Over the years, cyberattacks on K-12 schools and districts have steadily increased, and in 2022 that trend only continued. In the first half of 2022 alone, the education sector saw an average of almost 2,000 attacks every week—a 114% increase compared to two years ago.

The tight budgets of many educational institutions forces them to struggle with outdated equipment and limited staff, making them an easy target for cybercriminals. But if their wallets allow for it, there are a few staple cybersecurity safeguards that schools and districts should always consider implementing.

In this post, we’ll look at the 5 must-haves for K-12 cybersecurity.

1. Anti-ransomware EDR

It’s no secret that public schools have been experiencing a scourge of ransomware attacks lately. In total, 89 education sector organizations were impacted by ransomware in 2022—the number of potentially affected schools doubling from 2021 to 1,981.

The most high profile of these attacks occurred during Labor Day weekend, when a ransomware gang breached the Los Angeles Unified School District and stole roughly 500 gigabytes of data.

In addition to meeting ransomware best practices as defined by CISA, schools and districts should carefully consider their options when it comes to selecting an EDR vendor. In particular, an anti-ransomware EDR should have the following features:

  • Multi-vector Endpoint Protection (EP) built-in
  • Maintains visibility and patching regularly
  • Has machine learning (ML) to recognize ‘goodware’ instead of malware
  • Uses standard reference language and forensic analysis
  • Thorough containment, eradication, and recovery options
  • Searches for ransomware indicators across all your managed endpoints

For more, check out our six point checklist for an anti-ransomware EDR.

2. Third-party risk management

Data breaches and leaks constituted about 30% of K-12 reported cyber incidents in 2021, according to the K12 Security Information Exchange (K12 SIX). What’s more, 55% of these incidents were directly due to leaks originating from district vendors!

In 2021, schools reported breaches of personal information by Independent Health, PCS Revenue, and the Student Transportation of America, just to name a few.

In other words, the majority of school data breaches aren’t the handiwork of cybercriminals, but rather due to school district vendors and other trusted non-profit and government partners. Despite this, only 51% of those in the education sector say they evaluate the security and privacy practices of third parties before engaging with them.

Schools and districts should make it a point to follow third-party risk management best practices such as:

  • Keeping a comprehensive inventory of all third parties with access to your network.
  • Ranking levels of risk within third parties, looking for red flags such as poorly written policies and procedures, failed security audits, and complaints from customers about privacy and security.
  • Monitoring all third parties with access to your organization’s sensitive and confidential information.

3. Chromebook endpoint protection

As more and more schools adopt a 1:1 device to student ratio, it’s become clear that the Chromebook is the most preferred and widely-used device in K-12 schools. In fact, there are more than 50 million Chromebooks used in schools worldwide.

Chromebooks are so popular in schools for two big reasons: they’re cheap and have great in-built security. Three examples of security of Chromebook are:

  • Executables are blocked (lesser chance of malware infection)
  • Sandboxing is enabled by default (restricts movement of threats)
  • Verified boot (so if an attack does prevail, the OS reverts to a previous, untampered version.)

But, while safer than devices running Windows or iOS when it comes to viruses and malware, Chromebooks remain vulnerable to other threats including fake browser extensions, phishing, and dangerous or insecure websites.

A Chromebook endpoint protection solution can give school IT teams much-needed visibility into Chromebook activity, enabling them to prevent accidental access to harmful websites, block ads and malicious extensions, and protect user privacy.

Related infographic: Managing cybersecurity risk and optimizing uptime in K-12 schools.

4. Effective threat hunting

Consider the fact that, when a threat actor breaches a target network, they don’t attack right away. The median number of days between system compromise and detection is 21 days.

By that time, it’s often too late. Data has been harvested or ransomware has been deployed. In fact, 23% of intrusions lead to ransomware, 29% to data theft, and 30% to exploit activity—when adversaries use vulnerabilities to initiate further intrusions.

In other words, the earlier you can weed out a threat, the better. That’s why early threat detection, accomplished through threat hunting, is an absolute must-have for any school district.

Threat hunting arrived on the scene as an important security practice with the increased prevalence of unidentifiable or highly-obfuscated threats—those that quietly lurk in the network, siphoning off confidential data and searching for credentials to access the “keys to the kingdom.”

The bad news for K-12: Manually intensive and costly threat-hunting tools usually restrict this practice to larger organizations with an advanced cybersecurity model and a well-staffed security operations center (SOC). To that end, outsourcing threat hunting to seasoned professionals is a compelling option for K-12 schools.

Read the blog for more: Is an outsourced SOC worth it? Looking at the ROI of MDR

5. Automated, complete endpoint remediation

One of the biggest challenges schools and districts face is having the manpower to achieve cyber resilience—the ability to prevent, withstand and recover from cybersecurity incidents.

Without adequate staff or resources, the simple act of accessing an endpoint to perform remediation can be a manual, slow, and tedious effort. And inevitably, the longer the response time, the greater the risk schools and districts face and the greater the opportunity for the threat to do costly damage.

The key to adopting a cyber resilient approach to K-12 cybersecurity? Automation.

Automated tasks take place in less time with greater accuracy and reduce malware dwell time. In fact, 71 percent of security professionals state that automation reduces response time for detection, response, and remediation.

Some examples of important tasks that an incident response product does automatically include updating your firewall to block malicious IPs as they are detected, immediately disabling networking on an infected system, and so on. 

Read the brief: Why it’s time to start automating endpoint remediation

Next-generation threat prevention and remediation for K-12 schools

As schools and districts continue to get hammered by cyberattacks, following a few K-12 cybersecurity best practices has never been more important.

Malwarebytes has ample experience providing local governments and public schools with effective, intuitive, and inclusive cyberprotection. Read the case studies below to learn more:

Check out our government case studies and education pages for more information.

More resources

How to Create a Successful Cybersecurity Plan

Ransomware Emergency Kit

Cyber threat hunting for SMBs: How MDR can help

Local government cybersecurity: 5 best practices