According to the IBM X-Force Report, phishing remains one of the leading causes of data breaches outside of ransomware. K–12 education systems are not immune to this reality since elementary and secondary school networks contended with a record number of cybersecurity incidents during 2020. A new report by the K-12 Cybersecurity Resource Center found that the pandemic drove millions of children into remote learning quicker than expected among a growing landscape of social engineering and phishing threats. The publicly disclosed cybersecurity incidents affected 377 school networks in 40 states, with 36% percent of the incidents identified as data breaches or leaks, 12% being ransomware attacks, and the remaining incidents comprising Denial of Service, phishing, and malware attacks.

Who Trains the Teacher on Phishing?

Phishing and Social Engineering incidents in the first quarter of 2020, before the pandemic, mostly followed data from previous years. Yet, as schools closed and classrooms rapidly shifted to online learning in the second quarter, the threat landscape grew significantly. This pattern continued into the third and fourth quarters, when a total of 292 incidents occurred, more than 70% of the year's total. The increased number of incidents suggests that in rapidly shifting to remote learning, school districts exposed themselves to more significant cybersecurity risks and were less prepared to mitigate the impact of the cyber incidents they experienced. 

The switch to online learning increased reliance on thousands of new devices and services given to students and teachers in a short time, during which they were not adequately trained to secure their devices or monitor for phishing threats proactively. All of this data suggests that school districts should revisit their cybersecurity plans for continuity of operations during emergencies to ensure their teachers' and students' data safety. As school systems continue to deal with cybersecurity issues stemming from remote learning, it is essential to remember that Security Awareness training is a vital component of an information security program. 

Testing employees' security awareness helps determine if an organization's security posture effectively predicts, prevents, and responds to cyber threats. PhishingBox gives a suite of security tools to implement a security awareness training program, including threat protection tools for end-users and security staff. If you would like to see how to protect your schools' data from bad actors, you can schedule a demo today!