On the Frontlines: How Teachers Can Help Defend Against Ransomware

Originally published in TEACH Magazine, March/April 2021 Issue

By Adam Stone

Mobile County School District in Alabama. Houston County Board of Education in Georgia. Guthrie Public Schools in Oklahoma. What do they all have in common?

They are among the latest K–12 organizations to be hit by ransomware attacks, according to the most recent Armor Threat Intelligence Briefing. The report found that over 500 K–12 schools in the U.S. have potentially been impacted by ransomware attacks since January 2019.

The pace of such attacks has increased during the COVID-19 pandemic, as the rapid shift to remote learning has opened up new vulnerabilities. The FBI and the U.S. Cybersecurity Infrastructure and Security Agency have warned K–12 schools to be on guard.

In August and September of last year, 57 percent of ransomware incidents involved K–12 schools, compared to 28 percent of all reported ransomware incidents from January through July, the agencies note. “Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the agencies warn.

In a ransomware attack, malicious software is inserted into a system, encrypting all data and rendering the system effectively inaccessible. Attackers then demand a ransom for the key to decrypt the data.

The IT shop typically is responsible for defending against such attacks. But with K–12 schools increasingly being targeted, there are steps classroom teachers can take to safeguard systems and help their schools to avoid falling prey to such incursions.

The Threat Landscape

Ransomware often finds its way onto the system when a user clicks on a malicious link in an email, a move that triggers a download and runs a malicious file or program.

“Students and teachers are a particular target during the pandemic,” says Jim Siegl, senior technologist for the Future of Privacy Forum’s youth and education project. “There have been examples of attacks disguised as homework assignments… or where the attacker is pretending to be a parent, claiming their child had a problem uploading an assignment.”

The push to remote learning has elevated the risk. “User behavior that is acceptable on a home device, such as browsing social media sites or connecting over insecure WiFi, could—if done on a school-provided device—open up an entire school district’s network for hackers to exploit,” says Rodney Joffe, senior vice president and fellow at security solutions provider Neustar.

At the same time, bad actors may be highly motivated to try to access school systems, says Lynette Owens, founder and global director of Trend Micro’s Internet Safety for Kids and Families program.

“They know school systems often do not have the greatest amount of resources or strongest security infrastructure in place, versus a bank, hospital or government entity for example,” she says. At the same time, “the data they have is critical: you have a lot of data on minors and school employees.” In the face of this complex and growing threat, classroom teachers might serve as the first line of defense.

The Teacher’s Role

Ransomware starts with end-user behaviours. This puts teachers in a unique position to help mitigate the threat, says Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project (S.T.O.P.).

“The way ransomware gets installed is not through some sophisticated high-tech exploit. It’s because of weak passwords or email phishing attempts where people click on a bad link,” he says.

“Teachers can make cybersecurity training a part of modern civics education. Just as students need to be educated on what is a reliable news source, they need to be able to navigate the cybersecurity threats of daily life,” he says. “That includes using phishing tests and other tests that are designed to educate students about their own susceptibility to these attacks.”

Owens likewise encourages teachers to take a proactive role in informing students about online risks. “Teachers can help educate their students to distinguish between credible, safe resources online versus those that are not,” she says. “Encouraging digital and media literacy skills across classrooms and in all grades is an important step toward ensuring all members of a school’s community can benefit and not be harmed by their use of the internet.”

Specific to ransomware, Owens says that in the era of remote learning, teachers need to set out clear expectations so that kids at home will be better able to distinguish between a legitimate school communication and a phishing attempt.

Teachers should tell students exactly when and how they intend to communicate with them through online means. “For example, let students know that they will receive an email every week regarding upcoming homework or quizzes,” Owens says. “Students would then know to be on the lookout for this and might more readily flag an email that they may not have been expecting from the teachers.”

If a teacher’s email has been hacked and the students receive an unexpected email purporting to be from that teacher, “this can train students to speak up if something seems off,” she says. Teachers also can help to mitigate the ransomware risk by being thoughtful about any third-party applications, software, or other tools that they introduce into their classroom tool kit. Such products can potentially serve as a launchpad for a ransomware payload.

One easy safeguard when using third-party tools: “Read the terms of service when signing up for a new program, and take time to fully understand the information they’re sharing before signing in to websites or applications with a Gmail or Microsoft account,” says Matt Dascoli, education strategist at Dell Technologies.

“Right now, many teachers are looking to access additional online content or applications to help with remote learning, but they should be wary about where they are getting content and the information they are giving in exchange,” he says.

As a further safeguard, teachers should avoid technology that hasn’t been vetted and approved by the IT department, says Surita Bains, director of product management focusing on education at Absolute Software.

“Teachers should avoid introducing ‘shadow IT’ into their classroom and school environment,” Bains says. “It is important that software and online tools are evaluated for their security posture. By engaging the school or district IT team when looking to use new tools, teachers can ensure the technology they and their students are using isn’t introducing risk to the classroom.”

In fact, experts say a cooperative relationship with IT leadership at the school or district level may be key to empowering teachers who are looking to safeguard their classrooms against ransomware attacks.

Advocating With It

Take for example the issue of data and systems backups. A timely effort to back up systems is key to ransomware defense. Should attackers encrypt the system, administrators can simply revert to a recent backup and effectively short-circuit the attack.

On a personal level, “teachers should maintain good backups of their lesson plans and other critical educational data in the event something happens to their computing device,” says Robert Capps, VP of marketplace innovation at NuData Security.

Teachers should not be made responsible for large-scale systems backups or the backing up of day-to-day classroom data—that responsibility falls to the IT team—but teachers can play a key role in advocating for such measures. “They should be speaking to their school officials to make sure those officials are doing everything they can to create an effective backup strategy,” Cahn says.

While this advocacy work goes above and beyond the teacher’s ordinary classroom responsibility, experts say it makes sense that teachers would take on the role. As the front-line defenders, “teachers must advocate to not only school but district leadership on the importance of investing in proper IT security resources and technologies,” Bains says.

By insisting on school- and district-level safeguards, teachers can free themselves to focus more fully on their educational efforts. With IT handling systems integrity, teachers “regain the ability to dedicate themselves to educating students,” Bains says.

Best Practices

Even as they push for high-level controls, teachers can implement best practices at the classroom level to help keep the threat of ransomware at bay.

This starts by observing their own online interactions. “Ransomware tends to come through email, so teachers can carefully examine every email that comes through their inbox, looking for red flags like misspelled words, suspicious senders/email addresses, inconsistencies in the email content, and call to actions for clicking on links,” Owens says. They can likewise teach their students to follow these same guidelines.

Overall, the rise in ransomware gives teachers new incentive to double down on their efforts to elevate student awareness around digital literacy. Kids who know how to spot a malicious link, who are thoughtful about their passwords and diligent about their downloads, are less likely to introduce malicious elements into the system.

Teachers need not shoulder this burden alone. In addition to engaging with IT staff, teachers can turn to parents as partners in security. With more kids working on devices at home—devices that may connect back to school networks—educators and parents should be collaborating to ensure classroom best practices remain in force in remote learning scenarios.

“Ultimately, teachers and parents must maintain an active awareness of how students are using remote learning tools and platforms in order to keep them—and school systems—safe,” Joffe says.

Adam Stone is a seasoned journalist with 20+ years’ experience. He covers education, technology, government and the military, along with diverse other topics.