to ensure both remote and in-person learning remains secure.

1. Implement a Security Awareness Training: Have teachers and professors brush up on basic security skills by offering training where they can learn the fundamentals of cybersecurity. This shouldn’t be a one-time offer but a continuous training session on relevant security tips as the technology landscape changes. Security protocols should be reviewed frequently, so teachers understand the necessary steps to secure remote learning and mobile computing. Some best practices include avoiding clicking on untrusted links or attachments, using public Wi-Fi networks, or co-mingling work and personal data on corporate endpoints or cloud services. Schools should also train teachers on how to recognize and avoid phishing scam emails, including regularly having them participate in mock exercises, seeing who ‘bites,’ being transparent about the results and pointing out any cues that might have been missed. 

2. Add Another Layer of Protection to Video Meetings: Video conferencing remains the most popular method for those that continue to use remote learning, and it is imperative for teachers to keep their online meetings secure. As a rule of thumb, never use the same video meeting ID more than once, as this will make it easy for hackers to get inside networks and remain undetected. Be sure each session has a unique password as another layer of protection to ensure no unwanted guests are able to make an appearance in meetings. In the same vein, it’s also worth making sure that attendees can’t share their screens without your permission, again thwarting any unwanted guests from making an impromptu appearance. When deciding between passwords, choose wisely and avoid certain passwords that may have been uncovered in past breaches. For those that would rather not rely on free public tools, there are also many Learning Management Systems (LMS) that are worth considering. 

3. Never Leave Devices Unattended or Outdated: Home networks are not as secure as classroom environments, and for those facilitating online learning, teachers should ensure their work-from-home devices are fully updated with the latest versions of firmware operating systems and software and have academia-approved endpoint protection and other security software installed. Additionally, just like how we would approach keeping our devices protected in a public space, one should never leave their device unattended and always enable a screen lock that requires a pin or passcode to get back in. When not in use, make sure to disable Wi-Fi and Bluetooth options, as these can be access points for hackers. 


4. Call in the Experts: The good news is that schools don’t have to do it all themselves. Automated cybersecurity solutions that leverage the predictive advantage of artificial intelligence (AI) can support institutions of all sizes in overcoming the challenge of insufficient resources without blowing the budget. To help keep costs down, schools can also engage a managed security service provider (MSSP) to deploy endpoint protection solutions or subscribe to a 24/7 externally monitored service called XDR (extended detection and response). By securing endpoint and network security systems through a managed XDR service, schools can have access to enterprise-grade solutions and round-the-clock cyber experts at a fraction of the cost.

Like a student who studies night after night before the final exam, if educators put in the groundwork now and take the necessary steps to properly secure their data, the future will remain bright and full of possibilities for the nation’s academia community and with any luck, ‘the dog ate my homework’ excuse will resume its rightful and hallowed place in schools across the country.