Schools face pressure from external, internal cyberattacks

School computers have been targeted by insiders and outsiders

School IT administrators have to contend with a new wave of security vulnerabilities. Incidents such as a California scandal involving student use of keylogging software have exposed some of the weaknesses in educational IT systems. It’s not just students who pose a risk to the network, either – recently, a U.K. teacher accidentally uploaded adult materials to a school server from a flash drive.

Left unchecked, these types of events are likely to become more frequent, given the increasing reliance of educational institutions on computer systems, fast networks and mobile devices. Initiatives such as standardized testing are upping the ante even more, making it critical for administrators to look into system restore solutions such as Deep Freeze. With this tool, it’s easy to set up customized configurations for each endpoint, from a thin client to a lab computer, and quickly restore it to normal, removing any unwanted changes or malware.

Schools are targets of external, internal hacking campaigns
Both K-12 and postsecondary institutions have entered the crosshairs of hackers in recent years. In the summer of 2012, attackers went after a Web server managed by the University of South Carolina, compromising personal information such as names, addresses and Social Security numbers from more than 34,000 students, faculty and staff.

The attack was concurrent with another one on the state’s Department of Revenue that exposed almost 4 million tax returns and details on 387,000 payment cards. The two incidents have spurred some universities to rethink their security practices, with a renewed focus on big data analytics to make sense of network activity and vulnerabilities.

Still, some institutions may have considerable blind spots. A student at a Montreal college discovered flaws in an IT system used by approximately 100 colleges serving 200,000 students, raising the prospect of future data breaches in a sector that has had its fair share of incidents.

“Part of it just felt like it was a game, part of it felt like my duty because their security was poor,” the student told eCampus News. “And I could feel that it was poor while I was just screwing around in the system.”

More than 3 million records were compromised in higher education breaches last year. Ten percent of all breaches in the U.S. last year involved schools, according to a Ponemon Institute report.

But threats haven’t been the exclusive province of professional attackers and sophisticated malware. Corona del Mar high School in Newport Beach, Calif., expelled 11 students after discovering that they had used keyloggers to scrape credentials and then log on to school systems so that they could alter their grades.

The incident has raised questions about the integrity of school IT systems, given that it wasn’t even the first incident of its kind. A Maryland school was hit with a similar attack in 2010, and in 2011 several New Jersey students not only altered grades but also attempted to change lunch prices and tamper with the school’s emergency notification system.

The importance of system restore and security solutions going forward
With such high stakes for getting good grades and doing well on tests, it’s probable that more institutions will face computer security challenges from both the inside and outside. Administrators will need solutions that make systems resilient against malware and capable of handling the increased workload of computerized testing – schools in both California and Oklahoma are among the many moving to online assessments.

Reboot to restore solutions harden IT assets against danger. Desired configurations can be saved and reverted to in the case of a sudden crash, freeze or misconfiguration. Even in the case of malware, the unwanted changes can be rolled back. This way, systems continue to perform optimally around the clock, and school officials can rest easier knowing that the lab is secure and testing efforts are on track.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.