Almost three years ago, amid the height of the coronavirus pandemic when most school districts across the nation transitioned to distance learning, the Newhall School District put virtual classes on hold following a ransomware attack.
Most recently in September, the Los Angeles Unified School District, one of the largest school districts in the nation, was also targeted by a ransomware attack, which ultimately led to thousands of files with sensitive information being released on the web.
“I would say that we really started to see cyber-attacks in K-12 around 2017-2018,” said Jon Carrino, director of technology services of the William S. Hart Union High School District. “It started happening to people, and other districts that we knew.”
According to Norton.com, a leading antivirus maker, a ransomware attack is software that locks and encrypts a victim’s computer or device, then demands a ransom to restore access. In the case of the LAUSD’s ransomware attack, Vice Society, an organization targeting educational institutions, claimed responsibility for the attack.
As technology continues to advance, criminals are getting creative in their ways to extort money out of school districts. Cyberattacks can vary, Carrino said, because every district has a different setup.
“Over the years, as the conversation evolved, it’s really gone from something like, ‘That couldn’t happen to me,’ to where people realize it’s just a matter of time before it happens,” Carrino said.
Public schools collect a variety of data, including Social Security numbers, health records, financial data of families and more, for a multitude of reasons, whether to enroll a new student in their district or perhaps provide a student with transportation or reduce lunch.
At the time when the Newhall district was targeted in fall of 2020, former Superintendent Jeff Pelzel led his staff to work with law enforcement agencies, such as the Los Angeles County Sheriff’s Department, to overcome the cyberattack.
According to Superintendent Leticia Hernandez of the Newhall School District, the Newhall district has a multi-layer approach to cybersecurity, which includes but is not limited to security awareness training for staff, firewalls, anti-virus solutions and contracting with a third party to help monitor “all these threats.”
“We have all those things in place,” Hernandez said. “And of course, we are continuously looking and updating to see if there’s anything else out there that we need to have in our systems.”
Saugus Union School District officials said at their district they have a multi-layer state-of-the-art cybersecurity system. Cybersecurity is the “No. 1” concern for its IT department.
According to Saugus district officials, when the Newhall cyber-attack occurred, they reached out to Newhall to offer any assistance that they would need and helped them as they requested.
As a result, the IT teams from both districts speak regularly to ensure they are all aware of any issues that currently impact K-12 school systems.
According to Carrino, some of these practices Hernandez listed are observed by school districts across the nation. Hart district officials also created off-site backups to ensure access to data and continue operation if it were to face a cyberattack.
In November, CITE, California IT in Education, hosted its annual conference in Long Beach. There were presentations from county offices of education, from other districts, and various workshops on the topic of cybersecurity, he added.
“The biggest partner that we’ve worked with is through the Department of Homeland Security,” Carrino said. “They’ve really made strides in the last few years to get information and resources out to districts, and connections with districts across the nation.”
Carrino noted that conversations around cybersecurity are happening more frequently. The significance of sharing experiences and information allows school districts to better prepare for cyberattacks — much like when municipalities or state agencies advocate for earthquake preparedness in California.
“There’s really no way to really know the type of attack that’s going to happen whether it’s a ransomware or not, compromised accounts or somebody who’s trying to steal your data and sell it,” Carrino said. “You can try and prepare for all that, but you really don’t know until it happens.”
A problem school districts face is funding, according to district officials. The cyberattack that targeted LAUSD brought the issue to the forefront of people’s minds, but in reality, it happens all over the nation, every day.
Cybersecurity needs more attention, more advocacy, but unfortunately the issue doesn’t get the attention where lawmakers want to prioritize funding either from the state or federal level, according to Carrino.
“It’s hard to take funds away from classrooms and students to focus on this risk, even though we really need to,” Carrino said.
Carrino emphasized that IT teams have been doing a lot for many years to respond to these cyber threats. The key is to be more prepared and better prepared, and that everybody needs to be aware from the students and parents to teachers and district staff at all levels, he added.
His advice on basic things like passwords or preventing cyber threats is to be cautious, don’t share passwords and establish a multi-verification process for your accounts.
“We’re at the point where we’ve done a lot of things on the back end to try and stop those kinds of attacks,” Carrino said. “But now we really need everybody’s help to be more cautious when they’re doing just their daily stuff.”
