Easy Targets: Why K-12 Schools Need Cybersecurity

When it comes to cyber attacks, our schools are low-hanging fruit for those with malicious intent.

As schools integrate more and more technology in an effort to make education both more accessible and more effective, there are people out there ready and waiting to capitalize on any weaknesses in the system.

The new reality is that cybersecurity is a threat to almost everyone in K-12 including students, teachers, administrators, parents, and school board members.

In December 2020, the FBI, together with the MS-ISAC (Multi-State Information Sharing and Analysis Center), and the CISA (Cybersecurity Infrastructure Security Agency) issued a joint warning: K-12 schools top the list of ransomware attacks in the public sector.

The warning was needed: in 2021, 954 schools suffered ransomware attacks, costing $3.5B in downtime alone — plus recovery costs. (These numbers could be much higher when you consider the fact that not all attacks are reported.)

And that’s not all. Many hackers not only locked schools out of their systems, but they also stole and posted data online or used it as leverage for even higher ransom payments.

Why are schools so attractive to hackers?

School databases hold confidential personal details about teachers and students, such as social security numbers, medical records, and family information. This critical information is enticing to cyber attackers precisely because it’s confidential; schools are willing to pay large ransoms to keep this information private.

Plus, K-12 IT environments have hundreds of users, meaning thousands of potential points of entry, typically staffed by a small team of IT experts. 

 So, what’s causing this level of vulnerability? 

We’re going to look at the main factors that play into the current situation, dive into some real-life examples, and find out how to keep your school safe.

Here’s what you need to know.

Why K-12 Schools Have To Prioritize Cybersecurity

Schools are especially vulnerable because cybersecurity is often undervalued in a school district, meaning funding and cybersecurity solutions are often inadequate.

Let’s look at some additional factors that come into play.

#1 – The Shift To Remote Learning  

We’ve always been headed in the direction of more digital learning tools. The pandemic just accelerated how quickly the shift happened.

K-12 students are back in the classroom now, but many of the tools and technology implemented for distance learning have become a part of the everyday classroom experience. 

For example, these online tools are being used to streamline and enhance assignments, manage grades (used by students, teachers, and parents), for communication between parents and teachers, as well as bus schedules, and other important daily functions.

The downside of this increased reliance on technology in K-12 schools – in addition to the number of devices that are being used in the classroom – has opened up even more possibilities for hackers to strike.

Personal Device Danger

School-issued devices are one thing to worry about. But school systems with funding problems often require students to use their own smartphones, laptops, or tablets in the classroom. 

This raises the possibility for a compromised device to be connected to the school network because IT cannot ensure proper security on every personal device like they can with their own IT environment. Multiplied across thousands of students and teachers, the vulnerability grows with each device.

#2 – Recovery Time & Loss Of Learning

The loss of learning time after a cyberattack can range anywhere from 3 days to 3 weeks, a massive burden for students and teachers alike. Recovery time could last from 2 months to 9 months, interrupting other IT plans

This time is not insignificant and can have major detrimental effects on long-term academic success, school rankings and even funding

#3 – Financial Burden Of A Breach

In 2021, 954 schools suffered ransomware attacks, costing $3.5B in downtime alone—plus recovery costs.

Worse yet, many hackers not only locked schools out of their systems but also stole and posted data online or used it as leverage for even higher ransom payments.

It’s clear: many schools will pay for cybersecurity in one way or another, whether that’s with a proper cybersecurity solution or recovery costs, litigation and downtime.

#4 – Lack Of Knowledge

Ironically, many people in education are woefully undereducated about the dangers of cyberattacks and the need for cybersecurity.

But attacks are becoming more sophisticated and it’s critical that everyone involved – teachers, students, parents, administrators, and support staff – understands the motives and methods of cyberattacks.

#5 – Limited Resources For Cybersecurity

School systems aren’t always left exposed because the threat isn’t seen as significant or because those involved in the everyday life of a school system haven’t been properly educated. 

Even schools that have knowledgeable IT staff on board face an uphill battle when the necessary resources for cybersecurity aren’t available.

However, not all cybersecurity resources are budget-breaking.

Most Common Methods Of K-12 Cyber Attacks

While cybercriminals are always coming up with new ways to steal and wreak havoc. But here are the ways that current hackers are making trouble in K-12 schools.


With phishing, attackers deceive people into sharing sensitive information through fraudulent means in an email or on a website.

In 2017, cyber-thieves were able to bilk unsuspecting employees of the Denver Public School System out of a combined $40,000. The scheme was simply a fraudulent email telling users they needed to change their username/password. The email appeared to be coming from Microsoft and was convincing enough to dupe at least 30 people to click on the link.  

Distributed Denial-Of-Service (DDOS)

In a DDOS attack, cybercriminals interfere with the normal function between network devices and servers. It prevents the authorized use of the system or application with multiple machines joining forces to overwhelm the target.

Winthrop Public Schools in Massachusetts was the victim of a DDOS attack in February of 2021. The district’s networks and web-based systems were disabled for learners and teachers. The disruption affected learning platforms, emails, and video-conferencing functionalities. Of course, these were all essential educational tools when all classes were remote during the Pandemic. 

Video Conferencing Disruptions

There are a couple of ways hackers can interrupt or even take over a video conference, install malware, or obtain sensitive information.

An uninvited person can listen in or share inappropriate images or videos. 

They can also trick meeting participants like students, teachers, parents, or school administrators into clicking on malicious links that they’ve shared in the chat. 

In March 2020, a Massachusetts high school class Zoom was interrupted by a person who hacked into the private session, shouting profanity and the teacher’s home address. 

Similarly, a different Massachusetts high school instructional session was hacked by a person who was visible on camera and displayed swastika tattoos. 


There’s a distinct difference between ransomware and other types of cyber attacks: money. Malicious software will block access to data systems and access won’t be restored until a ransom is paid to the cybercriminal. 

Chicago Public Schools fell victim to a ransomware attack in December 2021. 500,000 staff members’ and students’ names, identification numbers, state ID numbers, and other private information were compromised.  

What’s The Answer?

With cyber attacks and hackers targeting more K-12 schools than ever before, you can’t afford not to invest in cybersecurity.

Whether it’s to help you prevent loss of learning time or avoid a multi-million dollar ransom payment, cybersecurity has to be a priority.


WithSecure solutions are not only flexible and effective in detecting, isolating, and stopping attacks, but they’re also built to fit school budgets and IT environments without the need for further server investment.

WithSecure allows IT leaders to gain an accurate view over their systems while gaining a solution that provides 24/7 coverage, actively hunting and investigating threats. Should a threat be detected, WithSecure automatically responds across the entire network.

Set up a call here and let’s talk about how WithSecure Elements will best fit your needs.


author avatar
The Abacus Blog Team
At Abacus IT, our blog is authored by a team of IT experts with a wealth of experience in various facets of technology. Our primary blog author is a seasoned IT professional with over 20 years of experience in the industry. With a deep understanding of cybersecurity, cloud solutions, network infrastructure, and IT management, our author provides valuable insights and actionable tips to help you optimize your IT operations.

    Share On: