How K–12 School Districts Push Back Against Hackers

School girl on computer

This article was originally published on EdTechMagazine.

With cyberattacks on the rise, K–12 district IT teams are fighting back to keep sensitive information and networks safe.

It looked like a typical email: a note from a former student asking a teacher for help with a Spanish assignment.

But “the teacher opened it and clicked on the link, and we had a malware infection spreading across our machines,” recalls Keith Bockwoldt, CIO at Hinsdale Township High School District 86 in Illinois. 
This happened in early 2019, just two months after Bockwoldt joined the district’s technology services department. He’d hardly had time to get to know his colleagues, he says, and here he was, “playing whack-a-mole,” doing everything possible to crush malware called Emotet.
It was “polymorphic, so every time we’d try to delete it, it would just recreate itself,” says Bockwoldt, who heads a 13-person department.
Bockwoldt is one of a growing number of K–12 IT professionals who say the time is ripe to revamp their cybersecurity practices. 
Overall, more than two-thirds of school district educational technology leaders say data privacy and security are more important than ever, according to a recent national survey by the Consortium for School Networking. That’s true for more than 100 percent of those in districts with at least 50,000 students. They’re driven by reports of ransomware and phishing attacks that have cost some districts hundreds of thousands of dollars, but they’re also focused on complying with state and federal data privacy laws requiring schools to safeguard student records. 
“I think what we’re seeing today is better awareness of what their responsibilities are,” CoSN Project Director Linnette Attai says. Protecting student data has always been a priority for school systems, she notes, but “now, with all the tech that’s in K–12 classrooms, we’re starting to see districts upping their game.”

Launch a Counterattack Against a Cyberattack 

When fighting the malware at Hinsdale, Bockwoldt and his team first asked all district employees to immediately change their passwords. Next, his technicians went from computer to computer to shut down scheduled tasks and remove Emotet-related files. They also removed network shares to prevent further infiltration. As a last step, they hired a private cybersecurity company to eradicate the program. 
“We did stop it eventually, but it was a tough one,” Bockwoldt says. “It really made it clear we had a lot of work to do if we wanted to prevent something similar from happening again.”
The district’s first goal after its brush with Emotet was to fortify endpoint security, Bockwoldt says. They researched several options before ultimately deciding to deploy a Cisco product, Advanced Malware Protection for Endpoints. The cloud-based solution enables real-time file activity monitoring, and it immediately and automatically eliminates any detected threats. 
“If we’d had that in place last March, all of that Emotet activity could have been prevented,” Bockwoldt says.
Other security solutions the district uses include the filtering tool GoGuardian, which keeps students from accessing harmful content on their Chromebooks; the network operations system Aruba AirWave, which gives Bockwoldt and his team visibility into their wired and wireless infrastructure; and the firewall appliance WatchGuard Firebox, which includes a VPN client that staffers use to ensure secure remote access to internal district resources.
Hinsdale’s firewall blocks more than 11,000 attempted attacks every day — a number that “keeps growing each month and year,” Bockwoldt says. With that in mind, he adds, the district’s most important line of defense involves encouraging greater vigilance among network users. For example, the technology services department changed user password requirements and created a formal cybersecurity awareness program to teach staff and students about best practices. 
“The attacks are never going to stop, and there’s only so much you can do with technology,” Bockwoldt says. “So what it comes to is, you have to depend on your community and help people prevent and recognize threats.”

Security Relies on More Than Just Technology 

Tim Harper, CTO of Seminole County Public Schools in Florida, agrees. 
The district’s information services team deals with phishing and spear phishing attempts “almost on a daily basis,” Harper says. They deploy tools such as SonicWall for deterrence and Microsoft Azure Information Protection to guard sensitive data, but never rely on those technologies alone. 


The average number of cyberattacks blocked each day by the firewall at Hinsdale Township High School District 86
Source: Hinsdale Township High School District 86

Seminole County schools’ cybersecurity campaign hinges on education and change management. For example, they started requiring IT vetting for any new applications teachers wish to use in their classrooms to ensure compliance with data privacy standards. 
Ensuring security in the digital environment requires caution and adherence to certain rules, Harper says. Not long ago, a phishing attack against Seminole County schools showed how precarious cybersecurity can be. Like the incident at Hinsdale, a Seminole staffer received an email and followed a seemingly legitimate link. 
The “bad actor,” Harper says, accessed the employee’s accounts and made some changes. After an alert about the email from the employee, Harper’s team jumped on the case. They traced the attack, as they had others like it, back to a server in another country, and they’ve since taken steps to block access to their network for anyone in that part of the world. 
“It’s unfortunate, really, because we like to think in terms of ‘global access,’” where information flows freely, Harper says. “But you know, that’s just the way it is. All it takes is one, so we do what we have to do.”