50 percent of schools did not prepare for secure distance learning, Labs report reveals

50 percent of schools did not prepare for secure distance learning, Labs report reveals

Education in the United States faced a crisis this year. The looming threat of the coronavirus—which spreads easily in highly-populated, enclosed rooms—forced schools across the country to develop new strategies for education.

The dramatic stress of this transition is known. Teachers are working more hours than ever and parents are pulled between their jobs and 24/7 childcare. But perhaps for the first time, Malwarebytes has revealed how this transition has stressed the cybersecurity posture of schools and school districts.

Our full report, “Lessons in cybersecurity: How education coped in the shift to distance learning,” shows how schools across the United States are suffering, sometimes through inaction of their own.

Nearly half of all schools did not change anything about their cybersecurity preparations in transitioning to distance learning. The end result is that schools have faced a number of cybersecurity and IT issues that are dramatically increasing IT workload and putting undue strain on teachers’ lives. Some schools have even suffered cyberattacks that have delayed their distance learning plans for a day. More individuals learned that a colleague suffered a malware attack on a school-owned device.

Our report also reveals that cyberattacks do not just threaten the safety of teachers, students, and administrators, though—they also dramatically impact students’ perceptions of schools. Malwarebytes found that many students themselves said a cyberattack would significantly impact their decision to either apply to a school or transfer to that school. Cyberattacks also significantly impacted these students’ trust in their own schools.

Crucially, our report shows that the more cybersecurity best practices that a school put into place, the fewer cybersecurity and IT issues they suffered.

For all of these findings, we went straight to the source.

We conducted two, parallel surveys, the first of which targeted IT decision-makers at schools across the United States. The second survey targeted students enrolled in K–12; students working on obtaining a bachelor’s degree, associate’s degree, or attending trade school; and students enrolled in any post-graduate program.

Key takeaways

  • 50.7 percent of IT decision-makers said that no one—not students, teachers, staff, or guests (including parents)—were required to enroll in cybersecurity training before the new school year began
  • 46.7 percent of IT decision-makers said their schools developed “no additional requirements”—no distanced learning policy read-throughs, no cybersecurity training, no antivirus tool installations—for the students, faculty, or staff who connected to the school’s network
  • 46.2 percentof students said their schools suffered a cyberattack
  • 61 percent of students said a cyberattack resulted in a significant or strong impact on their trust in their school
  • Schools that engaged in a variety of cybersecurity best practices before transitioning to a distance learning model reported zero school-wide cyberattacks, and zero instruction days lost because of a cyberattack
    • 63.6 percent of these schools said they suffered “sustained, excess IT workload” compared to the 72.0 percent of all respondents
    • 18.2 percent of these schools said “teachers or students have suffered a Zoom-bombing attack” compared to the 29.3 percent of all respondents
  • With distance learning in full swing, concerns remain with device shortages:
    • 28 percent of IT respondents said their schools are missing laptops, computers or tablets for teachers
    • 40 percent are missing those tools for parents and students
    • 38.7 percent worry that teachers or students are too quickly using up the data on school-provided WiFi hotspots

Study hard

Though we’re halfway through the school year, it is never too late to improve a school’s cybersecurity. In fact, there are several best practices that a school can implement to protect itself from a cybersecurity incident. Not only that, but some of those same practices can help a school’s faculty focus on what matters most—educating students.

Cybersecurity, it turns out, is a lot like school. You’ve got to do your homework. 

To learn more about the increasing risks uncovered in today’s distance learning environment, and about tips and advice that all schools can act on during 2021, read our full report:

Lessons in cybersecurity: How education coped in the shift to distance learning